- proxmox-kernel-6.8.12-10-pve_6.8.12-10 (pve-8)
- proxmox-kernel-6.8.12-10-pve_6.8.12-10
- 2025-07-15 14:14:18
- 2025-07-16 13:12:35
- K20250715_08
- CVE-2025-21683
- Description:
bpf: Fix bpf_sk_select_reuseport() memory leak
- CVE: https://ubuntu.com/security/CVE-2025-21683
- Patch: ubuntu-noble/6.8.0-62.65/CVE-2025-21683-bpf-fix-bpf-sk-select-reuseport-memory-leak.patch
- From: 6.8.0-62.65
- CVE-2025-21680
- Description:
pktgen: Avoid out-of-bounds access in get_imix_entries
- CVE: https://ubuntu.com/security/CVE-2025-21680
- Patch: ubuntu-noble/6.8.0-62.65/CVE-2025-21680-pktgen-avoid-out-of-bounds-access-in-get-imix-entries.patch
- From: 6.8.0-62.65
- CVE-2025-21676
- Description:
net: fec: handle page_pool_dev_alloc_pages error
- CVE: https://ubuntu.com/security/CVE-2025-21676
- Patch: ubuntu-noble/6.8.0-62.65/CVE-2025-21676-net-fec-handle-page-pool-dev-alloc-pages-error.patch
- From: 6.8.0-62.65
- CVE-2025-21675
- Description:
net/mlx5: Clear port select structure when fail to create
- CVE: https://ubuntu.com/security/CVE-2025-21675
- Patch: ubuntu-noble/6.8.0-62.65/CVE-2025-21675-net-mlx5-clear-port-select-structure-when-fail-to-create.patch
- From: 6.8.0-62.65
- CVE-2025-21674
- Description:
net/mlx5e: Fix inversion dependency warning while enabling IPsec tunnel
- CVE: https://ubuntu.com/security/CVE-2025-21674
- Patch: ubuntu-noble/6.8.0-62.65/CVE-2025-21674-net-mlx5e-fix-inversion-dependency-warning-while-enabling-ipsec-tunnel.patch
- From: 6.8.0-62.65
- CVE-2025-21697
- Description:
drm/v3d: Ensure job pointer is set to NULL after job completion
- CVE: https://ubuntu.com/security/CVE-2025-21697
- Patch: ubuntu-noble/6.8.0-62.65/CVE-2025-21697-drm-v3d-ensure-job-pointer-is-set-to-null-after-job-completion.patch
- From: 6.8.0-62.65
- CVE-2025-21665
- Description:
filemap: avoid truncating 64-bit offset to 32 bits
- CVE: https://ubuntu.com/security/CVE-2025-21665
- Patch: ubuntu-noble/6.8.0-62.65/CVE-2025-21665-filemap-avoid-truncating-64-bit-offset-to-32-bits.patch
- From: 6.8.0-62.65
- CVE-2025-21692
- Description:
net: sched: fix ets qdisc OOB Indexing
- CVE: https://ubuntu.com/security/CVE-2025-21692
- Patch: ubuntu-noble/6.8.0-62.65/CVE-2025-21692-net-sched-fix-ets-qdisc-oob-indexing.patch
- From: 6.8.0-62.65
- CVE-2025-21691
- Description:
cachestat: fix page cache statistics permission checking
- CVE: https://ubuntu.com/security/CVE-2025-21691
- Patch: ubuntu-noble/6.8.0-62.65/CVE-2025-21691-cachestat-fix-page-cache-statistics-permission-checking.patch
- From: 6.8.0-62.65
- CVE-2024-57951
- Description:
hrtimers: Handle CPU state correctly on hotplug
- CVE: https://ubuntu.com/security/CVE-2024-57951
- Patch: ubuntu-noble/6.8.0-62.65/CVE-2024-57951-hrtimers-handle-cpu-state-correctly-on-hotplug.patch
- From: 6.8.0-62.65
- CVE-2024-57951
- Description:
hrtimers: Handle CPU state correctly on hotplug
- CVE: https://ubuntu.com/security/CVE-2024-57951
- Patch: ubuntu-noble/6.8.0-62.65/CVE-2024-57951-hrtimers-handle-cpu-state-correctly-on-hotplug-kpatch.patch
- From: 6.8.0-62.65
- CVE-2025-22088
- Description:
RDMA/erdma: Prevent use-after-free in erdma_accept_newconn()
- CVE: https://ubuntu.com/security/CVE-2025-22088
- Patch: ubuntu-noble/6.8.0-63.66/CVE-2025-22088-rdma-erdma-prevent-use-after-free-in-erdma-accept-newconn.patch
- From: 6.8.0-63.66
- CVE-2025-37932
- Description:
sch_htb: make htb_qlen_notify() idempotent
- CVE: https://ubuntu.com/security/CVE-2025-37932
- Patch: ubuntu-noble/6.8.0-63.66/CVE-2025-37932-sch-htb-make-htb-qlen-notify-idempotent.patch
- From: 6.8.0-63.66
- CVE-2025-37997
- Description:
netfilter: ipset: fix region locking in hash types
- CVE: https://ubuntu.com/security/CVE-2025-37997
- Patch: ubuntu-noble/6.8.0-63.66/CVE-2025-37997-netfilter-ipset-fix-region-locking-in-hash-types.patch
- From: 6.8.0-63.66
- CVE-2025-37798
- Description:
codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog()
- CVE: https://ubuntu.com/security/CVE-2025-37798
- Patch: ubuntu-noble/6.8.0-63.66/CVE-2025-37798-codel-remove-sch-q-qlen-check-before-qdisc-tree-reduce-backlog.patch
- From: 6.8.0-63.66
- CVE-2025-37798
- Description:
sch_htb: make htb_deactivate() idempotent
- CVE: https://ubuntu.com/security/CVE-2025-37798
- Patch: ubuntu-noble/6.8.0-63.66/CVE-2025-37798-sch-htb-make-htb-deactivate-idempotent.patch
- From: 6.8.0-63.66
- CVE-2025-37798
- Description:
sch_drr: make drr_qlen_notify() idempotent
- CVE: https://ubuntu.com/security/CVE-2025-37798
- Patch: ubuntu-noble/6.8.0-63.66/CVE-2025-37798-sch-drr-make-drr-qlen-notify-idempotent.patch
- From: 6.8.0-63.66
- CVE-2025-37798
- Description:
sch_hfsc: make hfsc_qlen_notify() idempotent
- CVE: https://ubuntu.com/security/CVE-2025-37798
- Patch: ubuntu-noble/6.8.0-63.66/CVE-2025-37798-sch-hfsc-make-hfsc-qlen-notify-idempotent.patch
- From: 6.8.0-63.66
- CVE-2025-37798
- Description:
sch_qfq: make qfq_qlen_notify() idempotent
- CVE: https://ubuntu.com/security/CVE-2025-37798
- Patch: ubuntu-noble/6.8.0-63.66/CVE-2025-37798-sch-qfq-make-qfq-qlen-notify-idempotent.patch
- From: 6.8.0-63.66
- CVE-2025-37798
- Description:
sch_qfq: make qfq_qlen_notify() idempotent
- CVE: https://ubuntu.com/security/CVE-2025-37798
- Patch: ubuntu-noble/6.8.0-63.66/CVE-2025-37798-sch-qfq-make-qfq-qlen-notify-idempotent-kpatch.patch
- From: 6.8.0-63.66
- CVE-2025-37798
- Description:
sch_ets: make est_qlen_notify() idempotent
- CVE: https://ubuntu.com/security/CVE-2025-37798
- Patch: ubuntu-noble/6.8.0-63.66/CVE-2025-37798-sch-ets-make-est-qlen-notify-idempotent.patch
- From: 6.8.0-63.66
- CVE-2025-37890
- Description:
net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc
- CVE: https://ubuntu.com/security/CVE-2025-37890
- Patch: ubuntu-noble/6.8.0-63.66/CVE-2025-37890-net-sched-hfsc-fix-a-uaf-vulnerability-in-class-with-netem-as-child-qdisc.patch
- From: 6.8.0-63.66
- CVE-2025-38000
- Description:
sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue()
- CVE: https://ubuntu.com/security/CVE-2025-38000
- Patch: ubuntu-noble/6.8.0-63.66/CVE-2025-38000-sch-hfsc-fix-qlen-accounting-bug-when-using-peek-in-hfsc-enqueue.patch
- From: 6.8.0-63.66
- CVE-2025-38001
- Description:
net_sched: hfsc: Address reentrant enqueue adding class to eltree twice
- CVE: https://ubuntu.com/security/CVE-2025-38001
- Patch: ubuntu-noble/6.8.0-63.66/CVE-2025-38001-net-sched-hfsc-address-reentrant-enqueue-adding-class-to-eltree-twice.patch
- From: 6.8.0-63.66