USN-7938-1 linux-azure-5.15 vulnerabilities

Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux kernel contained insufficient branch predictor isolation between a guest and a userspace hypervisor for certain processors. This flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this t...

CVE-2025-68251

In the Linux kernel, the following vulnerability has been resolved: erofs: avoid infinite loops due to corrupted subpage compact indexes Robert reported an infinite loop observed by two crafted images. The root cause is that clusterofs can be larger than lclustersize for !NONHEAD lclusters in...

CVE-2025-68243

The CVE affects the Linux kernel NFS client TLS/X.509 handling in nfs_match_client(). When RPC_XPRTSEC_TLS_X509 is used, the cert_serial and privkey_serial fields must match to validate the client identity; otherwise, there can be unintended session reuse. The issue has been resolved in the Linux...

CVE-2025-68243 NFS: Check the TLS certificate fields in nfs_match_client()

In the Linux kernel, the following vulnerability has been resolved: NFS: Check the TLS certificate fields in nfsmatchclient If the TLS security policy is of type RPCXPRTSECTLSX509, then the certserial and privkeyserial fields need to match as well since they define the client's identity, as...

CVE-2025-68242 NFS: Fix LTP test failures when timestamps are delegated

In the Linux kernel, the following vulnerability has been resolved: NFS: Fix LTP test failures when timestamps are delegated The utimes01 and utime06 tests fail when delegated timestamps are enabled, specifically in subtests that modify the atime and mtime fields using the 'nobody' user ID. The...

CVE-2025-68242 NFS: Fix LTP test failures when timestamps are delegated

In the Linux kernel, the following vulnerability has been resolved: NFS: Fix LTP test failures when timestamps are delegated The utimes01 and utime06 tests fail when delegated timestamps are enabled, specifically in subtests that modify the atime and mtime fields using the 'nobody' user ID. The...

CVE-2025-68242

CVE-2025-68242 concerns the Linux kernel NFS attribute handling. The description notes that when delegated timestamps are allowed, the kernel’s nfs_setattr does not verify the inode UID against the caller’s fsuid, leading to failures in LTP tests utimes01/utime06 (the tests modify atime/mtime usi...

CVE-2025-68219

In the Linux kernel, the following vulnerability has been resolved: cifs: fix memory leak in smb3fscontextparseparam error path Add proper cleanup of ctx-source and fc-source to the cifsparsemounterr error handler. This ensures that memory allocated for the source strings is correctly freed on al...

CVE-2025-40362

In the Linux kernel, the following vulnerability has been resolved: ceph: fix multifs mds auth caps issue The mds auth caps check should also validate the fsname along with the associated caps. Not doing so would result in applying the mds auth caps of one fs on to the other fs in a multifs ceph...

CVE-2025-68168

In the Linux kernel, the following vulnerability has been resolved: jfs: fix uninitialized waitqueue in transaction manager The transaction manager initialization in txInit was not properly initializing TxBlock0.waitor waitqueue, causing a crash when txEnd0 is called on read-only filesystems. Whe...

CVE-2025-68185

In the Linux kernel, the following vulnerability has been resolved: nfs4setupreaddir: insufficient locking for -dparent-dinode dereferencing Theoretically it's an oopsable race, but I don't believe one can manage to hit it on real hardware; might become doable on a KVM, but it still won't be easy...

CVE-2025-68185 nfs4_setup_readdir(): insufficient locking for ->d_parent->d_inode dereferencing

In the Linux kernel, the following vulnerability has been resolved: nfs4setupreaddir: insufficient locking for -dparent-dinode dereferencing Theoretically it's an oopsable race, but I don't believe one can manage to hit it on real hardware; might become doable on a KVM, but it still won't be easy...

CVE-2025-40362 ceph: fix multifs mds auth caps issue

In the Linux kernel, the following vulnerability has been resolved: ceph: fix multifs mds auth caps issue The mds auth caps check should also validate the fsname along with the associated caps. Not doing so would result in applying the mds auth caps of one fs on to the other fs in a multifs ceph...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from NFS not verifying UID and fsuid matches, which could lead to timestamp delegation privilege issues...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from nfsmatchclient not checking the TLS certificate field, which could lead to client authentication issues...

PT-2025-51803

Name of the Vulnerable Software and Affected Versions ipfw versions affected versions not specified Description The tcp-setmss handler may free packet data and generate an error without stopping rule processing. A subsequent rule could then allow traffic to pass after the packet data is removed,...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from bfs not properly rebuilding file types when loading from disk...

Linux Distros Unpatched Vulnerability : CVE-2025-68168

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - jfs: fix uninitialized waitqueue in transaction manager The transaction manager initialization in txInit was not properly initializing TxBlock0.waitor waitqueue...

Linux Distros Unpatched Vulnerability : CVE-2025-68261

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ext4: add idatasem protection in ext4destroyinlinedatanolock Fix a race between inline data destruction and block mapping. The function...

Linux Distros Unpatched Vulnerability : CVE-2025-68299

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - afs: Fix delayed allocation of a cell's anonymous key The allocation of a cell's anonymous key is done in a background thread along with other cell setup such a...