Msrc Azl3 Kernel 6.6.117.1-1 On Azure Linux 3.0 vulnerabilities

CVE-2025-68193 [CRITICAL] drm/xe/guc: Add devm release action to safely tear down CT drm/xe/guc: Add devm release action to safely tear down CT Mariner: Mariner Linux: Linux Customer Action Required: Yes

CVE-2025-40262 [CRITICAL] Input: imx_sc_key - fix memory corruption on unload Input: imx_sc_key - fix memory corruption on unload Mariner: Mariner Linux: Linux Customer Action Required: Yes

CVE-2025-40242 [CRITICAL] gfs2: Fix unlikely race in gdlm_put_lock gfs2: Fix unlikely race in gdlm_put_lock Mariner: Mariner Linux: Linux Customer Action Required: Yes

CVE-2025-68206 [CRITICAL] netfilter: nft_ct: add seqadj extension for natted connections netfilter: nft_ct: add seqadj extension for natted connections Mariner: Mariner Linux: Linux Customer Action Required: Yes Remediation: CBL-Mariner Releases Reference: https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade

CVE-2025-40251 [MEDIUM] devlink: rate: Unset parent pointer in devl_rate_nodes_destroy devlink: rate: Unset parent pointer in devl_rate_nodes_destroy Mariner: Mariner Linux: Linux Customer Action Required: Yes Remediation: CBL-Mariner Releases Reference: https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade

CVE-2025-68287 [HIGH] usb: dwc3: Fix race condition between concurrent dwc3_remove_requests() call paths usb: dwc3: Fix race condition between concurrent dwc3_remove_requests() call paths Mariner: Mariner Linux: Linux Customer Action Required: Yes Remediation: CBL-Mariner Releases Reference: https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade

CVE-2025-68303 [HIGH] platform/x86: intel: punit_ipc: fix memory corruption platform/x86: intel: punit_ipc: fix memory corruption Mariner: Mariner Linux: Linux Customer Action Required: Yes Remediation: CBL-Mariner Releases Reference: https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade

CVE-2025-68188 [HIGH] tcp: use dst_dev_rcu() in tcp_fastopen_active_disable_ofo_check() tcp: use dst_dev_rcu() in tcp_fastopen_active_disable_ofo_check() Mariner: Mariner Linux: Linux Customer Action Required: Yes

CVE-2025-68255 [HIGH] staging: rtl8723bs: fix stack buffer overflow in OnAssocReq IE parsing staging: rtl8723bs: fix stack buffer overflow in OnAssocReq IE parsing Mariner: Mariner Linux: Linux Customer Action Required: Yes

CVE-2025-68174 [HIGH] amd/amdkfd: enhance kfd process check in switch partition amd/amdkfd: enhance kfd process check in switch partition Mariner: Mariner Linux: Linux Customer Action Required: Yes

CVE-2025-40266 [HIGH] KVM: arm64: Check the untrusted offset in FF-A memory share KVM: arm64: Check the untrusted offset in FF-A memory share Mariner: Mariner Linux: Linux Customer Action Required: Yes Remediation: CBL-Mariner Releases Reference: https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade

CVE-2025-68231 [HIGH] mm/mempool: fix poisoning order>0 pages with HIGHMEM mm/mempool: fix poisoning order>0 pages with HIGHMEM Mariner: Mariner Linux: Linux Customer Action Required: Yes Remediation: CBL-Mariner Releases Reference: https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade

CVE-2025-68380 [HIGH] wifi: ath11k: fix peer HE MCS assignment wifi: ath11k: fix peer HE MCS assignment Mariner: Mariner Linux: Linux Customer Action Required: Yes

CVE-2025-68285 [HIGH] libceph: fix potential use-after-free in have_mon_and_osd_map() libceph: fix potential use-after-free in have_mon_and_osd_map() Mariner: Mariner Linux: Linux Customer Action Required: Yes Remediation: CBL-Mariner Releases Reference: https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade

CVE-2025-68196 [HIGH] drm/amd/display: Cache streams targeting link when performing LT automation drm/amd/display: Cache streams targeting link when performing LT automation Mariner: Mariner Linux: Linux Customer Action Required: Yes

CVE-2025-68290 [HIGH] most: usb: fix double free on late probe failure most: usb: fix double free on late probe failure Mariner: Mariner Linux: Linux Customer Action Required: Yes Remediation: CBL-Mariner Releases Reference: https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade

CVE-2025-68283 [HIGH] libceph: replace BUG_ON with bounds check for map->max_osd libceph: replace BUG_ON with bounds check for map->max_osd Mariner: Mariner Linux: Linux Customer Action Required: Yes Remediation: CBL-Mariner Releases Reference: https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade

CVE-2025-68729 [HIGH] wifi: ath12k: Fix MSDU buffer types handling in RX error path wifi: ath12k: Fix MSDU buffer types handling in RX error path Mariner: Mariner Linux: Linux Customer Action Required: Yes

CVE-2025-40258 [HIGH] mptcp: fix race condition in mptcp_schedule_work() mptcp: fix race condition in mptcp_schedule_work() Mariner: Mariner Linux: Linux Customer Action Required: Yes Remediation: CBL-Mariner Releases Reference: https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade

CVE-2025-68254 [HIGH] staging: rtl8723bs: fix out-of-bounds read in OnBeacon ESR IE parsing staging: rtl8723bs: fix out-of-bounds read in OnBeacon ESR IE parsing Mariner: Mariner Linux: Linux Customer Action Required: Yes Remediation: CBL-Mariner Releases Reference: https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade