Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2025-68763 (GCVE-0-2025-68763)
Vulnerability from cvelistv5 – Published: 2026-01-05 09:32 – Updated: 2026-01-11 16:30
VLAI?
EPSS
Title
crypto: starfive - Correctly handle return of sg_nents_for_len
Summary
In the Linux kernel, the following vulnerability has been resolved:
crypto: starfive - Correctly handle return of sg_nents_for_len
The return value of sg_nents_for_len was assigned to an unsigned long
in starfive_hash_digest, causing negative error codes to be converted
to large positive integers.
Add error checking for sg_nents_for_len and return immediately on
failure to prevent potential buffer overflows.
Severity ?
No CVSS data available.
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Linux | Linux |
Affected:
7883d1b28a2b0e62edcacea22de6b36a1918b15a , < 6cd14414394b4f3d6e1ed64b8241d1fcc2271820
(git)
Affected: 7883d1b28a2b0e62edcacea22de6b36a1918b15a , < 0c3854d65cc4402cb8c52d4d773450a06efecab6 (git) Affected: 7883d1b28a2b0e62edcacea22de6b36a1918b15a , < 1af5c973dd744e29fa22121f43e8646b7a7a71a7 (git) Affected: 7883d1b28a2b0e62edcacea22de6b36a1918b15a , < 9b3f71cf02e04cfaa482155e3078707fe7f8aef4 (git) Affected: 7883d1b28a2b0e62edcacea22de6b36a1918b15a , < e9eb52037a529fbb307c290e9951a62dd728b03d (git) |
||
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Linux",
"programFiles": [
"drivers/crypto/starfive/jh7110-hash.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"lessThan": "6cd14414394b4f3d6e1ed64b8241d1fcc2271820",
"status": "affected",
"version": "7883d1b28a2b0e62edcacea22de6b36a1918b15a",
"versionType": "git"
},
{
"lessThan": "0c3854d65cc4402cb8c52d4d773450a06efecab6",
"status": "affected",
"version": "7883d1b28a2b0e62edcacea22de6b36a1918b15a",
"versionType": "git"
},
{
"lessThan": "1af5c973dd744e29fa22121f43e8646b7a7a71a7",
"status": "affected",
"version": "7883d1b28a2b0e62edcacea22de6b36a1918b15a",
"versionType": "git"
},
{
"lessThan": "9b3f71cf02e04cfaa482155e3078707fe7f8aef4",
"status": "affected",
"version": "7883d1b28a2b0e62edcacea22de6b36a1918b15a",
"versionType": "git"
},
{
"lessThan": "e9eb52037a529fbb307c290e9951a62dd728b03d",
"status": "affected",
"version": "7883d1b28a2b0e62edcacea22de6b36a1918b15a",
"versionType": "git"
}
]
},
{
"defaultStatus": "affected",
"product": "Linux",
"programFiles": [
"drivers/crypto/starfive/jh7110-hash.c"
],
"repo": "https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux.git",
"vendor": "Linux",
"versions": [
{
"status": "affected",
"version": "6.5"
},
{
"lessThan": "6.5",
"status": "unaffected",
"version": "0",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.6.*",
"status": "unaffected",
"version": "6.6.120",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.12.*",
"status": "unaffected",
"version": "6.12.63",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.17.*",
"status": "unaffected",
"version": "6.17.13",
"versionType": "semver"
},
{
"lessThanOrEqual": "6.18.*",
"status": "unaffected",
"version": "6.18.2",
"versionType": "semver"
},
{
"lessThanOrEqual": "*",
"status": "unaffected",
"version": "6.19-rc1",
"versionType": "original_commit_for_fix"
}
]
}
],
"cpeApplicability": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.6.120",
"versionStartIncluding": "6.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.12.63",
"versionStartIncluding": "6.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.17.13",
"versionStartIncluding": "6.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.18.2",
"versionStartIncluding": "6.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
"versionEndExcluding": "6.19-rc1",
"versionStartIncluding": "6.5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: starfive - Correctly handle return of sg_nents_for_len\n\nThe return value of sg_nents_for_len was assigned to an unsigned long\nin starfive_hash_digest, causing negative error codes to be converted\nto large positive integers.\n\nAdd error checking for sg_nents_for_len and return immediately on\nfailure to prevent potential buffer overflows."
}
],
"providerMetadata": {
"dateUpdated": "2026-01-11T16:30:31.897Z",
"orgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"shortName": "Linux"
},
"references": [
{
"url": "https://git.kernel.org/stable/c/6cd14414394b4f3d6e1ed64b8241d1fcc2271820"
},
{
"url": "https://git.kernel.org/stable/c/0c3854d65cc4402cb8c52d4d773450a06efecab6"
},
{
"url": "https://git.kernel.org/stable/c/1af5c973dd744e29fa22121f43e8646b7a7a71a7"
},
{
"url": "https://git.kernel.org/stable/c/9b3f71cf02e04cfaa482155e3078707fe7f8aef4"
},
{
"url": "https://git.kernel.org/stable/c/e9eb52037a529fbb307c290e9951a62dd728b03d"
}
],
"title": "crypto: starfive - Correctly handle return of sg_nents_for_len",
"x_generator": {
"engine": "bippy-1.2.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"assignerShortName": "Linux",
"cveId": "CVE-2025-68763",
"datePublished": "2026-01-05T09:32:35.678Z",
"dateReserved": "2025-12-24T10:30:51.034Z",
"dateUpdated": "2026-01-11T16:30:31.897Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2025-68763\",\"sourceIdentifier\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\",\"published\":\"2026-01-05T10:15:57.467\",\"lastModified\":\"2026-01-11T17:15:58.633\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"In the Linux kernel, the following vulnerability has been resolved:\\n\\ncrypto: starfive - Correctly handle return of sg_nents_for_len\\n\\nThe return value of sg_nents_for_len was assigned to an unsigned long\\nin starfive_hash_digest, causing negative error codes to be converted\\nto large positive integers.\\n\\nAdd error checking for sg_nents_for_len and return immediately on\\nfailure to prevent potential buffer overflows.\"}],\"metrics\":{},\"references\":[{\"url\":\"https://git.kernel.org/stable/c/0c3854d65cc4402cb8c52d4d773450a06efecab6\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/1af5c973dd744e29fa22121f43e8646b7a7a71a7\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/6cd14414394b4f3d6e1ed64b8241d1fcc2271820\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/9b3f71cf02e04cfaa482155e3078707fe7f8aef4\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"},{\"url\":\"https://git.kernel.org/stable/c/e9eb52037a529fbb307c290e9951a62dd728b03d\",\"source\":\"416baaa9-dc9f-4396-8d5f-8c081fb06d67\"}]}}"
}
}
FKIE_CVE-2025-68763
Vulnerability from fkie_nvd - Published: 2026-01-05 10:15 - Updated: 2026-01-11 17:15
Severity ?
Summary
In the Linux kernel, the following vulnerability has been resolved:
crypto: starfive - Correctly handle return of sg_nents_for_len
The return value of sg_nents_for_len was assigned to an unsigned long
in starfive_hash_digest, causing negative error codes to be converted
to large positive integers.
Add error checking for sg_nents_for_len and return immediately on
failure to prevent potential buffer overflows.
References
Impacted products
| Vendor | Product | Version |
|---|
{
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: starfive - Correctly handle return of sg_nents_for_len\n\nThe return value of sg_nents_for_len was assigned to an unsigned long\nin starfive_hash_digest, causing negative error codes to be converted\nto large positive integers.\n\nAdd error checking for sg_nents_for_len and return immediately on\nfailure to prevent potential buffer overflows."
}
],
"id": "CVE-2025-68763",
"lastModified": "2026-01-11T17:15:58.633",
"metrics": {},
"published": "2026-01-05T10:15:57.467",
"references": [
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/0c3854d65cc4402cb8c52d4d773450a06efecab6"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/1af5c973dd744e29fa22121f43e8646b7a7a71a7"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/6cd14414394b4f3d6e1ed64b8241d1fcc2271820"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/9b3f71cf02e04cfaa482155e3078707fe7f8aef4"
},
{
"source": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"url": "https://git.kernel.org/stable/c/e9eb52037a529fbb307c290e9951a62dd728b03d"
}
],
"sourceIdentifier": "416baaa9-dc9f-4396-8d5f-8c081fb06d67",
"vulnStatus": "Awaiting Analysis"
}
MSRC_CVE-2025-68763
Vulnerability from csaf_microsoft - Published: 2026-01-02 00:00 - Updated: 2026-01-06 01:01Summary
crypto: starfive - Correctly handle return of sg_nents_for_len
Notes
Additional Resources
To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer
The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2025-68763 crypto: starfive - Correctly handle return of sg_nents_for_len - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2026/msrc_cve-2025-68763.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "crypto: starfive - Correctly handle return of sg_nents_for_len",
"tracking": {
"current_release_date": "2026-01-06T01:01:48.000Z",
"generator": {
"date": "2026-01-08T08:58:47.454Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2025-68763",
"initial_release_date": "2026-01-02T00:00:00.000Z",
"revision_history": [
{
"date": "2026-01-06T01:01:48.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "3.0",
"product": {
"name": "Azure Linux 3.0",
"product_id": "17084"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "azl3 kernel 6.6.117.1-1",
"product": {
"name": "azl3 kernel 6.6.117.1-1",
"product_id": "1"
}
}
],
"category": "product_name",
"name": "kernel"
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 kernel 6.6.117.1-1 as a component of Azure Linux 3.0",
"product_id": "17084-1"
},
"product_reference": "1",
"relates_to_product_reference": "17084"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-68763",
"notes": [
{
"category": "general",
"text": "Linux",
"title": "Assigning CNA"
}
],
"product_status": {
"known_affected": [
"17084-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2025-68763 crypto: starfive - Correctly handle return of sg_nents_for_len - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2026/msrc_cve-2025-68763.json"
}
],
"remediations": [
{
"category": "none_available",
"date": "2026-01-06T01:01:48.000Z",
"details": "There is no fix available for this vulnerability as of now",
"product_ids": [
"17084-1"
]
}
],
"title": "crypto: starfive - Correctly handle return of sg_nents_for_len"
}
]
}
OPENSUSE-SU-2026:10039-1
Vulnerability from csaf_opensuse - Published: 2026-01-13 00:00 - Updated: 2026-01-13 00:00Summary
kernel-devel-6.18.5-1.1 on GA media
Notes
Title of the patch
kernel-devel-6.18.5-1.1 on GA media
Description of the patch
These are all security issues fixed in the kernel-devel-6.18.5-1.1 package on the GA media of openSUSE Tumbleweed.
Patchnames
openSUSE-Tumbleweed-2026-10039
Terms of use
CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "kernel-devel-6.18.5-1.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the kernel-devel-6.18.5-1.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2026-10039",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2026_10039-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68332 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68332/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68335 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68335/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68336 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68336/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68337 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68337/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68344 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68344/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68345 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68345/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68346 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68346/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68347 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68347/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68348 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68348/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68349 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68349/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68350 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68350/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68351 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68351/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68352 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68352/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68353 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68353/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68354 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68354/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68355 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68355/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68356 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68356/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68357 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68357/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68358 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68358/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68359 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68359/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68360 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68360/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68361 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68361/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68362 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68362/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68363 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68363/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68364 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68364/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68365 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68365/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68366 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68366/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68367 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68367/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68368 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68368/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68369 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68369/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68370 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68370/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68371 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68371/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68372 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68372/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68373 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68373/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68374 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68374/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68375 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68375/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68376 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68376/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68377 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68377/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68378 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68378/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68379 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68379/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68380 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68380/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68724 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68724/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68725 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68725/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68726 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68726/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68727 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68727/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68728 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68728/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68729 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68729/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68730 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68730/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68731 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68731/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68732 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68732/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68733 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68733/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68735 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68735/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68736 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68736/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68737 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68737/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68738 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68738/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68739 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68739/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68740 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68740/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68741 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68741/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68742 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68742/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68743 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68743/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68744 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68744/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68745 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68745/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68746 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68746/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68747 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68747/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68748 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68748/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68749 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68749/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68751 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68751/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68752 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68752/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68753 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68753/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68754 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68754/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68755 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68755/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68756 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68756/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68757 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68757/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68758 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68758/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68759 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68759/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68760 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68760/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68761 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68761/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68762 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68762/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68763 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68763/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68764 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68764/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68765 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68765/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2025-68766 page",
"url": "https://www.suse.com/security/cve/CVE-2025-68766/"
}
],
"title": "kernel-devel-6.18.5-1.1 on GA media",
"tracking": {
"current_release_date": "2026-01-13T00:00:00Z",
"generator": {
"date": "2026-01-13T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2026:10039-1",
"initial_release_date": "2026-01-13T00:00:00Z",
"revision_history": [
{
"date": "2026-01-13T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-6.18.5-1.1.aarch64",
"product": {
"name": "kernel-devel-6.18.5-1.1.aarch64",
"product_id": "kernel-devel-6.18.5-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-macros-6.18.5-1.1.aarch64",
"product": {
"name": "kernel-macros-6.18.5-1.1.aarch64",
"product_id": "kernel-macros-6.18.5-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-source-6.18.5-1.1.aarch64",
"product": {
"name": "kernel-source-6.18.5-1.1.aarch64",
"product_id": "kernel-source-6.18.5-1.1.aarch64"
}
},
{
"category": "product_version",
"name": "kernel-source-vanilla-6.18.5-1.1.aarch64",
"product": {
"name": "kernel-source-vanilla-6.18.5-1.1.aarch64",
"product_id": "kernel-source-vanilla-6.18.5-1.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-6.18.5-1.1.ppc64le",
"product": {
"name": "kernel-devel-6.18.5-1.1.ppc64le",
"product_id": "kernel-devel-6.18.5-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-macros-6.18.5-1.1.ppc64le",
"product": {
"name": "kernel-macros-6.18.5-1.1.ppc64le",
"product_id": "kernel-macros-6.18.5-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-source-6.18.5-1.1.ppc64le",
"product": {
"name": "kernel-source-6.18.5-1.1.ppc64le",
"product_id": "kernel-source-6.18.5-1.1.ppc64le"
}
},
{
"category": "product_version",
"name": "kernel-source-vanilla-6.18.5-1.1.ppc64le",
"product": {
"name": "kernel-source-vanilla-6.18.5-1.1.ppc64le",
"product_id": "kernel-source-vanilla-6.18.5-1.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-6.18.5-1.1.s390x",
"product": {
"name": "kernel-devel-6.18.5-1.1.s390x",
"product_id": "kernel-devel-6.18.5-1.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-macros-6.18.5-1.1.s390x",
"product": {
"name": "kernel-macros-6.18.5-1.1.s390x",
"product_id": "kernel-macros-6.18.5-1.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-source-6.18.5-1.1.s390x",
"product": {
"name": "kernel-source-6.18.5-1.1.s390x",
"product_id": "kernel-source-6.18.5-1.1.s390x"
}
},
{
"category": "product_version",
"name": "kernel-source-vanilla-6.18.5-1.1.s390x",
"product": {
"name": "kernel-source-vanilla-6.18.5-1.1.s390x",
"product_id": "kernel-source-vanilla-6.18.5-1.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "kernel-devel-6.18.5-1.1.x86_64",
"product": {
"name": "kernel-devel-6.18.5-1.1.x86_64",
"product_id": "kernel-devel-6.18.5-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-macros-6.18.5-1.1.x86_64",
"product": {
"name": "kernel-macros-6.18.5-1.1.x86_64",
"product_id": "kernel-macros-6.18.5-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-source-6.18.5-1.1.x86_64",
"product": {
"name": "kernel-source-6.18.5-1.1.x86_64",
"product_id": "kernel-source-6.18.5-1.1.x86_64"
}
},
{
"category": "product_version",
"name": "kernel-source-vanilla-6.18.5-1.1.x86_64",
"product": {
"name": "kernel-source-vanilla-6.18.5-1.1.x86_64",
"product_id": "kernel-source-vanilla-6.18.5-1.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-6.18.5-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64"
},
"product_reference": "kernel-devel-6.18.5-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-6.18.5-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le"
},
"product_reference": "kernel-devel-6.18.5-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-6.18.5-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x"
},
"product_reference": "kernel-devel-6.18.5-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-devel-6.18.5-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64"
},
"product_reference": "kernel-devel-6.18.5-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-macros-6.18.5-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64"
},
"product_reference": "kernel-macros-6.18.5-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-macros-6.18.5-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le"
},
"product_reference": "kernel-macros-6.18.5-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-macros-6.18.5-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x"
},
"product_reference": "kernel-macros-6.18.5-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-macros-6.18.5-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64"
},
"product_reference": "kernel-macros-6.18.5-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-6.18.5-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64"
},
"product_reference": "kernel-source-6.18.5-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-6.18.5-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le"
},
"product_reference": "kernel-source-6.18.5-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-6.18.5-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x"
},
"product_reference": "kernel-source-6.18.5-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-6.18.5-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64"
},
"product_reference": "kernel-source-6.18.5-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-vanilla-6.18.5-1.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64"
},
"product_reference": "kernel-source-vanilla-6.18.5-1.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-vanilla-6.18.5-1.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le"
},
"product_reference": "kernel-source-vanilla-6.18.5-1.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-vanilla-6.18.5-1.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x"
},
"product_reference": "kernel-source-vanilla-6.18.5-1.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "kernel-source-vanilla-6.18.5-1.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
},
"product_reference": "kernel-source-vanilla-6.18.5-1.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-68332",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68332"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncomedi: c6xdigio: Fix invalid PNP driver unregistration\n\nThe Comedi low-level driver \"c6xdigio\" seems to be for a parallel port\nconnected device. When the Comedi core calls the driver\u0027s Comedi\n\"attach\" handler `c6xdigio_attach()` to configure a Comedi to use this\ndriver, it tries to enable the parallel port PNP resources by\nregistering a PNP driver with `pnp_register_driver()`, but ignores the\nreturn value. (The `struct pnp_driver` it uses has only the `name` and\n`id_table` members filled in.) The driver\u0027s Comedi \"detach\" handler\n`c6xdigio_detach()` unconditionally unregisters the PNP driver with\n`pnp_unregister_driver()`.\n\nIt is possible for `c6xdigio_attach()` to return an error before it\ncalls `pnp_register_driver()` and it is possible for the call to\n`pnp_register_driver()` to return an error (that is ignored). In both\ncases, the driver should not be calling `pnp_unregister_driver()` as it\ndoes in `c6xdigio_detach()`. (Note that `c6xdigio_detach()` will be\ncalled by the Comedi core if `c6xdigio_attach()` returns an error, or if\nthe Comedi core decides to detach the Comedi device from the driver for\nsome other reason.)\n\nThe unconditional call to `pnp_unregister_driver()` without a previous\nsuccessful call to `pnp_register_driver()` will cause\n`driver_unregister()` to issue a warning \"Unexpected driver\nunregister!\". This was detected by Syzbot [1].\n\nAlso, the PNP driver registration and unregistration should be done at\nmodule init and exit time, respectively, not when attaching or detaching\nComedi devices to the driver. (There might be more than one Comedi\ndevice being attached to the driver, although that is unlikely.)\n\nChange the driver to do the PNP driver registration at module init time,\nand the unregistration at module exit time. Since `c6xdigio_detach()`\nnow only calls `comedi_legacy_detach()`, remove the function and change\nthe Comedi driver \"detach\" handler to `comedi_legacy_detach`.\n\n-------------------------------------------\n[1] Syzbot sample crash report:\nUnexpected driver unregister!\nWARNING: CPU: 0 PID: 5970 at drivers/base/driver.c:273 driver_unregister drivers/base/driver.c:273 [inline]\nWARNING: CPU: 0 PID: 5970 at drivers/base/driver.c:273 driver_unregister+0x90/0xb0 drivers/base/driver.c:270\nModules linked in:\nCPU: 0 UID: 0 PID: 5970 Comm: syz.0.17 Not tainted syzkaller #0 PREEMPT(full)\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025\nRIP: 0010:driver_unregister drivers/base/driver.c:273 [inline]\nRIP: 0010:driver_unregister+0x90/0xb0 drivers/base/driver.c:270\nCode: 48 89 ef e8 c2 e6 82 fc 48 89 df e8 3a 93 ff ff 5b 5d e9 c3 6d d9 fb e8 be 6d d9 fb 90 48 c7 c7 e0 f8 1f 8c e8 51 a2 97 fb 90 \u003c0f\u003e 0b 90 90 5b 5d e9 a5 6d d9 fb e8 e0 f4 41 fc eb 94 e8 d9 f4 41\nRSP: 0018:ffffc9000373f9a0 EFLAGS: 00010282\nRAX: 0000000000000000 RBX: ffffffff8ff24720 RCX: ffffffff817b6ee8\nRDX: ffff88807c932480 RSI: ffffffff817b6ef5 RDI: 0000000000000001\nRBP: 0000000000000000 R08: 0000000000000001 R09: 0000000000000000\nR10: 0000000000000001 R11: 0000000000000001 R12: ffffffff8ff24660\nR13: dffffc0000000000 R14: 0000000000000000 R15: ffff88814cca0000\nFS: 000055556dab1500(0000) GS:ffff8881249d9000(0000) knlGS:0000000000000000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 000055f77f285cd0 CR3: 000000007d871000 CR4: 00000000003526f0\nCall Trace:\n \u003cTASK\u003e\n comedi_device_detach_locked+0x12f/0xa50 drivers/comedi/drivers.c:207\n comedi_device_detach+0x67/0xb0 drivers/comedi/drivers.c:215\n comedi_device_attach+0x43d/0x900 drivers/comedi/drivers.c:1011\n do_devconfig_ioctl+0x1b1/0x710 drivers/comedi/comedi_fops.c:872\n comedi_unlocked_ioctl+0x165d/0x2f00 drivers/comedi/comedi_fops.c:2178\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:597 [inline]\n __se_sys_ioctl fs/ioctl.c:583 [inline]\n __x64_sys_ioctl+0x18e/0x210 fs/ioctl.c:583\n do_syscall_x64 arch/x86/entry/syscall_64.c:63 [inline]\n do_sys\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68332",
"url": "https://www.suse.com/security/cve/CVE-2025-68332"
},
{
"category": "external",
"summary": "SUSE Bug 1255483 for CVE-2025-68332",
"url": "https://bugzilla.suse.com/1255483"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-13T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-68332"
},
{
"cve": "CVE-2025-68335",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68335"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncomedi: pcl818: fix null-ptr-deref in pcl818_ai_cancel()\n\nSyzbot identified an issue [1] in pcl818_ai_cancel(), which stems from\nthe fact that in case of early device detach via pcl818_detach(),\nsubdevice dev-\u003eread_subdev may not have initialized its pointer to\n\u0026struct comedi_async as intended. Thus, any such dereferencing of\n\u0026s-\u003easync-\u003ecmd will lead to general protection fault and kernel crash.\n\nMitigate this problem by removing a call to pcl818_ai_cancel() from\npcl818_detach() altogether. This way, if the subdevice setups its\nsupport for async commands, everything async-related will be\nhandled via subdevice\u0027s own -\u003ecancel() function in\ncomedi_device_detach_locked() even before pcl818_detach(). If no\nsupport for asynchronous commands is provided, there is no need\nto cancel anything either.\n\n[1] Syzbot crash:\nOops: general protection fault, probably for non-canonical address 0xdffffc0000000005: 0000 [#1] SMP KASAN PTI\nKASAN: null-ptr-deref in range [0x0000000000000028-0x000000000000002f]\nCPU: 1 UID: 0 PID: 6050 Comm: syz.0.18 Not tainted syzkaller #0 PREEMPT(full)\nHardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/18/2025\nRIP: 0010:pcl818_ai_cancel+0x69/0x3f0 drivers/comedi/drivers/pcl818.c:762\n...\nCall Trace:\n \u003cTASK\u003e\n pcl818_detach+0x66/0xd0 drivers/comedi/drivers/pcl818.c:1115\n comedi_device_detach_locked+0x178/0x750 drivers/comedi/drivers.c:207\n do_devconfig_ioctl drivers/comedi/comedi_fops.c:848 [inline]\n comedi_unlocked_ioctl+0xcde/0x1020 drivers/comedi/comedi_fops.c:2178\n vfs_ioctl fs/ioctl.c:51 [inline]\n __do_sys_ioctl fs/ioctl.c:597 [inline]\n...",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68335",
"url": "https://www.suse.com/security/cve/CVE-2025-68335"
},
{
"category": "external",
"summary": "SUSE Bug 1255480 for CVE-2025-68335",
"url": "https://bugzilla.suse.com/1255480"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-13T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-68335"
},
{
"cve": "CVE-2025-68336",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68336"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nlocking/spinlock/debug: Fix data-race in do_raw_write_lock\n\nKCSAN reports:\n\nBUG: KCSAN: data-race in do_raw_write_lock / do_raw_write_lock\n\nwrite (marked) to 0xffff800009cf504c of 4 bytes by task 1102 on cpu 1:\n do_raw_write_lock+0x120/0x204\n _raw_write_lock_irq\n do_exit\n call_usermodehelper_exec_async\n ret_from_fork\n\nread to 0xffff800009cf504c of 4 bytes by task 1103 on cpu 0:\n do_raw_write_lock+0x88/0x204\n _raw_write_lock_irq\n do_exit\n call_usermodehelper_exec_async\n ret_from_fork\n\nvalue changed: 0xffffffff -\u003e 0x00000001\n\nReported by Kernel Concurrency Sanitizer on:\nCPU: 0 PID: 1103 Comm: kworker/u4:1 6.1.111\n\nCommit 1a365e822372 (\"locking/spinlock/debug: Fix various data races\") has\nadressed most of these races, but seems to be not consistent/not complete.\n\n\u003eFrom do_raw_write_lock() only debug_write_lock_after() part has been\nconverted to WRITE_ONCE(), but not debug_write_lock_before() part.\nDo it now.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68336",
"url": "https://www.suse.com/security/cve/CVE-2025-68336"
},
{
"category": "external",
"summary": "SUSE Bug 1255481 for CVE-2025-68336",
"url": "https://bugzilla.suse.com/1255481"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-13T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-68336"
},
{
"cve": "CVE-2025-68337",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68337"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\njbd2: avoid bug_on in jbd2_journal_get_create_access() when file system corrupted\n\nThere\u0027s issue when file system corrupted:\n------------[ cut here ]------------\nkernel BUG at fs/jbd2/transaction.c:1289!\nOops: invalid opcode: 0000 [#1] SMP KASAN PTI\nCPU: 5 UID: 0 PID: 2031 Comm: mkdir Not tainted 6.18.0-rc1-next\nRIP: 0010:jbd2_journal_get_create_access+0x3b6/0x4d0\nRSP: 0018:ffff888117aafa30 EFLAGS: 00010202\nRAX: 0000000000000000 RBX: ffff88811a86b000 RCX: ffffffff89a63534\nRDX: 1ffff110200ec602 RSI: 0000000000000004 RDI: ffff888100763010\nRBP: ffff888100763000 R08: 0000000000000001 R09: ffff888100763028\nR10: 0000000000000003 R11: 0000000000000000 R12: 0000000000000000\nR13: ffff88812c432000 R14: ffff88812c608000 R15: ffff888120bfc000\nCS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\nCR2: 00007f91d6970c99 CR3: 00000001159c4000 CR4: 00000000000006f0\nCall Trace:\n \u003cTASK\u003e\n __ext4_journal_get_create_access+0x42/0x170\n ext4_getblk+0x319/0x6f0\n ext4_bread+0x11/0x100\n ext4_append+0x1e6/0x4a0\n ext4_init_new_dir+0x145/0x1d0\n ext4_mkdir+0x326/0x920\n vfs_mkdir+0x45c/0x740\n do_mkdirat+0x234/0x2f0\n __x64_sys_mkdir+0xd6/0x120\n do_syscall_64+0x5f/0xfa0\n entry_SYSCALL_64_after_hwframe+0x76/0x7e\n\nThe above issue occurs with us in errors=continue mode when accompanied by\nstorage failures. There have been many inconsistencies in the file system\ndata.\nIn the case of file system data inconsistency, for example, if the block\nbitmap of a referenced block is not set, it can lead to the situation where\na block being committed is allocated and used again. As a result, the\nfollowing condition will not be satisfied then trigger BUG_ON. Of course,\nit is entirely possible to construct a problematic image that can trigger\nthis BUG_ON through specific operations. In fact, I have constructed such\nan image and easily reproduced this issue.\nTherefore, J_ASSERT() holds true only under ideal conditions, but it may\nnot necessarily be satisfied in exceptional scenarios. Using J_ASSERT()\ndirectly in abnormal situations would cause the system to crash, which is\nclearly not what we want. So here we directly trigger a JBD abort instead\nof immediately invoking BUG_ON.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68337",
"url": "https://www.suse.com/security/cve/CVE-2025-68337"
},
{
"category": "external",
"summary": "SUSE Bug 1255482 for CVE-2025-68337",
"url": "https://bugzilla.suse.com/1255482"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-13T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-68337"
},
{
"cve": "CVE-2025-68344",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68344"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: wavefront: Fix integer overflow in sample size validation\n\nThe wavefront_send_sample() function has an integer overflow issue\nwhen validating sample size. The header-\u003esize field is u32 but gets\ncast to int for comparison with dev-\u003efreemem\n\nFix by using unsigned comparison to avoid integer overflow.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68344",
"url": "https://www.suse.com/security/cve/CVE-2025-68344"
},
{
"category": "external",
"summary": "SUSE Bug 1255816 for CVE-2025-68344",
"url": "https://bugzilla.suse.com/1255816"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-13T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-68344"
},
{
"cve": "CVE-2025-68345",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68345"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: hda: cs35l41: Fix NULL pointer dereference in cs35l41_hda_read_acpi()\n\nThe acpi_get_first_physical_node() function can return NULL, in which\ncase the get_device() function also returns NULL, but this value is\nthen dereferenced without checking,so add a check to prevent a crash.\n\nFound by Linux Verification Center (linuxtesting.org) with SVACE.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68345",
"url": "https://www.suse.com/security/cve/CVE-2025-68345"
},
{
"category": "external",
"summary": "SUSE Bug 1255601 for CVE-2025-68345",
"url": "https://bugzilla.suse.com/1255601"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-13T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-68345"
},
{
"cve": "CVE-2025-68346",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68346"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: dice: fix buffer overflow in detect_stream_formats()\n\nThe function detect_stream_formats() reads the stream_count value directly\nfrom a FireWire device without validating it. This can lead to\nout-of-bounds writes when a malicious device provides a stream_count value\ngreater than MAX_STREAMS.\n\nFix by applying the same validation to both TX and RX stream counts in\ndetect_stream_formats().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68346",
"url": "https://www.suse.com/security/cve/CVE-2025-68346"
},
{
"category": "external",
"summary": "SUSE Bug 1255603 for CVE-2025-68346",
"url": "https://bugzilla.suse.com/1255603"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-13T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-68346"
},
{
"cve": "CVE-2025-68347",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68347"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: firewire-motu: fix buffer overflow in hwdep read for DSP events\n\nThe DSP event handling code in hwdep_read() could write more bytes to\nthe user buffer than requested, when a user provides a buffer smaller\nthan the event header size (8 bytes).\n\nFix by using min_t() to clamp the copy size, This ensures we never copy\nmore than the user requested.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68347",
"url": "https://www.suse.com/security/cve/CVE-2025-68347"
},
{
"category": "external",
"summary": "SUSE Bug 1255706 for CVE-2025-68347",
"url": "https://bugzilla.suse.com/1255706"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-13T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-68347"
},
{
"cve": "CVE-2025-68348",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68348"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: fix memory leak in __blkdev_issue_zero_pages\n\nMove the fatal signal check before bio_alloc() to prevent a memory\nleak when BLKDEV_ZERO_KILLABLE is set and a fatal signal is pending.\n\nPreviously, the bio was allocated before checking for a fatal signal.\nIf a signal was pending, the code would break out of the loop without\nfreeing or chaining the just-allocated bio, causing a memory leak.\n\nThis matches the pattern already used in __blkdev_issue_write_zeroes()\nwhere the signal check precedes the allocation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68348",
"url": "https://www.suse.com/security/cve/CVE-2025-68348"
},
{
"category": "external",
"summary": "SUSE Bug 1255694 for CVE-2025-68348",
"url": "https://bugzilla.suse.com/1255694"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-13T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-68348"
},
{
"cve": "CVE-2025-68349",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68349"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid\n\nFixes a crash when layout is null during this call stack:\n\nwrite_inode\n -\u003e nfs4_write_inode\n -\u003e pnfs_layoutcommit_inode\n\npnfs_set_layoutcommit relies on the lseg refcount to keep the layout\naround. Need to clear NFS_INO_LAYOUTCOMMIT otherwise we might attempt\nto reference a null layout.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68349",
"url": "https://www.suse.com/security/cve/CVE-2025-68349"
},
{
"category": "external",
"summary": "SUSE Bug 1255544 for CVE-2025-68349",
"url": "https://bugzilla.suse.com/1255544"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-13T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-68349"
},
{
"cve": "CVE-2025-68350",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68350"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nexfat: fix divide-by-zero in exfat_allocate_bitmap\n\nThe variable max_ra_count can be 0 in exfat_allocate_bitmap(),\nwhich causes a divide-by-zero error in the subsequent modulo operation\n(i % max_ra_count), leading to a system crash.\nWhen max_ra_count is 0, it means that readahead is not used. This patch\nload the bitmap without readahead.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68350",
"url": "https://www.suse.com/security/cve/CVE-2025-68350"
},
{
"category": "external",
"summary": "SUSE Bug 1255625 for CVE-2025-68350",
"url": "https://bugzilla.suse.com/1255625"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-13T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-68350"
},
{
"cve": "CVE-2025-68351",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68351"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nexfat: fix refcount leak in exfat_find\n\nFix refcount leaks in `exfat_find` related to `exfat_get_dentry_set`.\n\nFunction `exfat_get_dentry_set` would increase the reference counter of\n`es-\u003ebh` on success. Therefore, `exfat_put_dentry_set` must be called\nafter `exfat_get_dentry_set` to ensure refcount consistency. This patch\nrelocate two checks to avoid possible leaks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68351",
"url": "https://www.suse.com/security/cve/CVE-2025-68351"
},
{
"category": "external",
"summary": "SUSE Bug 1255567 for CVE-2025-68351",
"url": "https://bugzilla.suse.com/1255567"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-13T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-68351"
},
{
"cve": "CVE-2025-68352",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68352"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: ch341: fix out-of-bounds memory access in ch341_transfer_one\n\nDiscovered by Atuin - Automated Vulnerability Discovery Engine.\n\nThe \u0027len\u0027 variable is calculated as \u0027min(32, trans-\u003elen + 1)\u0027,\nwhich includes the 1-byte command header.\n\nWhen copying data from \u0027trans-\u003etx_buf\u0027 to \u0027ch341-\u003etx_buf + 1\u0027, using \u0027len\u0027\nas the length is incorrect because:\n\n1. It causes an out-of-bounds read from \u0027trans-\u003etx_buf\u0027 (which has size\n \u0027trans-\u003elen\u0027, i.e., \u0027len - 1\u0027 in this context).\n2. It can cause an out-of-bounds write to \u0027ch341-\u003etx_buf\u0027 if \u0027len\u0027 is\n CH341_PACKET_LENGTH (32). Writing 32 bytes to ch341-\u003etx_buf + 1\n overflows the buffer.\n\nFix this by copying \u0027len - 1\u0027 bytes.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68352",
"url": "https://www.suse.com/security/cve/CVE-2025-68352"
},
{
"category": "external",
"summary": "SUSE Bug 1255541 for CVE-2025-68352",
"url": "https://bugzilla.suse.com/1255541"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-13T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-68352"
},
{
"cve": "CVE-2025-68353",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68353"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: vxlan: prevent NULL deref in vxlan_xmit_one\n\nNeither sock4 nor sock6 pointers are guaranteed to be non-NULL in\nvxlan_xmit_one, e.g. if the iface is brought down. This can lead to the\nfollowing NULL dereference:\n\n BUG: kernel NULL pointer dereference, address: 0000000000000010\n Oops: Oops: 0000 [#1] SMP NOPTI\n RIP: 0010:vxlan_xmit_one+0xbb3/0x1580\n Call Trace:\n vxlan_xmit+0x429/0x610\n dev_hard_start_xmit+0x55/0xa0\n __dev_queue_xmit+0x6d0/0x7f0\n ip_finish_output2+0x24b/0x590\n ip_output+0x63/0x110\n\nMentioned commits changed the code path in vxlan_xmit_one and as a side\neffect the sock4/6 pointer validity checks in vxlan(6)_get_route were\nlost. Fix this by adding back checks.\n\nSince both commits being fixed were released in the same version (v6.7)\nand are strongly related, bundle the fixes in a single commit.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68353",
"url": "https://www.suse.com/security/cve/CVE-2025-68353"
},
{
"category": "external",
"summary": "SUSE Bug 1255533 for CVE-2025-68353",
"url": "https://bugzilla.suse.com/1255533"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-13T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-68353"
},
{
"cve": "CVE-2025-68354",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68354"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nregulator: core: Protect regulator_supply_alias_list with regulator_list_mutex\n\nregulator_supply_alias_list was accessed without any locking in\nregulator_supply_alias(), regulator_register_supply_alias(), and\nregulator_unregister_supply_alias(). Concurrent registration,\nunregistration and lookups can race, leading to:\n\n1 use-after-free if an alias entry is removed while being read,\n2 duplicate entries when two threads register the same alias,\n3 inconsistent alias mappings observed by consumers.\n\nProtect all traversals, insertions and deletions on\nregulator_supply_alias_list with the existing regulator_list_mutex.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68354",
"url": "https://www.suse.com/security/cve/CVE-2025-68354"
},
{
"category": "external",
"summary": "SUSE Bug 1255553 for CVE-2025-68354",
"url": "https://bugzilla.suse.com/1255553"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-13T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-68354"
},
{
"cve": "CVE-2025-68355",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68355"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix exclusive map memory leak\n\nWhen excl_prog_hash is 0 and excl_prog_hash_size is non-zero, the map also\nneeds to be freed. Otherwise, the map memory will not be reclaimed, just\nlike the memory leak problem reported by syzbot [1].\n\nsyzbot reported:\nBUG: memory leak\n backtrace (crc 7b9fb9b4):\n map_create+0x322/0x11e0 kernel/bpf/syscall.c:1512\n __sys_bpf+0x3556/0x3610 kernel/bpf/syscall.c:6131",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68355",
"url": "https://www.suse.com/security/cve/CVE-2025-68355"
},
{
"category": "external",
"summary": "SUSE Bug 1255599 for CVE-2025-68355",
"url": "https://bugzilla.suse.com/1255599"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-13T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-68355"
},
{
"cve": "CVE-2025-68356",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68356"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngfs2: Prevent recursive memory reclaim\n\nFunction new_inode() returns a new inode with inode-\u003ei_mapping-\u003egfp_mask\nset to GFP_HIGHUSER_MOVABLE. This value includes the __GFP_FS flag, so\nallocations in that address space can recurse into filesystem memory\nreclaim. We don\u0027t want that to happen because it can consume a\nsignificant amount of stack memory.\n\nWorse than that is that it can also deadlock: for example, in several\nplaces, gfs2_unstuff_dinode() is called inside filesystem transactions.\nThis calls filemap_grab_folio(), which can allocate a new folio, which\ncan trigger memory reclaim. If memory reclaim recurses into the\nfilesystem and starts another transaction, a deadlock will ensue.\n\nTo fix these kinds of problems, prevent memory reclaim from recursing\ninto filesystem code by making sure that the gfp_mask of inode address\nspaces doesn\u0027t include __GFP_FS.\n\nThe \"meta\" and resource group address spaces were already using GFP_NOFS\nas their gfp_mask (which doesn\u0027t include __GFP_FS). The default value\nof GFP_HIGHUSER_MOVABLE is less restrictive than GFP_NOFS, though. To\navoid being overly limiting, use the default value and only knock off\nthe __GFP_FS flag. I\u0027m not sure if this will actually make a\ndifference, but it also shouldn\u0027t hurt.\n\nThis patch is loosely based on commit ad22c7a043c2 (\"xfs: prevent stack\noverflows from page cache allocation\").\n\nFixes xfstest generic/273.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68356",
"url": "https://www.suse.com/security/cve/CVE-2025-68356"
},
{
"category": "external",
"summary": "SUSE Bug 1255593 for CVE-2025-68356",
"url": "https://bugzilla.suse.com/1255593"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-13T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-68356"
},
{
"cve": "CVE-2025-68357",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68357"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niomap: allocate s_dio_done_wq for async reads as well\n\nSince commit 222f2c7c6d14 (\"iomap: always run error completions in user\ncontext\"), read error completions are deferred to s_dio_done_wq. This\nmeans the workqueue also needs to be allocated for async reads.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68357",
"url": "https://www.suse.com/security/cve/CVE-2025-68357"
},
{
"category": "external",
"summary": "SUSE Bug 1255525 for CVE-2025-68357",
"url": "https://bugzilla.suse.com/1255525"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-13T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-68357"
},
{
"cve": "CVE-2025-68358",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68358"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix racy bitfield write in btrfs_clear_space_info_full()\n\nFrom the memory-barriers.txt document regarding memory barrier ordering\nguarantees:\n\n (*) These guarantees do not apply to bitfields, because compilers often\n generate code to modify these using non-atomic read-modify-write\n sequences. Do not attempt to use bitfields to synchronize parallel\n algorithms.\n\n (*) Even in cases where bitfields are protected by locks, all fields\n in a given bitfield must be protected by one lock. If two fields\n in a given bitfield are protected by different locks, the compiler\u0027s\n non-atomic read-modify-write sequences can cause an update to one\n field to corrupt the value of an adjacent field.\n\nbtrfs_space_info has a bitfield sharing an underlying word consisting of\nthe fields full, chunk_alloc, and flush:\n\nstruct btrfs_space_info {\n struct btrfs_fs_info * fs_info; /* 0 8 */\n struct btrfs_space_info * parent; /* 8 8 */\n ...\n int clamp; /* 172 4 */\n unsigned int full:1; /* 176: 0 4 */\n unsigned int chunk_alloc:1; /* 176: 1 4 */\n unsigned int flush:1; /* 176: 2 4 */\n ...\n\nTherefore, to be safe from parallel read-modify-writes losing a write to\none of the bitfield members protected by a lock, all writes to all the\nbitfields must use the lock. They almost universally do, except for\nbtrfs_clear_space_info_full() which iterates over the space_infos and\nwrites out found-\u003efull = 0 without a lock.\n\nImagine that we have one thread completing a transaction in which we\nfinished deleting a block_group and are thus calling\nbtrfs_clear_space_info_full() while simultaneously the data reclaim\nticket infrastructure is running do_async_reclaim_data_space():\n\n T1 T2\nbtrfs_commit_transaction\n btrfs_clear_space_info_full\n data_sinfo-\u003efull = 0\n READ: full:0, chunk_alloc:0, flush:1\n do_async_reclaim_data_space(data_sinfo)\n spin_lock(\u0026space_info-\u003elock);\n if(list_empty(tickets))\n space_info-\u003eflush = 0;\n READ: full: 0, chunk_alloc:0, flush:1\n MOD/WRITE: full: 0, chunk_alloc:0, flush:0\n spin_unlock(\u0026space_info-\u003elock);\n return;\n MOD/WRITE: full:0, chunk_alloc:0, flush:1\n\nand now data_sinfo-\u003eflush is 1 but the reclaim worker has exited. This\nbreaks the invariant that flush is 0 iff there is no work queued or\nrunning. Once this invariant is violated, future allocations that go\ninto __reserve_bytes() will add tickets to space_info-\u003etickets but will\nsee space_info-\u003eflush is set to 1 and not queue the work. After this,\nthey will block forever on the resulting ticket, as it is now impossible\nto kick the worker again.\n\nI also confirmed by looking at the assembly of the affected kernel that\nit is doing RMW operations. For example, to set the flush (3rd) bit to 0,\nthe assembly is:\n andb $0xfb,0x60(%rbx)\nand similarly for setting the full (1st) bit to 0:\n andb $0xfe,-0x20(%rax)\n\nSo I think this is really a bug on practical systems. I have observed\na number of systems in this exact state, but am currently unable to\nreproduce it.\n\nRather than leaving this footgun lying around for the future, take\nadvantage of the fact that there is room in the struct anyway, and that\nit is already quite large and simply change the three bitfield members to\nbools. This avoids writes to space_info-\u003efull having any effect on\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68358",
"url": "https://www.suse.com/security/cve/CVE-2025-68358"
},
{
"category": "external",
"summary": "SUSE Bug 1255531 for CVE-2025-68358",
"url": "https://bugzilla.suse.com/1255531"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-13T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-68358"
},
{
"cve": "CVE-2025-68359",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68359"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbtrfs: fix double free of qgroup record after failure to add delayed ref head\n\nIn the previous code it was possible to incur into a double kfree()\nscenario when calling add_delayed_ref_head(). This could happen if the\nrecord was reported to already exist in the\nbtrfs_qgroup_trace_extent_nolock() call, but then there was an error\nlater on add_delayed_ref_head(). In this case, since\nadd_delayed_ref_head() returned an error, the caller went to free the\nrecord. Since add_delayed_ref_head() couldn\u0027t set this kfree\u0027d pointer\nto NULL, then kfree() would have acted on a non-NULL \u0027record\u0027 object\nwhich was pointing to memory already freed by the callee.\n\nThe problem comes from the fact that the responsibility to kfree the\nobject is on both the caller and the callee at the same time. Hence, the\nfix for this is to shift the ownership of the \u0027qrecord\u0027 object out of\nthe add_delayed_ref_head(). That is, we will never attempt to kfree()\nthe given object inside of this function, and will expect the caller to\nact on the \u0027qrecord\u0027 object on its own. The only exception where the\n\u0027qrecord\u0027 object cannot be kfree\u0027d is if it was inserted into the\ntracing logic, for which we already have the \u0027qrecord_inserted_ret\u0027\nboolean to account for this. Hence, the caller has to kfree the object\nonly if add_delayed_ref_head() reports not to have inserted it on the\ntracing logic.\n\nAs a side-effect of the above, we must guarantee that\n\u0027qrecord_inserted_ret\u0027 is properly initialized at the start of the\nfunction, not at the end, and then set when an actual insert\nhappens. This way we avoid \u0027qrecord_inserted_ret\u0027 having an invalid\nvalue on an early exit.\n\nThe documentation from the add_delayed_ref_head() has also been updated\nto reflect on the exact ownership of the \u0027qrecord\u0027 object.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68359",
"url": "https://www.suse.com/security/cve/CVE-2025-68359"
},
{
"category": "external",
"summary": "SUSE Bug 1255542 for CVE-2025-68359",
"url": "https://bugzilla.suse.com/1255542"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-13T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-68359"
},
{
"cve": "CVE-2025-68360",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68360"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: wed: use proper wed reference in mt76 wed driver callabacks\n\nMT7996 driver can use both wed and wed_hif2 devices to offload traffic\nfrom/to the wireless NIC. In the current codebase we assume to always\nuse the primary wed device in wed callbacks resulting in the following\ncrash if the hw runs wed_hif2 (e.g. 6GHz link).\n\n[ 297.455876] Unable to handle kernel read from unreadable memory at virtual address 000000000000080a\n[ 297.464928] Mem abort info:\n[ 297.467722] ESR = 0x0000000096000005\n[ 297.471461] EC = 0x25: DABT (current EL), IL = 32 bits\n[ 297.476766] SET = 0, FnV = 0\n[ 297.479809] EA = 0, S1PTW = 0\n[ 297.482940] FSC = 0x05: level 1 translation fault\n[ 297.487809] Data abort info:\n[ 297.490679] ISV = 0, ISS = 0x00000005, ISS2 = 0x00000000\n[ 297.496156] CM = 0, WnR = 0, TnD = 0, TagAccess = 0\n[ 297.501196] GCS = 0, Overlay = 0, DirtyBit = 0, Xs = 0\n[ 297.506500] user pgtable: 4k pages, 39-bit VAs, pgdp=0000000107480000\n[ 297.512927] [000000000000080a] pgd=08000001097fb003, p4d=08000001097fb003, pud=08000001097fb003, pmd=0000000000000000\n[ 297.523532] Internal error: Oops: 0000000096000005 [#1] SMP\n[ 297.715393] CPU: 2 UID: 0 PID: 45 Comm: kworker/u16:2 Tainted: G O 6.12.50 #0\n[ 297.723908] Tainted: [O]=OOT_MODULE\n[ 297.727384] Hardware name: Banana Pi BPI-R4 (2x SFP+) (DT)\n[ 297.732857] Workqueue: nf_ft_offload_del nf_flow_rule_route_ipv6 [nf_flow_table]\n[ 297.740254] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)\n[ 297.747205] pc : mt76_wed_offload_disable+0x64/0xa0 [mt76]\n[ 297.752688] lr : mtk_wed_flow_remove+0x58/0x80\n[ 297.757126] sp : ffffffc080fe3ae0\n[ 297.760430] x29: ffffffc080fe3ae0 x28: ffffffc080fe3be0 x27: 00000000deadbef7\n[ 297.767557] x26: ffffff80c5ebca00 x25: 0000000000000001 x24: ffffff80c85f4c00\n[ 297.774683] x23: ffffff80c1875b78 x22: ffffffc080d42cd0 x21: ffffffc080660018\n[ 297.781809] x20: ffffff80c6a076d0 x19: ffffff80c6a043c8 x18: 0000000000000000\n[ 297.788935] x17: 0000000000000000 x16: 0000000000000001 x15: 0000000000000000\n[ 297.796060] x14: 0000000000000019 x13: ffffff80c0ad8ec0 x12: 00000000fa83b2da\n[ 297.803185] x11: ffffff80c02700c0 x10: ffffff80c0ad8ec0 x9 : ffffff81fef96200\n[ 297.810311] x8 : ffffff80c02700c0 x7 : ffffff80c02700d0 x6 : 0000000000000002\n[ 297.817435] x5 : 0000000000000400 x4 : 0000000000000000 x3 : 0000000000000000\n[ 297.824561] x2 : 0000000000000001 x1 : 0000000000000800 x0 : ffffff80c6a063c8\n[ 297.831686] Call trace:\n[ 297.834123] mt76_wed_offload_disable+0x64/0xa0 [mt76]\n[ 297.839254] mtk_wed_flow_remove+0x58/0x80\n[ 297.843342] mtk_flow_offload_cmd+0x434/0x574\n[ 297.847689] mtk_wed_setup_tc_block_cb+0x30/0x40\n[ 297.852295] nf_flow_offload_ipv6_hook+0x7f4/0x964 [nf_flow_table]\n[ 297.858466] nf_flow_rule_route_ipv6+0x438/0x4a4 [nf_flow_table]\n[ 297.864463] process_one_work+0x174/0x300\n[ 297.868465] worker_thread+0x278/0x430\n[ 297.872204] kthread+0xd8/0xdc\n[ 297.875251] ret_from_fork+0x10/0x20\n[ 297.878820] Code: 928b5ae0 8b000273 91400a60 f943fa61 (79401421)\n[ 297.884901] ---[ end trace 0000000000000000 ]---\n\nFix the issue detecting the proper wed reference to use running wed\ncallabacks.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68360",
"url": "https://www.suse.com/security/cve/CVE-2025-68360"
},
{
"category": "external",
"summary": "SUSE Bug 1255536 for CVE-2025-68360",
"url": "https://bugzilla.suse.com/1255536"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-13T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-68360"
},
{
"cve": "CVE-2025-68361",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68361"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nerofs: limit the level of fs stacking for file-backed mounts\n\nOtherwise, it could cause potential kernel stack overflow (e.g., EROFS\nmounting itself).",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68361",
"url": "https://www.suse.com/security/cve/CVE-2025-68361"
},
{
"category": "external",
"summary": "SUSE Bug 1255526 for CVE-2025-68361",
"url": "https://bugzilla.suse.com/1255526"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-13T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-68361"
},
{
"cve": "CVE-2025-68362",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68362"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtl818x: rtl8187: Fix potential buffer underflow in rtl8187_rx_cb()\n\nThe rtl8187_rx_cb() calculates the rx descriptor header address\nby subtracting its size from the skb tail pointer.\nHowever, it does not validate if the received packet\n(skb-\u003elen from urb-\u003eactual_length) is large enough to contain this\nheader.\n\nIf a truncated packet is received, this will lead to a buffer\nunderflow, reading memory before the start of the skb data area,\nand causing a kernel panic.\n\nAdd length checks for both rtl8187 and rtl8187b descriptor headers\nbefore attempting to access them, dropping the packet cleanly if the\ncheck fails.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68362",
"url": "https://www.suse.com/security/cve/CVE-2025-68362"
},
{
"category": "external",
"summary": "SUSE Bug 1255611 for CVE-2025-68362",
"url": "https://bugzilla.suse.com/1255611"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-13T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-68362"
},
{
"cve": "CVE-2025-68363",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68363"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Check skb-\u003etransport_header is set in bpf_skb_check_mtu\n\nThe bpf_skb_check_mtu helper needs to use skb-\u003etransport_header when\nthe BPF_MTU_CHK_SEGS flag is used:\n\n\tbpf_skb_check_mtu(skb, ifindex, \u0026mtu_len, 0, BPF_MTU_CHK_SEGS)\n\nThe transport_header is not always set. There is a WARN_ON_ONCE\nreport when CONFIG_DEBUG_NET is enabled + skb-\u003egso_size is set +\nbpf_prog_test_run is used:\n\nWARNING: CPU: 1 PID: 2216 at ./include/linux/skbuff.h:3071\n skb_gso_validate_network_len\n bpf_skb_check_mtu\n bpf_prog_3920e25740a41171_tc_chk_segs_flag # A test in the next patch\n bpf_test_run\n bpf_prog_test_run_skb\n\nFor a normal ingress skb (not test_run), skb_reset_transport_header\nis performed but there is plan to avoid setting it as described in\ncommit 2170a1f09148 (\"net: no longer reset transport_header in __netif_receive_skb_core()\").\n\nThis patch fixes the bpf helper by checking\nskb_transport_header_was_set(). The check is done just before\nskb-\u003etransport_header is used, to avoid breaking the existing bpf prog.\nThe WARN_ON_ONCE is limited to bpf_prog_test_run, so targeting bpf-next.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68363",
"url": "https://www.suse.com/security/cve/CVE-2025-68363"
},
{
"category": "external",
"summary": "SUSE Bug 1255552 for CVE-2025-68363",
"url": "https://bugzilla.suse.com/1255552"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-13T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-68363"
},
{
"cve": "CVE-2025-68364",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68364"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nocfs2: relax BUG() to ocfs2_error() in __ocfs2_move_extent()\n\nIn \u0027__ocfs2_move_extent()\u0027, relax \u0027BUG()\u0027 to \u0027ocfs2_error()\u0027 just\nto avoid crashing the whole kernel due to a filesystem corruption.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68364",
"url": "https://www.suse.com/security/cve/CVE-2025-68364"
},
{
"category": "external",
"summary": "SUSE Bug 1255556 for CVE-2025-68364",
"url": "https://bugzilla.suse.com/1255556"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-13T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-68364"
},
{
"cve": "CVE-2025-68365",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68365"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nfs/ntfs3: Initialize allocated memory before use\n\nKMSAN reports: Multiple uninitialized values detected:\n\n- KMSAN: uninit-value in ntfs_read_hdr (3)\n- KMSAN: uninit-value in bcmp (3)\n\nMemory is allocated by __getname(), which is a wrapper for\nkmem_cache_alloc(). This memory is used before being properly\ncleared. Change kmem_cache_alloc() to kmem_cache_zalloc() to\nproperly allocate and clear memory before use.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68365",
"url": "https://www.suse.com/security/cve/CVE-2025-68365"
},
{
"category": "external",
"summary": "SUSE Bug 1255548 for CVE-2025-68365",
"url": "https://bugzilla.suse.com/1255548"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-13T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-68365"
},
{
"cve": "CVE-2025-68366",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68366"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnbd: defer config unlock in nbd_genl_connect\n\nThere is one use-after-free warning when running NBD_CMD_CONNECT and\nNBD_CLEAR_SOCK:\n\nnbd_genl_connect\n nbd_alloc_and_init_config // config_refs=1\n nbd_start_device // config_refs=2\n set NBD_RT_HAS_CONFIG_REF\t\t\topen nbd // config_refs=3\n recv_work done // config_refs=2\n\t\t\t\t\t\tNBD_CLEAR_SOCK // config_refs=1\n\t\t\t\t\t\tclose nbd // config_refs=0\n refcount_inc -\u003e uaf\n\n------------[ cut here ]------------\nrefcount_t: addition on 0; use-after-free.\nWARNING: CPU: 24 PID: 1014 at lib/refcount.c:25 refcount_warn_saturate+0x12e/0x290\n nbd_genl_connect+0x16d0/0x1ab0\n genl_family_rcv_msg_doit+0x1f3/0x310\n genl_rcv_msg+0x44a/0x790\n\nThe issue can be easily reproduced by adding a small delay before\nrefcount_inc(\u0026nbd-\u003econfig_refs) in nbd_genl_connect():\n\n mutex_unlock(\u0026nbd-\u003econfig_lock);\n if (!ret) {\n set_bit(NBD_RT_HAS_CONFIG_REF, \u0026config-\u003eruntime_flags);\n+ printk(\"before sleep\\n\");\n+ mdelay(5 * 1000);\n+ printk(\"after sleep\\n\");\n refcount_inc(\u0026nbd-\u003econfig_refs);\n nbd_connect_reply(info, nbd-\u003eindex);\n }",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68366",
"url": "https://www.suse.com/security/cve/CVE-2025-68366"
},
{
"category": "external",
"summary": "SUSE Bug 1255622 for CVE-2025-68366",
"url": "https://bugzilla.suse.com/1255622"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-13T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-68366"
},
{
"cve": "CVE-2025-68367",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68367"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmacintosh/mac_hid: fix race condition in mac_hid_toggle_emumouse\n\nThe following warning appears when running syzkaller, and this issue also\nexists in the mainline code.\n\n ------------[ cut here ]------------\n list_add double add: new=ffffffffa57eee28, prev=ffffffffa57eee28, next=ffffffffa5e63100.\n WARNING: CPU: 0 PID: 1491 at lib/list_debug.c:35 __list_add_valid_or_report+0xf7/0x130\n Modules linked in:\n CPU: 0 PID: 1491 Comm: syz.1.28 Not tainted 6.6.0+ #3\n Hardware name: QEMU Standard PC (i440FX + PIIX, 1996), BIOS rel-1.16.0-0-gd239552ce722-prebuilt.qemu.org 04/01/2014\n RIP: 0010:__list_add_valid_or_report+0xf7/0x130\n RSP: 0018:ff1100010dfb7b78 EFLAGS: 00010282\n RAX: 0000000000000000 RBX: ffffffffa57eee18 RCX: ffffffff97fc9817\n RDX: 0000000000040000 RSI: ffa0000002383000 RDI: 0000000000000001\n RBP: ffffffffa57eee28 R08: 0000000000000001 R09: ffe21c0021bf6f2c\n R10: 0000000000000001 R11: 6464615f7473696c R12: ffffffffa5e63100\n R13: ffffffffa57eee28 R14: ffffffffa57eee28 R15: ff1100010dfb7d48\n FS: 00007fb14398b640(0000) GS:ff11000119600000(0000) knlGS:0000000000000000\n CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033\n CR2: 0000000000000000 CR3: 000000010d096005 CR4: 0000000000773ef0\n DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000\n DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400\n PKRU: 80000000\n Call Trace:\n \u003cTASK\u003e\n input_register_handler+0xb3/0x210\n mac_hid_start_emulation+0x1c5/0x290\n mac_hid_toggle_emumouse+0x20a/0x240\n proc_sys_call_handler+0x4c2/0x6e0\n new_sync_write+0x1b1/0x2d0\n vfs_write+0x709/0x950\n ksys_write+0x12a/0x250\n do_syscall_64+0x5a/0x110\n entry_SYSCALL_64_after_hwframe+0x78/0xe2\n\nThe WARNING occurs when two processes concurrently write to the mac-hid\nemulation sysctl, causing a race condition in mac_hid_toggle_emumouse().\nBoth processes read old_val=0, then both try to register the input handler,\nleading to a double list_add of the same handler.\n\n CPU0 CPU1\n ------------------------- -------------------------\n vfs_write() //write 1 vfs_write() //write 1\n proc_sys_write() proc_sys_write()\n mac_hid_toggle_emumouse() mac_hid_toggle_emumouse()\n old_val = *valp // old_val=0\n old_val = *valp // old_val=0\n mutex_lock_killable()\n proc_dointvec() // *valp=1\n mac_hid_start_emulation()\n input_register_handler()\n mutex_unlock()\n mutex_lock_killable()\n proc_dointvec()\n mac_hid_start_emulation()\n input_register_handler() //Trigger Warning\n mutex_unlock()\n\nFix this by moving the old_val read inside the mutex lock region.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68367",
"url": "https://www.suse.com/security/cve/CVE-2025-68367"
},
{
"category": "external",
"summary": "SUSE Bug 1255547 for CVE-2025-68367",
"url": "https://bugzilla.suse.com/1255547"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-13T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-68367"
},
{
"cve": "CVE-2025-68368",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68368"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd: init bioset in mddev_init\n\nIO operations may be needed before md_run(), such as updating metadata\nafter writing sysfs. Without bioset, this triggers a NULL pointer\ndereference as below:\n\n BUG: kernel NULL pointer dereference, address: 0000000000000020\n Call Trace:\n md_update_sb+0x658/0xe00\n new_level_store+0xc5/0x120\n md_attr_store+0xc9/0x1e0\n sysfs_kf_write+0x6f/0xa0\n kernfs_fop_write_iter+0x141/0x2a0\n vfs_write+0x1fc/0x5a0\n ksys_write+0x79/0x180\n __x64_sys_write+0x1d/0x30\n x64_sys_call+0x2818/0x2880\n do_syscall_64+0xa9/0x580\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\nReproducer\n```\n mdadm -CR /dev/md0 -l1 -n2 /dev/sd[cd]\n echo inactive \u003e /sys/block/md0/md/array_state\n echo 10 \u003e /sys/block/md0/md/new_level\n```\n\nmddev_init() can only be called once per mddev, no need to test if bioset\nhas been initialized anymore.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68368",
"url": "https://www.suse.com/security/cve/CVE-2025-68368"
},
{
"category": "external",
"summary": "SUSE Bug 1255527 for CVE-2025-68368",
"url": "https://bugzilla.suse.com/1255527"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-13T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-68368"
},
{
"cve": "CVE-2025-68369",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68369"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nntfs3: init run lock for extend inode\n\nAfter setting the inode mode of $Extend to a regular file, executing the\ntruncate system call will enter the do_truncate() routine, causing the\nrun_lock uninitialized error reported by syzbot.\n\nPrior to patch 4e8011ffec79, if the inode mode of $Extend was not set to\na regular file, the do_truncate() routine would not be entered.\n\nAdd the run_lock initialization when loading $Extend.\n\nsyzbot reported:\nINFO: trying to register non-static key.\nCall Trace:\n dump_stack_lvl+0x189/0x250 lib/dump_stack.c:120\n assign_lock_key+0x133/0x150 kernel/locking/lockdep.c:984\n register_lock_class+0x105/0x320 kernel/locking/lockdep.c:1299\n __lock_acquire+0x99/0xd20 kernel/locking/lockdep.c:5112\n lock_acquire+0x120/0x360 kernel/locking/lockdep.c:5868\n down_write+0x96/0x1f0 kernel/locking/rwsem.c:1590\n ntfs_set_size+0x140/0x200 fs/ntfs3/inode.c:860\n ntfs_extend+0x1d9/0x970 fs/ntfs3/file.c:387\n ntfs_setattr+0x2e8/0xbe0 fs/ntfs3/file.c:808",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68369",
"url": "https://www.suse.com/security/cve/CVE-2025-68369"
},
{
"category": "external",
"summary": "SUSE Bug 1255535 for CVE-2025-68369",
"url": "https://bugzilla.suse.com/1255535"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-13T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-68369"
},
{
"cve": "CVE-2025-68370",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68370"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncoresight: tmc: add the handle of the event to the path\n\nThe handle is essential for retrieving the AUX_EVENT of each CPU and is\nrequired in perf mode. It has been added to the coresight_path so that\ndependent devices can access it from the path when needed.\n\nThe existing bug can be reproduced with:\nperf record -e cs_etm//k -C 0-9 dd if=/dev/zero of=/dev/null\n\nShowing an oops as follows:\nUnable to handle kernel paging request at virtual address 000f6e84934ed19e\n\nCall trace:\n tmc_etr_get_buffer+0x30/0x80 [coresight_tmc] (P)\n catu_enable_hw+0xbc/0x3d0 [coresight_catu]\n catu_enable+0x70/0xe0 [coresight_catu]\n coresight_enable_path+0xb0/0x258 [coresight]",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68370",
"url": "https://www.suse.com/security/cve/CVE-2025-68370"
},
{
"category": "external",
"summary": "SUSE Bug 1255534 for CVE-2025-68370",
"url": "https://bugzilla.suse.com/1255534"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-13T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-68370"
},
{
"cve": "CVE-2025-68371",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68371"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: smartpqi: Fix device resources accessed after device removal\n\nCorrect possible race conditions during device removal.\n\nPreviously, a scheduled work item to reset a LUN could still execute\nafter the device was removed, leading to use-after-free and other\nresource access issues.\n\nThis race condition occurs because the abort handler may schedule a LUN\nreset concurrently with device removal via sdev_destroy(), leading to\nuse-after-free and improper access to freed resources.\n\n - Check in the device reset handler if the device is still present in\n the controller\u0027s SCSI device list before running; if not, the reset\n is skipped.\n\n - Cancel any pending TMF work that has not started in sdev_destroy().\n\n - Ensure device freeing in sdev_destroy() is done while holding the\n LUN reset mutex to avoid races with ongoing resets.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68371",
"url": "https://www.suse.com/security/cve/CVE-2025-68371"
},
{
"category": "external",
"summary": "SUSE Bug 1255572 for CVE-2025-68371",
"url": "https://bugzilla.suse.com/1255572"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-13T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-68371"
},
{
"cve": "CVE-2025-68372",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68372"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnbd: defer config put in recv_work\n\nThere is one uaf issue in recv_work when running NBD_CLEAR_SOCK and\nNBD_CMD_RECONFIGURE:\n nbd_genl_connect // conf_ref=2 (connect and recv_work A)\n nbd_open\t // conf_ref=3\n recv_work A done // conf_ref=2\n NBD_CLEAR_SOCK // conf_ref=1\n nbd_genl_reconfigure // conf_ref=2 (trigger recv_work B)\n close nbd\t // conf_ref=1\n recv_work B\n config_put // conf_ref=0\n atomic_dec(\u0026config-\u003erecv_threads); -\u003e UAF\n\nOr only running NBD_CLEAR_SOCK:\n nbd_genl_connect // conf_ref=2\n nbd_open \t // conf_ref=3\n NBD_CLEAR_SOCK // conf_ref=2\n close nbd\n nbd_release\n config_put // conf_ref=1\n recv_work\n config_put \t // conf_ref=0\n atomic_dec(\u0026config-\u003erecv_threads); -\u003e UAF\n\nCommit 87aac3a80af5 (\"nbd: call nbd_config_put() before notifying the\nwaiter\") moved nbd_config_put() to run before waking up the waiter in\nrecv_work, in order to ensure that nbd_start_device_ioctl() would not\nbe woken up while nbd-\u003etask_recv was still uncleared.\n\nHowever, in nbd_start_device_ioctl(), after being woken up it explicitly\ncalls flush_workqueue() to make sure all current works are finished.\nTherefore, there is no need to move the config put ahead of the wakeup.\n\nMove nbd_config_put() to the end of recv_work, so that the reference is\nheld for the whole lifetime of the worker thread. This makes sure the\nconfig cannot be freed while recv_work is still running, even if clear\n+ reconfigure interleave.\n\nIn addition, we don\u0027t need to worry about recv_work dropping the last\nnbd_put (which causes deadlock):\n\npath A (netlink with NBD_CFLAG_DESTROY_ON_DISCONNECT):\n connect // nbd_refs=1 (trigger recv_work)\n open nbd // nbd_refs=2\n NBD_CLEAR_SOCK\n close nbd\n nbd_release\n nbd_disconnect_and_put\n flush_workqueue // recv_work done\n nbd_config_put\n nbd_put // nbd_refs=1\n nbd_put // nbd_refs=0\n queue_work\n\npath B (netlink without NBD_CFLAG_DESTROY_ON_DISCONNECT):\n connect // nbd_refs=2 (trigger recv_work)\n open nbd // nbd_refs=3\n NBD_CLEAR_SOCK // conf_refs=2\n close nbd\n nbd_release\n nbd_config_put // conf_refs=1\n nbd_put // nbd_refs=2\n recv_work done // conf_refs=0, nbd_refs=1\n rmmod // nbd_refs=0\n\nDepends-on: e2daec488c57 (\"nbd: Fix hungtask when nbd_config_put\")",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68372",
"url": "https://www.suse.com/security/cve/CVE-2025-68372"
},
{
"category": "external",
"summary": "SUSE Bug 1255537 for CVE-2025-68372",
"url": "https://bugzilla.suse.com/1255537"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-13T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-68372"
},
{
"cve": "CVE-2025-68373",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68373"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd: avoid repeated calls to del_gendisk\n\nThere is a uaf problem which is found by case 23rdev-lifetime:\n\nOops: general protection fault, probably for non-canonical address 0xdead000000000122\nRIP: 0010:bdi_unregister+0x4b/0x170\nCall Trace:\n \u003cTASK\u003e\n __del_gendisk+0x356/0x3e0\n mddev_unlock+0x351/0x360\n rdev_attr_store+0x217/0x280\n kernfs_fop_write_iter+0x14a/0x210\n vfs_write+0x29e/0x550\n ksys_write+0x74/0xf0\n do_syscall_64+0xbb/0x380\n entry_SYSCALL_64_after_hwframe+0x77/0x7f\nRIP: 0033:0x7ff5250a177e\n\nThe sequence is:\n1. rdev remove path gets reconfig_mutex\n2. rdev remove path release reconfig_mutex in mddev_unlock\n3. md stop calls do_md_stop and sets MD_DELETED\n4. rdev remove path calls del_gendisk because MD_DELETED is set\n5. md stop path release reconfig_mutex and calls del_gendisk again\n\nSo there is a race condition we should resolve. This patch adds a\nflag MD_DO_DELETE to avoid the race condition.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68373",
"url": "https://www.suse.com/security/cve/CVE-2025-68373"
},
{
"category": "external",
"summary": "SUSE Bug 1255610 for CVE-2025-68373",
"url": "https://bugzilla.suse.com/1255610"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-13T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-68373"
},
{
"cve": "CVE-2025-68374",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68374"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmd: fix rcu protection in md_wakeup_thread\n\nWe attempted to use RCU to protect the pointer \u0027thread\u0027, but directly\npassed the value when calling md_wakeup_thread(). This means that the\nRCU pointer has been acquired before rcu_read_lock(), which renders\nrcu_read_lock() ineffective and could lead to a use-after-free.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68374",
"url": "https://www.suse.com/security/cve/CVE-2025-68374"
},
{
"category": "external",
"summary": "SUSE Bug 1255530 for CVE-2025-68374",
"url": "https://bugzilla.suse.com/1255530"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-13T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-68374"
},
{
"cve": "CVE-2025-68375",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68375"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nperf/x86: Fix NULL event access and potential PEBS record loss\n\nWhen intel_pmu_drain_pebs_icl() is called to drain PEBS records, the\nperf_event_overflow() could be called to process the last PEBS record.\n\nWhile perf_event_overflow() could trigger the interrupt throttle and\nstop all events of the group, like what the below call-chain shows.\n\nperf_event_overflow()\n -\u003e __perf_event_overflow()\n -\u003e__perf_event_account_interrupt()\n -\u003e perf_event_throttle_group()\n -\u003e perf_event_throttle()\n -\u003e event-\u003epmu-\u003estop()\n -\u003e x86_pmu_stop()\n\nThe side effect of stopping the events is that all corresponding event\npointers in cpuc-\u003eevents[] array are cleared to NULL.\n\nAssume there are two PEBS events (event a and event b) in a group. When\nintel_pmu_drain_pebs_icl() calls perf_event_overflow() to process the\nlast PEBS record of PEBS event a, interrupt throttle is triggered and\nall pointers of event a and event b are cleared to NULL. Then\nintel_pmu_drain_pebs_icl() tries to process the last PEBS record of\nevent b and encounters NULL pointer access.\n\nTo avoid this issue, move cpuc-\u003eevents[] clearing from x86_pmu_stop()\nto x86_pmu_del(). It\u0027s safe since cpuc-\u003eactive_mask or\ncpuc-\u003epebs_enabled is always checked before access the event pointer\nfrom cpuc-\u003eevents[].",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68375",
"url": "https://www.suse.com/security/cve/CVE-2025-68375"
},
{
"category": "external",
"summary": "SUSE Bug 1255575 for CVE-2025-68375",
"url": "https://bugzilla.suse.com/1255575"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-13T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-68375"
},
{
"cve": "CVE-2025-68376",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68376"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncoresight: ETR: Fix ETR buffer use-after-free issue\n\nWhen ETR is enabled as CS_MODE_SYSFS, if the buffer size is changed\nand enabled again, currently sysfs_buf will point to the newly\nallocated memory(buf_new) and free the old memory(buf_old). But the\netr_buf that is being used by the ETR remains pointed to buf_old, not\nupdated to buf_new. In this case, it will result in a memory\nuse-after-free issue.\n\nFix this by checking ETR\u0027s mode before updating and releasing buf_old,\nif the mode is CS_MODE_SYSFS, then skip updating and releasing it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68376",
"url": "https://www.suse.com/security/cve/CVE-2025-68376"
},
{
"category": "external",
"summary": "SUSE Bug 1255529 for CVE-2025-68376",
"url": "https://bugzilla.suse.com/1255529"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-13T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-68376"
},
{
"cve": "CVE-2025-68377",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68377"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nns: initialize ns_list_node for initial namespaces\n\nMake sure that the list is always initialized for initial namespaces.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68377",
"url": "https://www.suse.com/security/cve/CVE-2025-68377"
},
{
"category": "external",
"summary": "SUSE Bug 1255592 for CVE-2025-68377",
"url": "https://bugzilla.suse.com/1255592"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-13T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-68377"
},
{
"cve": "CVE-2025-68378",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68378"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix stackmap overflow check in __bpf_get_stackid()\n\nSyzkaller reported a KASAN slab-out-of-bounds write in __bpf_get_stackid()\nwhen copying stack trace data. The issue occurs when the perf trace\n contains more stack entries than the stack map bucket can hold,\n leading to an out-of-bounds write in the bucket\u0027s data array.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68378",
"url": "https://www.suse.com/security/cve/CVE-2025-68378"
},
{
"category": "external",
"summary": "SUSE Bug 1255614 for CVE-2025-68378",
"url": "https://bugzilla.suse.com/1255614"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-13T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-68378"
},
{
"cve": "CVE-2025-68379",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68379"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nRDMA/rxe: Fix null deref on srq-\u003erq.queue after resize failure\n\nA NULL pointer dereference can occur in rxe_srq_chk_attr() when\nibv_modify_srq() is invoked twice in succession under certain error\nconditions. The first call may fail in rxe_queue_resize(), which leads\nrxe_srq_from_attr() to set srq-\u003erq.queue = NULL. The second call then\ntriggers a crash (null deref) when accessing\nsrq-\u003erq.queue-\u003ebuf-\u003eindex_mask.\n\nCall Trace:\n\u003cTASK\u003e\nrxe_modify_srq+0x170/0x480 [rdma_rxe]\n? __pfx_rxe_modify_srq+0x10/0x10 [rdma_rxe]\n? uverbs_try_lock_object+0x4f/0xa0 [ib_uverbs]\n? rdma_lookup_get_uobject+0x1f0/0x380 [ib_uverbs]\nib_uverbs_modify_srq+0x204/0x290 [ib_uverbs]\n? __pfx_ib_uverbs_modify_srq+0x10/0x10 [ib_uverbs]\n? tryinc_node_nr_active+0xe6/0x150\n? uverbs_fill_udata+0xed/0x4f0 [ib_uverbs]\nib_uverbs_handler_UVERBS_METHOD_INVOKE_WRITE+0x2c0/0x470 [ib_uverbs]\n? __pfx_ib_uverbs_handler_UVERBS_METHOD_INVOKE_WRITE+0x10/0x10 [ib_uverbs]\n? uverbs_fill_udata+0xed/0x4f0 [ib_uverbs]\nib_uverbs_run_method+0x55a/0x6e0 [ib_uverbs]\n? __pfx_ib_uverbs_handler_UVERBS_METHOD_INVOKE_WRITE+0x10/0x10 [ib_uverbs]\nib_uverbs_cmd_verbs+0x54d/0x800 [ib_uverbs]\n? __pfx_ib_uverbs_cmd_verbs+0x10/0x10 [ib_uverbs]\n? __pfx___raw_spin_lock_irqsave+0x10/0x10\n? __pfx_do_vfs_ioctl+0x10/0x10\n? ioctl_has_perm.constprop.0.isra.0+0x2c7/0x4c0\n? __pfx_ioctl_has_perm.constprop.0.isra.0+0x10/0x10\nib_uverbs_ioctl+0x13e/0x220 [ib_uverbs]\n? __pfx_ib_uverbs_ioctl+0x10/0x10 [ib_uverbs]\n__x64_sys_ioctl+0x138/0x1c0\ndo_syscall_64+0x82/0x250\n? fdget_pos+0x58/0x4c0\n? ksys_write+0xf3/0x1c0\n? __pfx_ksys_write+0x10/0x10\n? do_syscall_64+0xc8/0x250\n? __pfx_vm_mmap_pgoff+0x10/0x10\n? fget+0x173/0x230\n? fput+0x2a/0x80\n? ksys_mmap_pgoff+0x224/0x4c0\n? do_syscall_64+0xc8/0x250\n? do_user_addr_fault+0x37b/0xfe0\n? clear_bhb_loop+0x50/0xa0\n? clear_bhb_loop+0x50/0xa0\n? clear_bhb_loop+0x50/0xa0\nentry_SYSCALL_64_after_hwframe+0x76/0x7e",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68379",
"url": "https://www.suse.com/security/cve/CVE-2025-68379"
},
{
"category": "external",
"summary": "SUSE Bug 1255695 for CVE-2025-68379",
"url": "https://bugzilla.suse.com/1255695"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-13T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-68379"
},
{
"cve": "CVE-2025-68380",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68380"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath11k: fix peer HE MCS assignment\n\nIn ath11k_wmi_send_peer_assoc_cmd(), peer\u0027s transmit MCS is sent to\nfirmware as receive MCS while peer\u0027s receive MCS sent as transmit MCS,\nwhich goes against firmwire\u0027s definition.\n\nWhile connecting to a misbehaved AP that advertises 0xffff (meaning not\nsupported) for 160 MHz transmit MCS map, firmware crashes due to 0xffff\nis assigned to he_mcs-\u003erx_mcs_set field.\n\n\tExt Tag: HE Capabilities\n\t [...]\n\t Supported HE-MCS and NSS Set\n\t\t[...]\n\t Rx and Tx MCS Maps 160 MHz\n\t\t [...]\n\t Tx HE-MCS Map 160 MHz: 0xffff\n\nSwap the assignment to fix this issue.\n\nAs the HE rate control mask is meant to limit our own transmit MCS, it\nneeds to go via he_mcs-\u003erx_mcs_set field. With the aforementioned swapping\ndone, change is needed as well to apply it to the peer\u0027s receive MCS.\n\nTested-on: WCN6855 hw2.1 PCI WLAN.HSP.1.1-03125-QCAHSPSWPL_V1_V2_SILICONZ_LITE-3.6510.41\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.4.1-00199-QCAHKSWPL_SILICONZ-1",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68380",
"url": "https://www.suse.com/security/cve/CVE-2025-68380"
},
{
"category": "external",
"summary": "SUSE Bug 1255580 for CVE-2025-68380",
"url": "https://bugzilla.suse.com/1255580"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-13T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-68380"
},
{
"cve": "CVE-2025-68724",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68724"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id\n\nUse check_add_overflow() to guard against potential integer overflows\nwhen adding the binary blob lengths and the size of an asymmetric_key_id\nstructure and return ERR_PTR(-EOVERFLOW) accordingly. This prevents a\npossible buffer overflow when copying data from potentially malicious\nX.509 certificate fields that can be arbitrarily large, such as ASN.1\nINTEGER serial numbers, issuer names, etc.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68724",
"url": "https://www.suse.com/security/cve/CVE-2025-68724"
},
{
"category": "external",
"summary": "SUSE Bug 1255550 for CVE-2025-68724",
"url": "https://bugzilla.suse.com/1255550"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-13T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-68724"
},
{
"cve": "CVE-2025-68725",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68725"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Do not let BPF test infra emit invalid GSO types to stack\n\nYinhao et al. reported that their fuzzer tool was able to trigger a\nskb_warn_bad_offload() from netif_skb_features() -\u003e gso_features_check().\nWhen a BPF program - triggered via BPF test infra - pushes the packet\nto the loopback device via bpf_clone_redirect() then mentioned offload\nwarning can be seen. GSO-related features are then rightfully disabled.\n\nWe get into this situation due to convert___skb_to_skb() setting\ngso_segs and gso_size but not gso_type. Technically, it makes sense\nthat this warning triggers since the GSO properties are malformed due\nto the gso_type. Potentially, the gso_type could be marked non-trustworthy\nthrough setting it at least to SKB_GSO_DODGY without any other specific\nassumptions, but that also feels wrong given we should not go further\ninto the GSO engine in the first place.\n\nThe checks were added in 121d57af308d (\"gso: validate gso_type in GSO\nhandlers\") because there were malicious (syzbot) senders that combine\na protocol with a non-matching gso_type. If we would want to drop such\npackets, gso_features_check() currently only returns feature flags via\nnetif_skb_features(), so one location for potentially dropping such skbs\ncould be validate_xmit_unreadable_skb(), but then otoh it would be\nan additional check in the fast-path for a very corner case. Given\nbpf_clone_redirect() is the only place where BPF test infra could emit\nsuch packets, lets reject them right there.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68725",
"url": "https://www.suse.com/security/cve/CVE-2025-68725"
},
{
"category": "external",
"summary": "SUSE Bug 1255569 for CVE-2025-68725",
"url": "https://bugzilla.suse.com/1255569"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-13T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-68725"
},
{
"cve": "CVE-2025-68726",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68726"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: aead - Fix reqsize handling\n\nCommit afddce13ce81d (\"crypto: api - Add reqsize to crypto_alg\")\nintroduced cra_reqsize field in crypto_alg struct to replace type\nspecific reqsize fields. It looks like this was introduced specifically\nfor ahash and acomp from the commit description as subsequent commits\nadd necessary changes in these alg frameworks.\n\nHowever, this is being recommended for use in all crypto algs\ninstead of setting reqsize using crypto_*_set_reqsize(). Using\ncra_reqsize in aead algorithms, hence, causes memory corruptions and\ncrashes as the underlying functions in the algorithm framework have not\nbeen updated to set the reqsize properly from cra_reqsize. [1]\n\nAdd proper set_reqsize calls in the aead init function to properly\ninitialize reqsize for these algorithms in the framework.\n\n[1]: https://gist.github.com/Pratham-T/24247446f1faf4b7843e4014d5089f6b",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68726",
"url": "https://www.suse.com/security/cve/CVE-2025-68726"
},
{
"category": "external",
"summary": "SUSE Bug 1255598 for CVE-2025-68726",
"url": "https://bugzilla.suse.com/1255598"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-13T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-68726"
},
{
"cve": "CVE-2025-68727",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68727"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nntfs3: Fix uninit buffer allocated by __getname()\n\nFix uninit errors caused after buffer allocation given to \u0027de\u0027; by\ninitializing the buffer with zeroes. The fix was found by using KMSAN.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68727",
"url": "https://www.suse.com/security/cve/CVE-2025-68727"
},
{
"category": "external",
"summary": "SUSE Bug 1255568 for CVE-2025-68727",
"url": "https://bugzilla.suse.com/1255568"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-13T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-68727"
},
{
"cve": "CVE-2025-68728",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68728"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nntfs3: fix uninit memory after failed mi_read in mi_format_new\n\nFix a KMSAN un-init bug found by syzkaller.\n\nntfs_get_bh() expects a buffer from sb_getblk(), that buffer may not be\nuptodate. We do not bring the buffer uptodate before setting it as\nuptodate. If the buffer were to not be uptodate, it could mean adding a\nbuffer with un-init data to the mi record. Attempting to load that record\nwill trigger KMSAN.\n\nAvoid this by setting the buffer as uptodate, if it\u0027s not already, by\noverwriting it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68728",
"url": "https://www.suse.com/security/cve/CVE-2025-68728"
},
{
"category": "external",
"summary": "SUSE Bug 1255539 for CVE-2025-68728",
"url": "https://bugzilla.suse.com/1255539"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-13T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-68728"
},
{
"cve": "CVE-2025-68729",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68729"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: ath12k: Fix MSDU buffer types handling in RX error path\n\nCurrently, packets received on the REO exception ring from\nunassociated peers are of MSDU buffer type, while the driver expects\nlink descriptor type packets. These packets are not parsed further due\nto a return check on packet type in ath12k_hal_desc_reo_parse_err(),\nbut the associated skb is not freed. This may lead to kernel\ncrashes and buffer leaks.\n\nHence to fix, update the RX error handler to explicitly drop\nMSDU buffer type packets received on the REO exception ring.\nThis prevents further processing of invalid packets and ensures\nstability in the RX error handling path.\n\nTested-on: QCN9274 hw2.0 PCI WLAN.WBE.1.4.1-00199-QCAHKSWPL_SILICONZ-1",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68729",
"url": "https://www.suse.com/security/cve/CVE-2025-68729"
},
{
"category": "external",
"summary": "SUSE Bug 1255692 for CVE-2025-68729",
"url": "https://bugzilla.suse.com/1255692"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:A/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-13T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-68729"
},
{
"cve": "CVE-2025-68730",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68730"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\naccel/ivpu: Fix page fault in ivpu_bo_unbind_all_bos_from_context()\n\nDon\u0027t add BO to the vdev-\u003ebo_list in ivpu_gem_create_object().\nWhen failure happens inside drm_gem_shmem_create(), the BO is not\nfully created and ivpu_gem_bo_free() callback will not be called\ncausing a deleted BO to be left on the list.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68730",
"url": "https://www.suse.com/security/cve/CVE-2025-68730"
},
{
"category": "external",
"summary": "SUSE Bug 1255602 for CVE-2025-68730",
"url": "https://bugzilla.suse.com/1255602"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-13T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-68730"
},
{
"cve": "CVE-2025-68731",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68731"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\naccel/amdxdna: Fix an integer overflow in aie2_query_ctx_status_array()\n\nThe unpublished smatch static checker reported a warning.\n\ndrivers/accel/amdxdna/aie2_pci.c:904 aie2_query_ctx_status_array()\nwarn: potential user controlled sizeof overflow\n\u0027args-\u003enum_element * args-\u003eelement_size\u0027 \u00271-u32max(user) * 1-u32max(user)\u0027\n\nEven this will not cause a real issue, it is better to put a reasonable\nlimitation for element_size and num_element. Add condition to make sure\nthe input element_size \u003c= 4K and num_element \u003c= 1K.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68731",
"url": "https://www.suse.com/security/cve/CVE-2025-68731"
},
{
"category": "external",
"summary": "SUSE Bug 1255696 for CVE-2025-68731",
"url": "https://bugzilla.suse.com/1255696"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-13T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2025-68731"
},
{
"cve": "CVE-2025-68732",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68732"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ngpu: host1x: Fix race in syncpt alloc/free\n\nFix race condition between host1x_syncpt_alloc()\nand host1x_syncpt_put() by using kref_put_mutex()\ninstead of kref_put() + manual mutex locking.\n\nThis ensures no thread can acquire the\nsyncpt_mutex after the refcount drops to zero\nbut before syncpt_release acquires it.\nThis prevents races where syncpoints could\nbe allocated while still being cleaned up\nfrom a previous release.\n\nRemove explicit mutex locking in syncpt_release\nas kref_put_mutex() handles this atomically.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68732",
"url": "https://www.suse.com/security/cve/CVE-2025-68732"
},
{
"category": "external",
"summary": "SUSE Bug 1255688 for CVE-2025-68732",
"url": "https://bugzilla.suse.com/1255688"
},
{
"category": "external",
"summary": "SUSE Bug 1255689 for CVE-2025-68732",
"url": "https://bugzilla.suse.com/1255689"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-13T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-68732"
},
{
"cve": "CVE-2025-68733",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68733"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nsmack: fix bug: unprivileged task can create labels\n\nIf an unprivileged task is allowed to relabel itself\n(/smack/relabel-self is not empty),\nit can freely create new labels by writing their\nnames into own /proc/PID/attr/smack/current\n\nThis occurs because do_setattr() imports\nthe provided label in advance,\nbefore checking \"relabel-self\" list.\n\nThis change ensures that the \"relabel-self\" list\nis checked before importing the label.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68733",
"url": "https://www.suse.com/security/cve/CVE-2025-68733"
},
{
"category": "external",
"summary": "SUSE Bug 1255615 for CVE-2025-68733",
"url": "https://bugzilla.suse.com/1255615"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-13T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-68733"
},
{
"cve": "CVE-2025-68735",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68735"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/panthor: Prevent potential UAF in group creation\n\nThis commit prevents the possibility of a use after free issue in the\nGROUP_CREATE ioctl function, which arose as pointer to the group is\naccessed in that ioctl function after storing it in the Xarray.\nA malicious userspace can second guess the handle of a group and try\nto call GROUP_DESTROY ioctl from another thread around the same time\nas GROUP_CREATE ioctl.\n\nTo prevent the use after free exploit, this commit uses a mark on an\nentry of group pool Xarray which is added just before returning from\nthe GROUP_CREATE ioctl function. The mark is checked for all ioctls\nthat specify the group handle and so userspace won\u0027t be abe to delete\na group that isn\u0027t marked yet.\n\nv2: Add R-bs and fixes tags",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68735",
"url": "https://www.suse.com/security/cve/CVE-2025-68735"
},
{
"category": "external",
"summary": "SUSE Bug 1255811 for CVE-2025-68735",
"url": "https://bugzilla.suse.com/1255811"
},
{
"category": "external",
"summary": "SUSE Bug 1256251 for CVE-2025-68735",
"url": "https://bugzilla.suse.com/1256251"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-13T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-68735"
},
{
"cve": "CVE-2025-68736",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68736"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nlandlock: Fix handling of disconnected directories\n\nDisconnected files or directories can appear when they are visible and\nopened from a bind mount, but have been renamed or moved from the source\nof the bind mount in a way that makes them inaccessible from the mount\npoint (i.e. out of scope).\n\nPreviously, access rights tied to files or directories opened through a\ndisconnected directory were collected by walking the related hierarchy\ndown to the root of the filesystem, without taking into account the\nmount point because it couldn\u0027t be found. This could lead to\ninconsistent access results, potential access right widening, and\nhard-to-debug renames, especially since such paths cannot be printed.\n\nFor a sandboxed task to create a disconnected directory, it needs to\nhave write access (i.e. FS_MAKE_REG, FS_REMOVE_FILE, and FS_REFER) to\nthe underlying source of the bind mount, and read access to the related\nmount point. Because a sandboxed task cannot acquire more access\nrights than those defined by its Landlock domain, this could lead to\ninconsistent access rights due to missing permissions that should be\ninherited from the mount point hierarchy, while inheriting permissions\nfrom the filesystem hierarchy hidden by this mount point instead.\n\nLandlock now handles files and directories opened from disconnected\ndirectories by taking into account the filesystem hierarchy when the\nmount point is not found in the hierarchy walk, and also always taking\ninto account the mount point from which these disconnected directories\nwere opened. This ensures that a rename is not allowed if it would\nwiden access rights [1].\n\nThe rationale is that, even if disconnected hierarchies might not be\nvisible or accessible to a sandboxed task, relying on the collected\naccess rights from them improves the guarantee that access rights will\nnot be widened during a rename because of the access right comparison\nbetween the source and the destination (see LANDLOCK_ACCESS_FS_REFER).\nIt may look like this would grant more access on disconnected files and\ndirectories, but the security policies are always enforced for all the\nevaluated hierarchies. This new behavior should be less surprising to\nusers and safer from an access control perspective.\n\nRemove a wrong WARN_ON_ONCE() canary in collect_domain_accesses() and\nfix the related comment.\n\nBecause opened files have their access rights stored in the related file\nsecurity properties, there is no impact for disconnected or unlinked\nfiles.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68736",
"url": "https://www.suse.com/security/cve/CVE-2025-68736"
},
{
"category": "external",
"summary": "SUSE Bug 1255698 for CVE-2025-68736",
"url": "https://bugzilla.suse.com/1255698"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-13T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-68736"
},
{
"cve": "CVE-2025-68737",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68737"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\narm64/pageattr: Propagate return value from __change_memory_common\n\nThe rodata=on security measure requires that any code path which does\nvmalloc -\u003e set_memory_ro/set_memory_rox must protect the linear map alias\ntoo. Therefore, if such a call fails, we must abort set_memory_* and caller\nmust take appropriate action; currently we are suppressing the error, and\nthere is a real chance of such an error arising post commit a166563e7ec3\n(\"arm64: mm: support large block mapping when rodata=full\"). Therefore,\npropagate any error to the caller.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68737",
"url": "https://www.suse.com/security/cve/CVE-2025-68737"
},
{
"category": "external",
"summary": "SUSE Bug 1255699 for CVE-2025-68737",
"url": "https://bugzilla.suse.com/1255699"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-13T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-68737"
},
{
"cve": "CVE-2025-68738",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68738"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: mt76: mt7996: fix null pointer deref in mt7996_conf_tx()\n\nIf a link does not have an assigned channel yet, mt7996_vif_link returns\nNULL. We still need to store the updated queue settings in that case, and\napply them later.\nMove the location of the queue params to within struct mt7996_vif_link.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68738",
"url": "https://www.suse.com/security/cve/CVE-2025-68738"
},
{
"category": "external",
"summary": "SUSE Bug 1255700 for CVE-2025-68738",
"url": "https://bugzilla.suse.com/1255700"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-13T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-68738"
},
{
"cve": "CVE-2025-68739",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68739"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nPM / devfreq: hisi: Fix potential UAF in OPP handling\n\nEnsure all required data is acquired before calling dev_pm_opp_put(opp)\nto maintain correct resource acquisition and release order.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68739",
"url": "https://www.suse.com/security/cve/CVE-2025-68739"
},
{
"category": "external",
"summary": "SUSE Bug 1255701 for CVE-2025-68739",
"url": "https://bugzilla.suse.com/1255701"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-13T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-68739"
},
{
"cve": "CVE-2025-68740",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68740"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nima: Handle error code returned by ima_filter_rule_match()\n\nIn ima_match_rules(), if ima_filter_rule_match() returns -ENOENT due to\nthe rule being NULL, the function incorrectly skips the \u0027if (!rc)\u0027 check\nand sets \u0027result = true\u0027. The LSM rule is considered a match, causing\nextra files to be measured by IMA.\n\nThis issue can be reproduced in the following scenario:\nAfter unloading the SELinux policy module via \u0027semodule -d\u0027, if an IMA\nmeasurement is triggered before ima_lsm_rules is updated,\nin ima_match_rules(), the first call to ima_filter_rule_match() returns\n-ESTALE. This causes the code to enter the \u0027if (rc == -ESTALE \u0026\u0026\n!rule_reinitialized)\u0027 block, perform ima_lsm_copy_rule() and retry. In\nima_lsm_copy_rule(), since the SELinux module has been removed, the rule\nbecomes NULL, and the second call to ima_filter_rule_match() returns\n-ENOENT. This bypasses the \u0027if (!rc)\u0027 check and results in a false match.\n\nCall trace:\n selinux_audit_rule_match+0x310/0x3b8\n security_audit_rule_match+0x60/0xa0\n ima_match_rules+0x2e4/0x4a0\n ima_match_policy+0x9c/0x1e8\n ima_get_action+0x48/0x60\n process_measurement+0xf8/0xa98\n ima_bprm_check+0x98/0xd8\n security_bprm_check+0x5c/0x78\n search_binary_handler+0x6c/0x318\n exec_binprm+0x58/0x1b8\n bprm_execve+0xb8/0x130\n do_execveat_common.isra.0+0x1a8/0x258\n __arm64_sys_execve+0x48/0x68\n invoke_syscall+0x50/0x128\n el0_svc_common.constprop.0+0xc8/0xf0\n do_el0_svc+0x24/0x38\n el0_svc+0x44/0x200\n el0t_64_sync_handler+0x100/0x130\n el0t_64_sync+0x3c8/0x3d0\n\nFix this by changing \u0027if (!rc)\u0027 to \u0027if (rc \u003c= 0)\u0027 to ensure that error\ncodes like -ENOENT do not bypass the check and accidentally result in a\nsuccessful match.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68740",
"url": "https://www.suse.com/security/cve/CVE-2025-68740"
},
{
"category": "external",
"summary": "SUSE Bug 1255812 for CVE-2025-68740",
"url": "https://bugzilla.suse.com/1255812"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-13T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-68740"
},
{
"cve": "CVE-2025-68741",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68741"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Fix improper freeing of purex item\n\nIn qla2xxx_process_purls_iocb(), an item is allocated via\nqla27xx_copy_multiple_pkt(), which internally calls\nqla24xx_alloc_purex_item().\n\nThe qla24xx_alloc_purex_item() function may return a pre-allocated item\nfrom a per-adapter pool for small allocations, instead of dynamically\nallocating memory with kzalloc().\n\nAn error handling path in qla2xxx_process_purls_iocb() incorrectly uses\nkfree() to release the item. If the item was from the pre-allocated\npool, calling kfree() on it is a bug that can lead to memory corruption.\n\nFix this by using the correct deallocation function,\nqla24xx_free_purex_item(), which properly handles both dynamically\nallocated and pre-allocated items.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68741",
"url": "https://www.suse.com/security/cve/CVE-2025-68741"
},
{
"category": "external",
"summary": "SUSE Bug 1255703 for CVE-2025-68741",
"url": "https://bugzilla.suse.com/1255703"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-13T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-68741"
},
{
"cve": "CVE-2025-68742",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68742"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Fix invalid prog-\u003estats access when update_effective_progs fails\n\nSyzkaller triggers an invalid memory access issue following fault\ninjection in update_effective_progs. The issue can be described as\nfollows:\n\n__cgroup_bpf_detach\n update_effective_progs\n compute_effective_progs\n bpf_prog_array_alloc \u003c-- fault inject\n purge_effective_progs\n /* change to dummy_bpf_prog */\n array-\u003eitems[index] = \u0026dummy_bpf_prog.prog\n\n---softirq start---\n__do_softirq\n ...\n __cgroup_bpf_run_filter_skb\n __bpf_prog_run_save_cb\n bpf_prog_run\n stats = this_cpu_ptr(prog-\u003estats)\n /* invalid memory access */\n flags = u64_stats_update_begin_irqsave(\u0026stats-\u003esyncp)\n---softirq end---\n\n static_branch_dec(\u0026cgroup_bpf_enabled_key[atype])\n\nThe reason is that fault injection caused update_effective_progs to fail\nand then changed the original prog into dummy_bpf_prog.prog in\npurge_effective_progs. Then a softirq came, and accessing the members of\ndummy_bpf_prog.prog in the softirq triggers invalid mem access.\n\nTo fix it, skip updating stats when stats is NULL.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68742",
"url": "https://www.suse.com/security/cve/CVE-2025-68742"
},
{
"category": "external",
"summary": "SUSE Bug 1255707 for CVE-2025-68742",
"url": "https://bugzilla.suse.com/1255707"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-13T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-68742"
},
{
"cve": "CVE-2025-68743",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68743"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmshv: Fix create memory region overlap check\n\nThe current check is incorrect; it only checks if the beginning or end\nof a region is within an existing region. This doesn\u0027t account for\nuserspace specifying a region that begins before and ends after an\nexisting region.\n\nChange the logic to a range intersection check against gfns and uaddrs\nfor each region.\n\nRemove mshv_partition_region_by_uaddr() as it is no longer used.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68743",
"url": "https://www.suse.com/security/cve/CVE-2025-68743"
},
{
"category": "external",
"summary": "SUSE Bug 1255708 for CVE-2025-68743",
"url": "https://bugzilla.suse.com/1255708"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-13T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-68743"
},
{
"cve": "CVE-2025-68744",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68744"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbpf: Free special fields when update [lru_,]percpu_hash maps\n\nAs [lru_,]percpu_hash maps support BPF_KPTR_{REF,PERCPU}, missing\ncalls to \u0027bpf_obj_free_fields()\u0027 in \u0027pcpu_copy_value()\u0027 could cause the\nmemory referenced by BPF_KPTR_{REF,PERCPU} fields to be held until the\nmap gets freed.\n\nFix this by calling \u0027bpf_obj_free_fields()\u0027 after\n\u0027copy_map_value[,_long]()\u0027 in \u0027pcpu_copy_value()\u0027.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68744",
"url": "https://www.suse.com/security/cve/CVE-2025-68744"
},
{
"category": "external",
"summary": "SUSE Bug 1255709 for CVE-2025-68744",
"url": "https://bugzilla.suse.com/1255709"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-13T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-68744"
},
{
"cve": "CVE-2025-68745",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68745"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nscsi: qla2xxx: Clear cmds after chip reset\n\nCommit aefed3e5548f (\"scsi: qla2xxx: target: Fix offline port handling\nand host reset handling\") caused two problems:\n\n1. Commands sent to FW, after chip reset got stuck and never freed as FW\n is not going to respond to them anymore.\n\n2. BUG_ON(cmd-\u003esg_mapped) in qlt_free_cmd(). Commit 26f9ce53817a\n (\"scsi: qla2xxx: Fix missed DMA unmap for aborted commands\")\n attempted to fix this, but introduced another bug under different\n circumstances when two different CPUs were racing to call\n qlt_unmap_sg() at the same time: BUG_ON(!valid_dma_direction(dir)) in\n dma_unmap_sg_attrs().\n\nSo revert \"scsi: qla2xxx: Fix missed DMA unmap for aborted commands\" and\npartially revert \"scsi: qla2xxx: target: Fix offline port handling and\nhost reset handling\" at __qla2x00_abort_all_cmds.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68745",
"url": "https://www.suse.com/security/cve/CVE-2025-68745"
},
{
"category": "external",
"summary": "SUSE Bug 1255721 for CVE-2025-68745",
"url": "https://bugzilla.suse.com/1255721"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-13T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-68745"
},
{
"cve": "CVE-2025-68746",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68746"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nspi: tegra210-quad: Fix timeout handling\n\nWhen the CPU that the QSPI interrupt handler runs on (typically CPU 0)\nis excessively busy, it can lead to rare cases of the IRQ thread not\nrunning before the transfer timeout is reached.\n\nWhile handling the timeouts, any pending transfers are cleaned up and\nthe message that they correspond to is marked as failed, which leaves\nthe curr_xfer field pointing at stale memory.\n\nTo avoid this, clear curr_xfer to NULL upon timeout and check for this\ncondition when the IRQ thread is finally run.\n\nWhile at it, also make sure to clear interrupts on failure so that new\ninterrupts can be run.\n\nA better, more involved, fix would move the interrupt clearing into a\nhard IRQ handler. Ideally we would also want to signal that the IRQ\nthread no longer needs to be run after the timeout is hit to avoid the\nextra check for a valid transfer.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68746",
"url": "https://www.suse.com/security/cve/CVE-2025-68746"
},
{
"category": "external",
"summary": "SUSE Bug 1255722 for CVE-2025-68746",
"url": "https://bugzilla.suse.com/1255722"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-13T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-68746"
},
{
"cve": "CVE-2025-68747",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68747"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/panthor: Fix UAF on kernel BO VA nodes\n\nIf the MMU is down, panthor_vm_unmap_range() might return an error.\nWe expect the page table to be updated still, and if the MMU is blocked,\nthe rest of the GPU should be blocked too, so no risk of accessing\nphysical memory returned to the system (which the current code doesn\u0027t\ncover for anyway).\n\nProceed with the rest of the cleanup instead of bailing out and leaving\nthe va_node inserted in the drm_mm, which leads to UAF when other\nadjacent nodes are removed from the drm_mm tree.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68747",
"url": "https://www.suse.com/security/cve/CVE-2025-68747"
},
{
"category": "external",
"summary": "SUSE Bug 1255723 for CVE-2025-68747",
"url": "https://bugzilla.suse.com/1255723"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-13T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-68747"
},
{
"cve": "CVE-2025-68748",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68748"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/panthor: Fix UAF race between device unplug and FW event processing\n\nThe function panthor_fw_unplug() will free the FW memory sections.\nThe problem is that there could still be pending FW events which are yet\nnot handled at this point. process_fw_events_work() can in this case try\nto access said freed memory.\n\nSimply call disable_work_sync() to both drain and prevent future\ninvocation of process_fw_events_work().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68748",
"url": "https://www.suse.com/security/cve/CVE-2025-68748"
},
{
"category": "external",
"summary": "SUSE Bug 1255813 for CVE-2025-68748",
"url": "https://bugzilla.suse.com/1255813"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-13T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-68748"
},
{
"cve": "CVE-2025-68749",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68749"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\naccel/ivpu: Fix race condition when unbinding BOs\n\nFix \u0027Memory manager not clean during takedown\u0027 warning that occurs\nwhen ivpu_gem_bo_free() removes the BO from the BOs list before it\ngets unmapped. Then file_priv_unbind() triggers a warning in\ndrm_mm_takedown() during context teardown.\n\nProtect the unmapping sequence with bo_list_lock to ensure the BO is\nalways fully unmapped when removed from the list. This ensures the BO\nis either fully unmapped at context teardown time or present on the\nlist and unmapped by file_priv_unbind().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68749",
"url": "https://www.suse.com/security/cve/CVE-2025-68749"
},
{
"category": "external",
"summary": "SUSE Bug 1255724 for CVE-2025-68749",
"url": "https://bugzilla.suse.com/1255724"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-13T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-68749"
},
{
"cve": "CVE-2025-68751",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68751"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ns390/fpu: Fix false-positive kmsan report in fpu_vstl()\n\nA false-positive kmsan report is detected when running ping command.\n\nAn inline assembly instruction \u0027vstl\u0027 can write varied amount of bytes\ndepending on value of \u0027index\u0027 argument. If \u0027index\u0027 \u003e 0, \u0027vstl\u0027 writes\nat least 2 bytes.\n\nclang generates kmsan write helper call depending on inline assembly\nconstraints. Constraints are evaluated compile-time, but value of\n\u0027index\u0027 argument is known only at runtime.\n\nclang currently generates call to __msan_instrument_asm_store with 1 byte\nas size. Manually call kmsan function to indicate correct amount of bytes\nwritten and fix false-positive report.\n\nThis change fixes following kmsan reports:\n\n[ 36.563119] =====================================================\n[ 36.563594] BUG: KMSAN: uninit-value in virtqueue_add+0x35c6/0x7c70\n[ 36.563852] virtqueue_add+0x35c6/0x7c70\n[ 36.564016] virtqueue_add_outbuf+0xa0/0xb0\n[ 36.564266] start_xmit+0x288c/0x4a20\n[ 36.564460] dev_hard_start_xmit+0x302/0x900\n[ 36.564649] sch_direct_xmit+0x340/0xea0\n[ 36.564894] __dev_queue_xmit+0x2e94/0x59b0\n[ 36.565058] neigh_resolve_output+0x936/0xb40\n[ 36.565278] __neigh_update+0x2f66/0x3a60\n[ 36.565499] neigh_update+0x52/0x60\n[ 36.565683] arp_process+0x1588/0x2de0\n[ 36.565916] NF_HOOK+0x1da/0x240\n[ 36.566087] arp_rcv+0x3e4/0x6e0\n[ 36.566306] __netif_receive_skb_list_core+0x1374/0x15a0\n[ 36.566527] netif_receive_skb_list_internal+0x1116/0x17d0\n[ 36.566710] napi_complete_done+0x376/0x740\n[ 36.566918] virtnet_poll+0x1bae/0x2910\n[ 36.567130] __napi_poll+0xf4/0x830\n[ 36.567294] net_rx_action+0x97c/0x1ed0\n[ 36.567556] handle_softirqs+0x306/0xe10\n[ 36.567731] irq_exit_rcu+0x14c/0x2e0\n[ 36.567910] do_io_irq+0xd4/0x120\n[ 36.568139] io_int_handler+0xc2/0xe8\n[ 36.568299] arch_cpu_idle+0xb0/0xc0\n[ 36.568540] arch_cpu_idle+0x76/0xc0\n[ 36.568726] default_idle_call+0x40/0x70\n[ 36.568953] do_idle+0x1d6/0x390\n[ 36.569486] cpu_startup_entry+0x9a/0xb0\n[ 36.569745] rest_init+0x1ea/0x290\n[ 36.570029] start_kernel+0x95e/0xb90\n[ 36.570348] startup_continue+0x2e/0x40\n[ 36.570703]\n[ 36.570798] Uninit was created at:\n[ 36.571002] kmem_cache_alloc_node_noprof+0x9e8/0x10e0\n[ 36.571261] kmalloc_reserve+0x12a/0x470\n[ 36.571553] __alloc_skb+0x310/0x860\n[ 36.571844] __ip_append_data+0x483e/0x6a30\n[ 36.572170] ip_append_data+0x11c/0x1e0\n[ 36.572477] raw_sendmsg+0x1c8c/0x2180\n[ 36.572818] inet_sendmsg+0xe6/0x190\n[ 36.573142] __sys_sendto+0x55e/0x8e0\n[ 36.573392] __s390x_sys_socketcall+0x19ae/0x2ba0\n[ 36.573571] __do_syscall+0x12e/0x240\n[ 36.573823] system_call+0x6e/0x90\n[ 36.573976]\n[ 36.574017] Byte 35 of 98 is uninitialized\n[ 36.574082] Memory access of size 98 starts at 0000000007aa0012\n[ 36.574218]\n[ 36.574325] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Tainted: G B N 6.17.0-dirty #16 NONE\n[ 36.574541] Tainted: [B]=BAD_PAGE, [N]=TEST\n[ 36.574617] Hardware name: IBM 3931 A01 703 (KVM/Linux)\n[ 36.574755] =====================================================\n\n[ 63.532541] =====================================================\n[ 63.533639] BUG: KMSAN: uninit-value in virtqueue_add+0x35c6/0x7c70\n[ 63.533989] virtqueue_add+0x35c6/0x7c70\n[ 63.534940] virtqueue_add_outbuf+0xa0/0xb0\n[ 63.535861] start_xmit+0x288c/0x4a20\n[ 63.536708] dev_hard_start_xmit+0x302/0x900\n[ 63.537020] sch_direct_xmit+0x340/0xea0\n[ 63.537997] __dev_queue_xmit+0x2e94/0x59b0\n[ 63.538819] neigh_resolve_output+0x936/0xb40\n[ 63.539793] ip_finish_output2+0x1ee2/0x2200\n[ 63.540784] __ip_finish_output+0x272/0x7a0\n[ 63.541765] ip_finish_output+0x4e/0x5e0\n[ 63.542791] ip_output+0x166/0x410\n[ 63.543771] ip_push_pending_frames+0x1a2/0x470\n[ 63.544753] raw_sendmsg+0x1f06/0x2180\n[ 63.545033] inet_sendmsg+0xe6/0x190\n[ 63.546006] __sys_sendto+0x55e/0x8e0\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68751",
"url": "https://www.suse.com/security/cve/CVE-2025-68751"
},
{
"category": "external",
"summary": "SUSE Bug 1255945 for CVE-2025-68751",
"url": "https://bugzilla.suse.com/1255945"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-13T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2025-68751"
},
{
"cve": "CVE-2025-68752",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68752"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niavf: Implement settime64 with -EOPNOTSUPP\n\nptp_clock_settime() assumes every ptp_clock has implemented settime64().\nStub it with -EOPNOTSUPP to prevent a NULL dereference.\n\nThe fix is similar to commit 329d050bbe63 (\"gve: Implement settime64\nwith -EOPNOTSUPP\").",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68752",
"url": "https://www.suse.com/security/cve/CVE-2025-68752"
},
{
"category": "external",
"summary": "SUSE Bug 1256237 for CVE-2025-68752",
"url": "https://bugzilla.suse.com/1256237"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/S:U/UI:N/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-13T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-68752"
},
{
"cve": "CVE-2025-68753",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68753"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nALSA: firewire-motu: add bounds check in put_user loop for DSP events\n\nIn the DSP event handling code, a put_user() loop copies event data.\nWhen the user buffer size is not aligned to 4 bytes, it could overwrite\nbeyond the buffer boundary.\n\nFix by adding a bounds check before put_user().",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68753",
"url": "https://www.suse.com/security/cve/CVE-2025-68753"
},
{
"category": "external",
"summary": "SUSE Bug 1256238 for CVE-2025-68753",
"url": "https://bugzilla.suse.com/1256238"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-13T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-68753"
},
{
"cve": "CVE-2025-68754",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68754"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nrtc: amlogic-a4: fix double free caused by devm\n\nThe clock obtained via devm_clk_get_enabled() is automatically managed\nby devres and will be disabled and freed on driver detach. Manually\ncalling clk_disable_unprepare() in error path and remove function\ncauses double free.\n\nRemove the redundant clk_disable_unprepare() calls from the probe\nerror path and aml_rtc_remove(), allowing the devm framework to\nautomatically manage the clock lifecycle.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68754",
"url": "https://www.suse.com/security/cve/CVE-2025-68754"
},
{
"category": "external",
"summary": "SUSE Bug 1256240 for CVE-2025-68754",
"url": "https://bugzilla.suse.com/1256240"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-13T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-68754"
},
{
"cve": "CVE-2025-68755",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68755"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nstaging: most: remove broken i2c driver\n\nThe MOST I2C driver has been completely broken for five years without\nanyone noticing so remove the driver from staging.\n\nSpecifically, commit 723de0f9171e (\"staging: most: remove device from\ninterface structure\") started requiring drivers to set the interface\ndevice pointer before registration, but the I2C driver was never updated\nwhich results in a NULL pointer dereference if anyone ever tries to\nprobe it.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68755",
"url": "https://www.suse.com/security/cve/CVE-2025-68755"
},
{
"category": "external",
"summary": "SUSE Bug 1255940 for CVE-2025-68755",
"url": "https://bugzilla.suse.com/1255940"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-13T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-68755"
},
{
"cve": "CVE-2025-68756",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68756"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nblock: Use RCU in blk_mq_[un]quiesce_tagset() instead of set-\u003etag_list_lock\n\nblk_mq_{add,del}_queue_tag_set() functions add and remove queues from\ntagset, the functions make sure that tagset and queues are marked as\nshared when two or more queues are attached to the same tagset.\nInitially a tagset starts as unshared and when the number of added\nqueues reaches two, blk_mq_add_queue_tag_set() marks it as shared along\nwith all the queues attached to it. When the number of attached queues\ndrops to 1 blk_mq_del_queue_tag_set() need to mark both the tagset and\nthe remaining queues as unshared.\n\nBoth functions need to freeze current queues in tagset before setting on\nunsetting BLK_MQ_F_TAG_QUEUE_SHARED flag. While doing so, both functions\nhold set-\u003etag_list_lock mutex, which makes sense as we do not want\nqueues to be added or deleted in the process. This used to work fine\nuntil commit 98d81f0df70c (\"nvme: use blk_mq_[un]quiesce_tagset\")\nmade the nvme driver quiesce tagset instead of quiscing individual\nqueues. blk_mq_quiesce_tagset() does the job and quiesce the queues in\nset-\u003etag_list while holding set-\u003etag_list_lock also.\n\nThis results in deadlock between two threads with these stacktraces:\n\n __schedule+0x47c/0xbb0\n ? timerqueue_add+0x66/0xb0\n schedule+0x1c/0xa0\n schedule_preempt_disabled+0xa/0x10\n __mutex_lock.constprop.0+0x271/0x600\n blk_mq_quiesce_tagset+0x25/0xc0\n nvme_dev_disable+0x9c/0x250\n nvme_timeout+0x1fc/0x520\n blk_mq_handle_expired+0x5c/0x90\n bt_iter+0x7e/0x90\n blk_mq_queue_tag_busy_iter+0x27e/0x550\n ? __blk_mq_complete_request_remote+0x10/0x10\n ? __blk_mq_complete_request_remote+0x10/0x10\n ? __call_rcu_common.constprop.0+0x1c0/0x210\n blk_mq_timeout_work+0x12d/0x170\n process_one_work+0x12e/0x2d0\n worker_thread+0x288/0x3a0\n ? rescuer_thread+0x480/0x480\n kthread+0xb8/0xe0\n ? kthread_park+0x80/0x80\n ret_from_fork+0x2d/0x50\n ? kthread_park+0x80/0x80\n ret_from_fork_asm+0x11/0x20\n\n __schedule+0x47c/0xbb0\n ? xas_find+0x161/0x1a0\n schedule+0x1c/0xa0\n blk_mq_freeze_queue_wait+0x3d/0x70\n ? destroy_sched_domains_rcu+0x30/0x30\n blk_mq_update_tag_set_shared+0x44/0x80\n blk_mq_exit_queue+0x141/0x150\n del_gendisk+0x25a/0x2d0\n nvme_ns_remove+0xc9/0x170\n nvme_remove_namespaces+0xc7/0x100\n nvme_remove+0x62/0x150\n pci_device_remove+0x23/0x60\n device_release_driver_internal+0x159/0x200\n unbind_store+0x99/0xa0\n kernfs_fop_write_iter+0x112/0x1e0\n vfs_write+0x2b1/0x3d0\n ksys_write+0x4e/0xb0\n do_syscall_64+0x5b/0x160\n entry_SYSCALL_64_after_hwframe+0x4b/0x53\n\nThe top stacktrace is showing nvme_timeout() called to handle nvme\ncommand timeout. timeout handler is trying to disable the controller and\nas a first step, it needs to blk_mq_quiesce_tagset() to tell blk-mq not\nto call queue callback handlers. The thread is stuck waiting for\nset-\u003etag_list_lock as it tries to walk the queues in set-\u003etag_list.\n\nThe lock is held by the second thread in the bottom stack which is\nwaiting for one of queues to be frozen. The queue usage counter will\ndrop to zero after nvme_timeout() finishes, and this will not happen\nbecause the thread will wait for this mutex forever.\n\nGiven that [un]quiescing queue is an operation that does not need to\nsleep, update blk_mq_[un]quiesce_tagset() to use RCU instead of taking\nset-\u003etag_list_lock, update blk_mq_{add,del}_queue_tag_set() to use RCU\nsafe list operations. Also, delete INIT_LIST_HEAD(\u0026q-\u003etag_set_list)\nin blk_mq_del_queue_tag_set() because we can not re-initialize it while\nthe list is being traversed under RCU. The deleted queue will not be\nadded/deleted to/from a tagset and it will be freed in blk_free_queue()\nafter the end of RCU grace period.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68756",
"url": "https://www.suse.com/security/cve/CVE-2025-68756"
},
{
"category": "external",
"summary": "SUSE Bug 1255942 for CVE-2025-68756",
"url": "https://bugzilla.suse.com/1255942"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-13T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-68756"
},
{
"cve": "CVE-2025-68757",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68757"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ndrm/vgem-fence: Fix potential deadlock on release\n\nA timer that expires a vgem fence automatically in 10 seconds is now\nreleased with timer_delete_sync() from fence-\u003eops.release() called on last\ndma_fence_put(). In some scenarios, it can run in IRQ context, which is\nnot safe unless TIMER_IRQSAFE is used. One potentially risky scenario was\ndemonstrated in Intel DRM CI trybot, BAT run on machine bat-adlp-6, while\nworking on new IGT subtests syncobj_timeline@stress-* as user space\nreplacements of some problematic test cases of a dma-fence-chain selftest\n[1].\n\n[117.004338] ================================\n[117.004340] WARNING: inconsistent lock state\n[117.004342] 6.17.0-rc7-CI_DRM_17270-g7644974e648c+ #1 Tainted: G S U\n[117.004346] --------------------------------\n[117.004347] inconsistent {HARDIRQ-ON-W} -\u003e {IN-HARDIRQ-W} usage.\n[117.004349] swapper/0/0 [HC1[1]:SC1[1]:HE0:SE0] takes:\n[117.004352] ffff888138f86aa8 ((\u0026fence-\u003etimer)){?.-.}-{0:0}, at: __timer_delete_sync+0x4b/0x190\n[117.004361] {HARDIRQ-ON-W} state was registered at:\n[117.004363] lock_acquire+0xc4/0x2e0\n[117.004366] call_timer_fn+0x80/0x2a0\n[117.004368] __run_timers+0x231/0x310\n[117.004370] run_timer_softirq+0x76/0xe0\n[117.004372] handle_softirqs+0xd4/0x4d0\n[117.004375] __irq_exit_rcu+0x13f/0x160\n[117.004377] irq_exit_rcu+0xe/0x20\n[117.004379] sysvec_apic_timer_interrupt+0xa0/0xc0\n[117.004382] asm_sysvec_apic_timer_interrupt+0x1b/0x20\n[117.004385] cpuidle_enter_state+0x12b/0x8a0\n[117.004388] cpuidle_enter+0x2e/0x50\n[117.004393] call_cpuidle+0x22/0x60\n[117.004395] do_idle+0x1fd/0x260\n[117.004398] cpu_startup_entry+0x29/0x30\n[117.004401] start_secondary+0x12d/0x160\n[117.004404] common_startup_64+0x13e/0x141\n[117.004407] irq event stamp: 2282669\n[117.004409] hardirqs last enabled at (2282668): [\u003cffffffff8289db71\u003e] _raw_spin_unlock_irqrestore+0x51/0x80\n[117.004414] hardirqs last disabled at (2282669): [\u003cffffffff82882021\u003e] sysvec_irq_work+0x11/0xc0\n[117.004419] softirqs last enabled at (2254702): [\u003cffffffff8289fd00\u003e] __do_softirq+0x10/0x18\n[117.004423] softirqs last disabled at (2254725): [\u003cffffffff813d4ddf\u003e] __irq_exit_rcu+0x13f/0x160\n[117.004426]\nother info that might help us debug this:\n[117.004429] Possible unsafe locking scenario:\n[117.004432] CPU0\n[117.004433] ----\n[117.004434] lock((\u0026fence-\u003etimer));\n[117.004436] \u003cInterrupt\u003e\n[117.004438] lock((\u0026fence-\u003etimer));\n[117.004440]\n *** DEADLOCK ***\n[117.004443] 1 lock held by swapper/0/0:\n[117.004445] #0: ffffc90000003d50 ((\u0026fence-\u003etimer)){?.-.}-{0:0}, at: call_timer_fn+0x7a/0x2a0\n[117.004450]\nstack backtrace:\n[117.004453] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Tainted: G S U 6.17.0-rc7-CI_DRM_17270-g7644974e648c+ #1 PREEMPT(voluntary)\n[117.004455] Tainted: [S]=CPU_OUT_OF_SPEC, [U]=USER\n[117.004455] Hardware name: Intel Corporation Alder Lake Client Platform/AlderLake-P DDR4 RVP, BIOS RPLPFWI1.R00.4035.A00.2301200723 01/20/2023\n[117.004456] Call Trace:\n[117.004456] \u003cIRQ\u003e\n[117.004457] dump_stack_lvl+0x91/0xf0\n[117.004460] dump_stack+0x10/0x20\n[117.004461] print_usage_bug.part.0+0x260/0x360\n[117.004463] mark_lock+0x76e/0x9c0\n[117.004465] ? register_lock_class+0x48/0x4a0\n[117.004467] __lock_acquire+0xbc3/0x2860\n[117.004469] lock_acquire+0xc4/0x2e0\n[117.004470] ? __timer_delete_sync+0x4b/0x190\n[117.004472] ? __timer_delete_sync+0x4b/0x190\n[117.004473] __timer_delete_sync+0x68/0x190\n[117.004474] ? __timer_delete_sync+0x4b/0x190\n[117.004475] timer_delete_sync+0x10/0x20\n[117.004476] vgem_fence_release+0x19/0x30 [vgem]\n[117.004478] dma_fence_release+0xc1/0x3b0\n[117.004480] ? dma_fence_release+0xa1/0x3b0\n[117.004481] dma_fence_chain_release+0xe7/0x130\n[117.004483] dma_fence_release+0xc1/0x3b0\n[117.004484] ? _raw_spin_unlock_irqrestore+0x27/0x80\n[117.004485] dma_fence_chain_irq_work+0x59/0x80\n[117.004487] irq_work_single+0x75/0xa0\n[117.004490] irq_work_r\n---truncated---",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68757",
"url": "https://www.suse.com/security/cve/CVE-2025-68757"
},
{
"category": "external",
"summary": "SUSE Bug 1255943 for CVE-2025-68757",
"url": "https://bugzilla.suse.com/1255943"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-13T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-68757"
},
{
"cve": "CVE-2025-68758",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68758"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nbacklight: led-bl: Add devlink to supplier LEDs\n\nLED Backlight is a consumer of one or multiple LED class devices, but\ndevlink is currently unable to create correct supplier-producer links when\nthe supplier is a class device. It creates instead a link where the\nsupplier is the parent of the expected device.\n\nOne consequence is that removal order is not correctly enforced.\n\nIssues happen for example with the following sections in a device tree\noverlay:\n\n // An LED driver chip\n pca9632@62 {\n compatible = \"nxp,pca9632\";\n reg = \u003c0x62\u003e;\n\n\t// ...\n\n addon_led_pwm: led-pwm@3 {\n reg = \u003c3\u003e;\n label = \"addon:led:pwm\";\n };\n };\n\n backlight-addon {\n compatible = \"led-backlight\";\n leds = \u003c\u0026addon_led_pwm\u003e;\n brightness-levels = \u003c255\u003e;\n default-brightness-level = \u003c255\u003e;\n };\n\nIn this example, the devlink should be created between the backlight-addon\n(consumer) and the pca9632@62 (supplier). Instead it is created between the\nbacklight-addon (consumer) and the parent of the pca9632@62, which is\ntypically the I2C bus adapter.\n\nOn removal of the above overlay, the LED driver can be removed before the\nbacklight device, resulting in:\n\n Unable to handle kernel NULL pointer dereference at virtual address 0000000000000010\n ...\n Call trace:\n led_put+0xe0/0x140\n devm_led_release+0x6c/0x98\n\nAnother way to reproduce the bug without any device tree overlays is\nunbinding the LED class device (pca9632@62) before unbinding the consumer\n(backlight-addon):\n\n echo 11-0062 \u003e/sys/bus/i2c/drivers/leds-pca963x/unbind\n echo ...backlight-dock \u003e/sys/bus/platform/drivers/led-backlight/unbind\n\nFix by adding a devlink between the consuming led-backlight device and the\nsupplying LED device, as other drivers and subsystems do as well.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68758",
"url": "https://www.suse.com/security/cve/CVE-2025-68758"
},
{
"category": "external",
"summary": "SUSE Bug 1255944 for CVE-2025-68758",
"url": "https://bugzilla.suse.com/1255944"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-13T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-68758"
},
{
"cve": "CVE-2025-68759",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68759"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nwifi: rtl818x: Fix potential memory leaks in rtl8180_init_rx_ring()\n\nIn rtl8180_init_rx_ring(), memory is allocated for skb packets and DMA\nallocations in a loop. When an allocation fails, the previously\nsuccessful allocations are not freed on exit.\n\nFix that by jumping to err_free_rings label on error, which calls\nrtl8180_free_rx_ring() to free the allocations. Remove the free of\nrx_ring in rtl8180_init_rx_ring() error path, and set the freed\npriv-\u003erx_buf entry to null, to avoid double free.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68759",
"url": "https://www.suse.com/security/cve/CVE-2025-68759"
},
{
"category": "external",
"summary": "SUSE Bug 1255934 for CVE-2025-68759",
"url": "https://bugzilla.suse.com/1255934"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-13T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-68759"
},
{
"cve": "CVE-2025-68760",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68760"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\niommu/amd: Fix potential out-of-bounds read in iommu_mmio_show\n\nIn iommu_mmio_write(), it validates the user-provided offset with the\ncheck: `iommu-\u003edbg_mmio_offset \u003e iommu-\u003emmio_phys_end - 4`.\nThis assumes a 4-byte access. However, the corresponding\nshow handler, iommu_mmio_show(), uses readq() to perform an 8-byte\n(64-bit) read.\n\nIf a user provides an offset equal to `mmio_phys_end - 4`, the check\npasses, and will lead to a 4-byte out-of-bounds read.\n\nFix this by adjusting the boundary check to use sizeof(u64), which\ncorresponds to the size of the readq() operation.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68760",
"url": "https://www.suse.com/security/cve/CVE-2025-68760"
},
{
"category": "external",
"summary": "SUSE Bug 1255935 for CVE-2025-68760",
"url": "https://bugzilla.suse.com/1255935"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-13T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-68760"
},
{
"cve": "CVE-2025-68761",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68761"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nhfs: fix potential use after free in hfs_correct_next_unused_CNID()\n\nThis code calls hfs_bnode_put(node) which drops the refcount and then\ndreferences \"node\" on the next line. It\u0027s only safe to use \"node\"\nwhen we\u0027re holding a reference so flip these two lines around.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68761",
"url": "https://www.suse.com/security/cve/CVE-2025-68761"
},
{
"category": "external",
"summary": "SUSE Bug 1255936 for CVE-2025-68761",
"url": "https://bugzilla.suse.com/1255936"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-13T00:00:00Z",
"details": "important"
}
],
"title": "CVE-2025-68761"
},
{
"cve": "CVE-2025-68762",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68762"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet: netpoll: initialize work queue before error checks\n\nPrevent a kernel warning when netconsole setup fails on devices with\nIFF_DISABLE_NETPOLL flag. The warning (at kernel/workqueue.c:4242 in\n__flush_work) occurs because the cleanup path tries to cancel an\nuninitialized work queue.\n\nWhen __netpoll_setup() encounters a device with IFF_DISABLE_NETPOLL,\nit fails early and calls skb_pool_flush() for cleanup. This function\ncalls cancel_work_sync(\u0026np-\u003erefill_wq), but refill_wq hasn\u0027t been\ninitialized yet, triggering the warning.\n\nMove INIT_WORK() to the beginning of __netpoll_setup(), ensuring the\nwork queue is properly initialized before any potential failure points.\nThis allows the cleanup path to safely cancel the work queue regardless\nof where the setup fails.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68762",
"url": "https://www.suse.com/security/cve/CVE-2025-68762"
},
{
"category": "external",
"summary": "SUSE Bug 1255937 for CVE-2025-68762",
"url": "https://bugzilla.suse.com/1255937"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.3,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-13T00:00:00Z",
"details": "low"
}
],
"title": "CVE-2025-68762"
},
{
"cve": "CVE-2025-68763",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68763"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: starfive - Correctly handle return of sg_nents_for_len\n\nThe return value of sg_nents_for_len was assigned to an unsigned long\nin starfive_hash_digest, causing negative error codes to be converted\nto large positive integers.\n\nAdd error checking for sg_nents_for_len and return immediately on\nfailure to prevent potential buffer overflows.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68763",
"url": "https://www.suse.com/security/cve/CVE-2025-68763"
},
{
"category": "external",
"summary": "SUSE Bug 1255929 for CVE-2025-68763",
"url": "https://bugzilla.suse.com/1255929"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-13T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-68763"
},
{
"cve": "CVE-2025-68764",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68764"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nNFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags\n\nWhen a filesystem is being automounted, it needs to preserve the\nuser-set superblock mount options, such as the \"ro\" flag.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68764",
"url": "https://www.suse.com/security/cve/CVE-2025-68764"
},
{
"category": "external",
"summary": "SUSE Bug 1255930 for CVE-2025-68764",
"url": "https://bugzilla.suse.com/1255930"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-13T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-68764"
},
{
"cve": "CVE-2025-68765",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68765"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nmt76: mt7615: Fix memory leak in mt7615_mcu_wtbl_sta_add()\n\nIn mt7615_mcu_wtbl_sta_add(), an skb sskb is allocated. If the\nsubsequent call to mt76_connac_mcu_alloc_wtbl_req() fails, the function\nreturns an error without freeing sskb, leading to a memory leak.\n\nFix this by calling dev_kfree_skb() on sskb in the error handling path\nto ensure it is properly released.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68765",
"url": "https://www.suse.com/security/cve/CVE-2025-68765"
},
{
"category": "external",
"summary": "SUSE Bug 1255931 for CVE-2025-68765",
"url": "https://bugzilla.suse.com/1255931"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-13T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-68765"
},
{
"cve": "CVE-2025-68766",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2025-68766"
}
],
"notes": [
{
"category": "general",
"text": "In the Linux kernel, the following vulnerability has been resolved:\n\nirqchip/mchp-eic: Fix error code in mchp_eic_domain_alloc()\n\nIf irq_domain_translate_twocell() sets \"hwirq\" to \u003e= MCHP_EIC_NIRQ (2) then\nit results in an out of bounds access.\n\nThe code checks for invalid values, but doesn\u0027t set the error code. Return\n-EINVAL in that case, instead of returning success.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2025-68766",
"url": "https://www.suse.com/security/cve/CVE-2025-68766"
},
{
"category": "external",
"summary": "SUSE Bug 1255932 for CVE-2025-68766",
"url": "https://bugzilla.suse.com/1255932"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-devel-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-macros-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-6.18.5-1.1.x86_64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.aarch64",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.ppc64le",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.s390x",
"openSUSE Tumbleweed:kernel-source-vanilla-6.18.5-1.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2026-01-13T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2025-68766"
}
]
}
WID-SEC-W-2026-0009
Vulnerability from csaf_certbund - Published: 2026-01-04 23:00 - Updated: 2026-01-28 23:00Summary
Linux Kernel: Mehrere Schwachstellen ermöglichen Denial of Service
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung
Der Kernel stellt den Kern des Linux Betriebssystems dar.
Angriff
Ein Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuführen oder um nicht spezifizierte Auswirkungen zu erzielen.
Betroffene Betriebssysteme
- Linux
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Der Kernel stellt den Kern des Linux Betriebssystems dar.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein Angreifer kann mehrere Schwachstellen im Linux Kernel ausnutzen, um einen Denial of Service Angriff durchzuf\u00fchren oder um nicht spezifizierte Auswirkungen zu erzielen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-0009 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-0009.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-0009 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0009"
},
{
"category": "external",
"summary": "Kernel CVE Announce Mailingliste",
"url": "https://lore.kernel.org/linux-cve-announce/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68751",
"url": "https://lore.kernel.org/linux-cve-announce/2026010546-CVE-2025-68751-b3fa@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68752",
"url": "https://lore.kernel.org/linux-cve-announce/2026010548-CVE-2025-68752-b0e7@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68753",
"url": "https://lore.kernel.org/linux-cve-announce/2026010548-CVE-2025-68753-1c6d@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68754",
"url": "https://lore.kernel.org/linux-cve-announce/2026010549-CVE-2025-68754-7189@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68755",
"url": "https://lore.kernel.org/linux-cve-announce/2026010549-CVE-2025-68755-b588@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68756",
"url": "https://lore.kernel.org/linux-cve-announce/2026010549-CVE-2025-68756-28f9@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68757",
"url": "https://lore.kernel.org/linux-cve-announce/2026010550-CVE-2025-68757-7245@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68758",
"url": "https://lore.kernel.org/linux-cve-announce/2026010550-CVE-2025-68758-a505@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68759",
"url": "https://lore.kernel.org/linux-cve-announce/2026010550-CVE-2025-68759-8638@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68760",
"url": "https://lore.kernel.org/linux-cve-announce/2026010551-CVE-2025-68760-5350@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68761",
"url": "https://lore.kernel.org/linux-cve-announce/2026010551-CVE-2025-68761-7f01@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68762",
"url": "https://lore.kernel.org/linux-cve-announce/2026010551-CVE-2025-68762-8b05@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68763",
"url": "https://lore.kernel.org/linux-cve-announce/2026010552-CVE-2025-68763-de7e@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68764",
"url": "https://lore.kernel.org/linux-cve-announce/2026010516-CVE-2025-68764-107e@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68765",
"url": "https://lore.kernel.org/linux-cve-announce/2026010519-CVE-2025-68765-7c16@gregkh/"
},
{
"category": "external",
"summary": "Linux Kernel CVE Announcement CVE-2025-68766",
"url": "https://lore.kernel.org/linux-cve-announce/2026010519-CVE-2025-68766-0898@gregkh/"
},
{
"category": "external",
"summary": "Microsoft Leitfaden f\u00fcr Sicherheitsupdates vom 2026-01-08",
"url": "https://msrc.microsoft.com/update-guide/"
},
{
"category": "external",
"summary": "Microsoft Leitfaden f\u00fcr Sicherheitsupdates vom 2026-01-13",
"url": "https://msrc.microsoft.com/update-guide/"
},
{
"category": "external",
"summary": "openSUSE Security Update OPENSUSE-SU-2026:10039-1 vom 2026-01-14",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SNRBJ6HLDODCC2A4DQ3QHZ6XBQSZQO26/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:0278-1 vom 2026-01-23",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023906.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:0281-1 vom 2026-01-26",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023914.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:0293-1 vom 2026-01-26",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023915.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2026:0315-1 vom 2026-01-29",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2026-January/023971.html"
}
],
"source_lang": "en-US",
"title": "Linux Kernel: Mehrere Schwachstellen erm\u00f6glichen Denial of Service",
"tracking": {
"current_release_date": "2026-01-28T23:00:00.000+00:00",
"generator": {
"date": "2026-01-29T07:55:58.740+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2026-0009",
"initial_release_date": "2026-01-04T23:00:00.000+00:00",
"revision_history": [
{
"date": "2026-01-04T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2026-01-05T23:00:00.000+00:00",
"number": "2",
"summary": "Referenz(en) aufgenommen: EUVD-2026-0891, EUVD-2026-0890, EUVD-2026-0889, EUVD-2026-0888, EUVD-2026-0887, EUVD-2026-0886, EUVD-2026-0885, EUVD-2026-0884, EUVD-2026-0883, EUVD-2026-0881, EUVD-2026-0896, EUVD-2026-0895, EUVD-2026-0894, EUVD-2026-0893, EUVD-2026-0892, EUVD-2026-0882"
},
{
"date": "2026-01-07T23:00:00.000+00:00",
"number": "3",
"summary": "Neue Updates aufgenommen"
},
{
"date": "2026-01-13T23:00:00.000+00:00",
"number": "4",
"summary": "Neue Updates aufgenommen"
},
{
"date": "2026-01-14T23:00:00.000+00:00",
"number": "5",
"summary": "Neue Updates von openSUSE aufgenommen"
},
{
"date": "2026-01-25T23:00:00.000+00:00",
"number": "6",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2026-01-26T23:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von SUSE aufgenommen"
},
{
"date": "2026-01-28T23:00:00.000+00:00",
"number": "8",
"summary": "Neue Updates von SUSE aufgenommen"
}
],
"status": "final",
"version": "8"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "3",
"product": {
"name": "Microsoft Azure Linux 3.0",
"product_id": "1816984",
"product_identification_helper": {
"cpe": "cpe:/o:microsoft:azure_linux:3.0"
}
}
},
{
"category": "product_version",
"name": "azl3 kernel 6.6.117.1-1 on 3.0",
"product": {
"name": "Microsoft Azure Linux azl3 kernel 6.6.117.1-1 on 3.0",
"product_id": "T049872",
"product_identification_helper": {
"cpe": "cpe:/o:microsoft:azure_linux:azl3_kernel_6.6.117.1-1_on_3.0"
}
}
}
],
"category": "product_name",
"name": "Azure Linux"
}
],
"category": "vendor",
"name": "Microsoft"
},
{
"branches": [
{
"category": "product_name",
"name": "Open Source Linux Kernel",
"product": {
"name": "Open Source Linux Kernel",
"product_id": "6368",
"product_identification_helper": {
"cpe": "cpe:/o:linux:linux_kernel:-"
}
}
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
},
{
"category": "product_name",
"name": "SUSE openSUSE",
"product": {
"name": "SUSE openSUSE",
"product_id": "T027843",
"product_identification_helper": {
"cpe": "cpe:/o:suse:opensuse:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2025-68751",
"product_status": {
"known_affected": [
"T002207",
"1816984",
"6368",
"T027843",
"T049872"
]
},
"release_date": "2026-01-04T23:00:00.000+00:00",
"title": "CVE-2025-68751"
},
{
"cve": "CVE-2025-68752",
"product_status": {
"known_affected": [
"T002207",
"1816984",
"6368",
"T027843",
"T049872"
]
},
"release_date": "2026-01-04T23:00:00.000+00:00",
"title": "CVE-2025-68752"
},
{
"cve": "CVE-2025-68753",
"product_status": {
"known_affected": [
"T002207",
"1816984",
"6368",
"T027843",
"T049872"
]
},
"release_date": "2026-01-04T23:00:00.000+00:00",
"title": "CVE-2025-68753"
},
{
"cve": "CVE-2025-68754",
"product_status": {
"known_affected": [
"T002207",
"1816984",
"6368",
"T027843",
"T049872"
]
},
"release_date": "2026-01-04T23:00:00.000+00:00",
"title": "CVE-2025-68754"
},
{
"cve": "CVE-2025-68755",
"product_status": {
"known_affected": [
"T002207",
"1816984",
"6368",
"T027843",
"T049872"
]
},
"release_date": "2026-01-04T23:00:00.000+00:00",
"title": "CVE-2025-68755"
},
{
"cve": "CVE-2025-68756",
"product_status": {
"known_affected": [
"T002207",
"1816984",
"6368",
"T027843",
"T049872"
]
},
"release_date": "2026-01-04T23:00:00.000+00:00",
"title": "CVE-2025-68756"
},
{
"cve": "CVE-2025-68757",
"product_status": {
"known_affected": [
"T002207",
"1816984",
"6368",
"T027843",
"T049872"
]
},
"release_date": "2026-01-04T23:00:00.000+00:00",
"title": "CVE-2025-68757"
},
{
"cve": "CVE-2025-68758",
"product_status": {
"known_affected": [
"T002207",
"1816984",
"6368",
"T027843",
"T049872"
]
},
"release_date": "2026-01-04T23:00:00.000+00:00",
"title": "CVE-2025-68758"
},
{
"cve": "CVE-2025-68759",
"product_status": {
"known_affected": [
"T002207",
"1816984",
"6368",
"T027843",
"T049872"
]
},
"release_date": "2026-01-04T23:00:00.000+00:00",
"title": "CVE-2025-68759"
},
{
"cve": "CVE-2025-68760",
"product_status": {
"known_affected": [
"T002207",
"1816984",
"6368",
"T027843",
"T049872"
]
},
"release_date": "2026-01-04T23:00:00.000+00:00",
"title": "CVE-2025-68760"
},
{
"cve": "CVE-2025-68761",
"product_status": {
"known_affected": [
"T002207",
"1816984",
"6368",
"T027843",
"T049872"
]
},
"release_date": "2026-01-04T23:00:00.000+00:00",
"title": "CVE-2025-68761"
},
{
"cve": "CVE-2025-68762",
"product_status": {
"known_affected": [
"T002207",
"1816984",
"6368",
"T027843",
"T049872"
]
},
"release_date": "2026-01-04T23:00:00.000+00:00",
"title": "CVE-2025-68762"
},
{
"cve": "CVE-2025-68763",
"product_status": {
"known_affected": [
"T002207",
"1816984",
"6368",
"T027843",
"T049872"
]
},
"release_date": "2026-01-04T23:00:00.000+00:00",
"title": "CVE-2025-68763"
},
{
"cve": "CVE-2025-68764",
"product_status": {
"known_affected": [
"T002207",
"1816984",
"6368",
"T027843",
"T049872"
]
},
"release_date": "2026-01-04T23:00:00.000+00:00",
"title": "CVE-2025-68764"
},
{
"cve": "CVE-2025-68765",
"product_status": {
"known_affected": [
"T002207",
"1816984",
"6368",
"T027843",
"T049872"
]
},
"release_date": "2026-01-04T23:00:00.000+00:00",
"title": "CVE-2025-68765"
},
{
"cve": "CVE-2025-68766",
"product_status": {
"known_affected": [
"T002207",
"1816984",
"6368",
"T027843",
"T049872"
]
},
"release_date": "2026-01-04T23:00:00.000+00:00",
"title": "CVE-2025-68766"
}
]
}
GHSA-28VG-CXP3-45WQ
Vulnerability from github – Published: 2026-01-05 12:30 – Updated: 2026-01-11 18:30
VLAI?
Details
In the Linux kernel, the following vulnerability has been resolved:
crypto: starfive - Correctly handle return of sg_nents_for_len
The return value of sg_nents_for_len was assigned to an unsigned long in starfive_hash_digest, causing negative error codes to be converted to large positive integers.
Add error checking for sg_nents_for_len and return immediately on failure to prevent potential buffer overflows.
{
"affected": [],
"aliases": [
"CVE-2025-68763"
],
"database_specific": {
"cwe_ids": [],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2026-01-05T10:15:57Z",
"severity": null
},
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\ncrypto: starfive - Correctly handle return of sg_nents_for_len\n\nThe return value of sg_nents_for_len was assigned to an unsigned long\nin starfive_hash_digest, causing negative error codes to be converted\nto large positive integers.\n\nAdd error checking for sg_nents_for_len and return immediately on\nfailure to prevent potential buffer overflows.",
"id": "GHSA-28vg-cxp3-45wq",
"modified": "2026-01-11T18:30:29Z",
"published": "2026-01-05T12:30:29Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-68763"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/0c3854d65cc4402cb8c52d4d773450a06efecab6"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/1af5c973dd744e29fa22121f43e8646b7a7a71a7"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/6cd14414394b4f3d6e1ed64b8241d1fcc2271820"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/9b3f71cf02e04cfaa482155e3078707fe7f8aef4"
},
{
"type": "WEB",
"url": "https://git.kernel.org/stable/c/e9eb52037a529fbb307c290e9951a62dd728b03d"
}
],
"schema_version": "1.4.0",
"severity": []
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…