Msrc Azl3 Kernel 6.6.119.3-3 On Azure Linux 3.0 vulnerabilities

CVE-2025-68206 [CRITICAL] netfilter: nft_ct: add seqadj extension for natted connections netfilter: nft_ct: add seqadj extension for natted connections Mariner: Mariner Linux: Linux Customer Action Required: Yes Remediation: CBL-Mariner Releases Reference: https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade

CVE-2025-68188 [HIGH] tcp: use dst_dev_rcu() in tcp_fastopen_active_disable_ofo_check() tcp: use dst_dev_rcu() in tcp_fastopen_active_disable_ofo_check() Mariner: Mariner Linux: Linux Customer Action Required: Yes

CVE-2025-68174 [HIGH] amd/amdkfd: enhance kfd process check in switch partition amd/amdkfd: enhance kfd process check in switch partition Mariner: Mariner Linux: Linux Customer Action Required: Yes

CVE-2025-68196 [HIGH] drm/amd/display: Cache streams targeting link when performing LT automation drm/amd/display: Cache streams targeting link when performing LT automation Mariner: Mariner Linux: Linux Customer Action Required: Yes

CVE-2025-68254 [HIGH] staging: rtl8723bs: fix out-of-bounds read in OnBeacon ESR IE parsing staging: rtl8723bs: fix out-of-bounds read in OnBeacon ESR IE parsing Mariner: Mariner Linux: Linux Customer Action Required: Yes Remediation: CBL-Mariner Releases Reference: https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade

CVE-2025-68265 [HIGH] nvme: fix admin request_queue lifetime nvme: fix admin request_queue lifetime Mariner: Mariner Linux: Linux Customer Action Required: Yes Remediation: CBL-Mariner Releases Reference: https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade

CVE-2025-68190 [HIGH] drm/amdgpu/atom: Check kcalloc() for WS buffer in amdgpu_atom_execute_table_locked() drm/amdgpu/atom: Check kcalloc() for WS buffer in amdgpu_atom_execute_table_locked() Mariner: Mariner Linux: Linux Customer Action Required: Yes

CVE-2025-68304 [HIGH] Bluetooth: hci_core: lookup hci_conn on RX path on protocol side Bluetooth: hci_core: lookup hci_conn on RX path on protocol side Mariner: Mariner Linux: Linux Customer Action Required: Yes

CVE-2025-68261 [HIGH] ext4: add i_data_sem protection in ext4_destroy_inline_data_nolock() ext4: add i_data_sem protection in ext4_destroy_inline_data_nolock() Mariner: Mariner Linux: Linux Customer Action Required: Yes Remediation: CBL-Mariner Releases Reference: https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade

CVE-2025-68372 [MEDIUM] nbd: defer config put in recv_work nbd: defer config put in recv_work Mariner: Mariner Linux: Linux Customer Action Required: Yes Remediation: CBL-Mariner Releases Reference: https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade

CVE-2025-68724 [MEDIUM] crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id Mariner: Mariner Linux: Linux Customer Action Required: Yes Remediation: CBL-Mariner Releases Reference: https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade

CVE-2025-40339 [MEDIUM] drm/amdgpu: fix nullptr err of vm_handle_moved drm/amdgpu: fix nullptr err of vm_handle_moved Mariner: Mariner Linux: Linux Customer Action Required: Yes

CVE-2025-40332 [MEDIUM] drm/amdkfd: Fix mmap write lock not release drm/amdkfd: Fix mmap write lock not release Mariner: Mariner Linux: Linux Customer Action Required: Yes

CVE-2025-68334 [MEDIUM] platform/x86/amd/pmc: Add support for Van Gogh SoC platform/x86/amd/pmc: Add support for Van Gogh SoC Mariner: Mariner Linux: Linux Customer Action Required: Yes Remediation: CBL-Mariner Releases Reference: https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade

CVE-2025-68209 [MEDIUM] mlx5: Fix default values in create CQ mlx5: Fix default values in create CQ Mariner: Mariner Linux: Linux Customer Action Required: Yes

CVE-2025-68347 [MEDIUM] ALSA: firewire-motu: fix buffer overflow in hwdep read for DSP events ALSA: firewire-motu: fix buffer overflow in hwdep read for DSP events Mariner: Mariner Linux: Linux Customer Action Required: Yes Remediation: CBL-Mariner Releases Reference: https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade

CVE-2025-68338 [MEDIUM] net: dsa: microchip: Don't free uninitialized ksz_irq net: dsa: microchip: Don't free uninitialized ksz_irq Mariner: Mariner Linux: Linux Customer Action Required: Yes

CVE-2025-68732 [MEDIUM] gpu: host1x: Fix race in syncpt alloc/free gpu: host1x: Fix race in syncpt alloc/free Mariner: Mariner Linux: Linux Customer Action Required: Yes Remediation: CBL-Mariner Releases Reference: https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade

CVE-2025-40335 [MEDIUM] drm/amdgpu: validate userq input args drm/amdgpu: validate userq input args Mariner: Mariner Linux: Linux Customer Action Required: Yes

CVE-2025-68259 [MEDIUM] KVM: SVM: Don't skip unrelated instruction if INT3/INTO is replaced KVM: SVM: Don't skip unrelated instruction if INT3/INTO is replaced Mariner: Mariner Linux: Linux Customer Action Required: Yes Remediation: CBL-Mariner Releases Reference: https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade