rpm package
suse/kernel-64kb&distro=SUSE Linux Enterprise Module for Basesystem 15 SP6
pkg:rpm/suse/kernel-64kb&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6
Vulnerabilities (3,752)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-21659 | Med | 5.5 | < 6.4.0-150600.23.47.2 | 6.4.0-150600.23.47.2 | Jan 21, 2025 | In the Linux kernel, the following vulnerability has been resolved: netdev: prevent accessing NAPI instances from another namespace The NAPI IDs were not fully exposed to user space prior to the netlink API, so they were never namespaced. The netlink API must ensure that at the | |
| CVE-2025-21658 | Med | 5.5 | < 6.4.0-150600.23.60.4 | 6.4.0-150600.23.60.4 | Jan 21, 2025 | In the Linux kernel, the following vulnerability has been resolved: btrfs: avoid NULL pointer dereference if no valid extent tree [BUG] Syzbot reported a crash with the following call trace: BTRFS info (device loop0): scrub: started on devid 1 BUG: kernel NULL pointer dere | |
| CVE-2025-21656 | Med | 5.5 | < 6.4.0-150600.23.38.1 | 6.4.0-150600.23.38.1 | Jan 21, 2025 | In the Linux kernel, the following vulnerability has been resolved: hwmon: (drivetemp) Fix driver producing garbage data when SCSI errors occur scsi_execute_cmd() function can return both negative (linux codes) and positive (scsi_cmnd result field) error codes. Currently the d | |
| CVE-2024-57946 | Med | 5.5 | < 6.4.0-150600.23.38.1 | 6.4.0-150600.23.38.1 | Jan 21, 2025 | In the Linux kernel, the following vulnerability has been resolved: virtio-blk: don't keep queue frozen during system suspend Commit 4ce6e2db00de ("virtio-blk: Ensure no requests in virtqueues before deleting vqs.") replaces queue quiesce with queue freeze in virtio-blk's PM ca | |
| CVE-2024-57940 | Med | 5.5 | < 6.4.0-150600.23.38.1 | 6.4.0-150600.23.38.1 | Jan 21, 2025 | In the Linux kernel, the following vulnerability has been resolved: exfat: fix the infinite loop in exfat_readdir() If the file system is corrupted so that a cluster is linked to itself in the cluster chain, and there is an unused directory entry in the cluster, 'dentry' will n | |
| CVE-2024-57938 | Med | 5.5 | < 6.4.0-150600.23.38.1 | 6.4.0-150600.23.38.1 | Jan 21, 2025 | In the Linux kernel, the following vulnerability has been resolved: net/sctp: Prevent autoclose integer overflow in sctp_association_init() While by default max_autoclose equals to INT_MAX / HZ, one may set net.sctp.max_autoclose to UINT_MAX. There is code in sctp_association_i | |
| CVE-2024-57936 | Med | 5.5 | < 6.4.0-150600.23.38.1 | 6.4.0-150600.23.38.1 | Jan 21, 2025 | In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxt_re: Fix max SGEs for the Work Request Gen P7 supports up to 13 SGEs for now. WQE software structure can hold only 6 now. Since the max send sge is reported as 13, the stack can give requests up to 13 | |
| CVE-2024-57935 | Med | 5.5 | < 6.4.0-150600.23.38.1 | 6.4.0-150600.23.38.1 | Jan 21, 2025 | In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix accessing invalid dip_ctx during destroying QP If it fails to modify QP to RTR, dip_ctx will not be attached. And during detroying QP, the invalid dip_ctx pointer will be accessed. | |
| CVE-2024-57933 | Med | 5.5 | < 6.4.0-150600.23.38.1 | 6.4.0-150600.23.38.1 | Jan 21, 2025 | In the Linux kernel, the following vulnerability has been resolved: gve: guard XSK operations on the existence of queues This patch predicates the enabling and disabling of XSK pools on the existence of queues. As it stands, if the interface is down, disabling or enabling XSK p | |
| CVE-2024-57932 | Med | 5.5 | < 6.4.0-150600.23.38.1 | 6.4.0-150600.23.38.1 | Jan 21, 2025 | In the Linux kernel, the following vulnerability has been resolved: gve: guard XDP xmit NDO on existence of xdp queues In GVE, dedicated XDP queues only exist when an XDP program is installed and the interface is up. As such, the NDO XDP XMIT callback should return early if eit | |
| CVE-2024-57931 | Med | 5.5 | < 6.4.0-150600.23.38.1 | 6.4.0-150600.23.38.1 | Jan 21, 2025 | In the Linux kernel, the following vulnerability has been resolved: selinux: ignore unknown extended permissions When evaluating extended permissions, ignore unknown permissions instead of calling BUG(). This commit ensures that future permissions can be added without interferi | |
| CVE-2025-21655 | Med | 4.7 | < 6.4.0-150600.23.38.1 | 6.4.0-150600.23.38.1 | Jan 20, 2025 | In the Linux kernel, the following vulnerability has been resolved: io_uring/eventfd: ensure io_eventfd_signal() defers another RCU period io_eventfd_do_signal() is invoked from an RCU callback, but when dropping the reference to the io_ev_fd, it calls io_eventfd_free() directl | |
| CVE-2023-52923 | Med | 5.5 | < 6.4.0-150600.23.38.1 | 6.4.0-150600.23.38.1 | Jan 20, 2025 | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: adapt set backend to use GC transaction API Use the GC transaction API to replace the old and buggy gc API and the busy mark approach. No set elements are removed from async garbage colle | |
| CVE-2024-57929 | Hig | 7.1 | < 6.4.0-150600.23.38.1 | 6.4.0-150600.23.38.1 | Jan 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: dm array: fix releasing a faulty array block twice in dm_array_cursor_end When dm_bm_read_lock() fails due to locking or checksum errors, it releases the faulty block implicitly while leaving an invalid output | |
| CVE-2024-57926 | Hig | 7.8 | < 6.4.0-150600.23.38.1 | 6.4.0-150600.23.38.1 | Jan 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Set private->all_drm_private[i]->drm to NULL if mtk_drm_bind returns err The pointer need to be set to NULL, otherwise KASAN complains about use-after-free. Because in mtk_drm_bind, all private's | |
| CVE-2024-57924 | Med | 5.5 | < 6.4.0-150600.23.50.1 | 6.4.0-150600.23.50.1 | Jan 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: fs: relax assertions on failure to encode file handles Encoding file handles is usually performed by a filesystem >encode_fh() method that may fail for various reasons. The legacy users of exportfs_encode_fh() | |
| CVE-2024-57922 | Med | 5.5 | < 6.4.0-150600.23.38.1 | 6.4.0-150600.23.38.1 | Jan 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add check for granularity in dml ceil/floor helpers [Why] Wrapper functions for dcn_bw_ceil2() and dcn_bw_floor2() should check for granularity is non zero to avoid assert and divide-by-zero er | |
| CVE-2024-57917 | Hig | 7.8 | < 6.4.0-150600.23.38.1 | 6.4.0-150600.23.38.1 | Jan 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: topology: Keep the cpumask unchanged when printing cpumap During fuzz testing, the following warning was discovered: different return values (15 and 11) from vsnprintf("%*pbl ", ...) test:keyward is WARNIN | |
| CVE-2024-57916 | Med | 5.5 | < 6.4.0-150600.23.38.1 | 6.4.0-150600.23.38.1 | Jan 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: misc: microchip: pci1xxxx: Resolve kernel panic during GPIO IRQ handling Resolve kernel panic caused by improper handling of IRQs while accessing GPIO values. This is done by replacing generic_handle_irq with h | |
| CVE-2024-57913 | Med | 4.7 | < 6.4.0-150600.23.38.1 | 6.4.0-150600.23.38.1 | Jan 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_fs: Remove WARN_ON in functionfs_bind This commit addresses an issue related to below kernel panic where panic_on_warn is enabled. It is caused by the unnecessary use of WARN_ON in functionsfs_bi |
- affected < 6.4.0-150600.23.47.2fixed 6.4.0-150600.23.47.2
In the Linux kernel, the following vulnerability has been resolved: netdev: prevent accessing NAPI instances from another namespace The NAPI IDs were not fully exposed to user space prior to the netlink API, so they were never namespaced. The netlink API must ensure that at the
- affected < 6.4.0-150600.23.60.4fixed 6.4.0-150600.23.60.4
In the Linux kernel, the following vulnerability has been resolved: btrfs: avoid NULL pointer dereference if no valid extent tree [BUG] Syzbot reported a crash with the following call trace: BTRFS info (device loop0): scrub: started on devid 1 BUG: kernel NULL pointer dere
- affected < 6.4.0-150600.23.38.1fixed 6.4.0-150600.23.38.1
In the Linux kernel, the following vulnerability has been resolved: hwmon: (drivetemp) Fix driver producing garbage data when SCSI errors occur scsi_execute_cmd() function can return both negative (linux codes) and positive (scsi_cmnd result field) error codes. Currently the d
- affected < 6.4.0-150600.23.38.1fixed 6.4.0-150600.23.38.1
In the Linux kernel, the following vulnerability has been resolved: virtio-blk: don't keep queue frozen during system suspend Commit 4ce6e2db00de ("virtio-blk: Ensure no requests in virtqueues before deleting vqs.") replaces queue quiesce with queue freeze in virtio-blk's PM ca
- affected < 6.4.0-150600.23.38.1fixed 6.4.0-150600.23.38.1
In the Linux kernel, the following vulnerability has been resolved: exfat: fix the infinite loop in exfat_readdir() If the file system is corrupted so that a cluster is linked to itself in the cluster chain, and there is an unused directory entry in the cluster, 'dentry' will n
- affected < 6.4.0-150600.23.38.1fixed 6.4.0-150600.23.38.1
In the Linux kernel, the following vulnerability has been resolved: net/sctp: Prevent autoclose integer overflow in sctp_association_init() While by default max_autoclose equals to INT_MAX / HZ, one may set net.sctp.max_autoclose to UINT_MAX. There is code in sctp_association_i
- affected < 6.4.0-150600.23.38.1fixed 6.4.0-150600.23.38.1
In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxt_re: Fix max SGEs for the Work Request Gen P7 supports up to 13 SGEs for now. WQE software structure can hold only 6 now. Since the max send sge is reported as 13, the stack can give requests up to 13
- affected < 6.4.0-150600.23.38.1fixed 6.4.0-150600.23.38.1
In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix accessing invalid dip_ctx during destroying QP If it fails to modify QP to RTR, dip_ctx will not be attached. And during detroying QP, the invalid dip_ctx pointer will be accessed.
- affected < 6.4.0-150600.23.38.1fixed 6.4.0-150600.23.38.1
In the Linux kernel, the following vulnerability has been resolved: gve: guard XSK operations on the existence of queues This patch predicates the enabling and disabling of XSK pools on the existence of queues. As it stands, if the interface is down, disabling or enabling XSK p
- affected < 6.4.0-150600.23.38.1fixed 6.4.0-150600.23.38.1
In the Linux kernel, the following vulnerability has been resolved: gve: guard XDP xmit NDO on existence of xdp queues In GVE, dedicated XDP queues only exist when an XDP program is installed and the interface is up. As such, the NDO XDP XMIT callback should return early if eit
- affected < 6.4.0-150600.23.38.1fixed 6.4.0-150600.23.38.1
In the Linux kernel, the following vulnerability has been resolved: selinux: ignore unknown extended permissions When evaluating extended permissions, ignore unknown permissions instead of calling BUG(). This commit ensures that future permissions can be added without interferi
- affected < 6.4.0-150600.23.38.1fixed 6.4.0-150600.23.38.1
In the Linux kernel, the following vulnerability has been resolved: io_uring/eventfd: ensure io_eventfd_signal() defers another RCU period io_eventfd_do_signal() is invoked from an RCU callback, but when dropping the reference to the io_ev_fd, it calls io_eventfd_free() directl
- affected < 6.4.0-150600.23.38.1fixed 6.4.0-150600.23.38.1
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: adapt set backend to use GC transaction API Use the GC transaction API to replace the old and buggy gc API and the busy mark approach. No set elements are removed from async garbage colle
- affected < 6.4.0-150600.23.38.1fixed 6.4.0-150600.23.38.1
In the Linux kernel, the following vulnerability has been resolved: dm array: fix releasing a faulty array block twice in dm_array_cursor_end When dm_bm_read_lock() fails due to locking or checksum errors, it releases the faulty block implicitly while leaving an invalid output
- affected < 6.4.0-150600.23.38.1fixed 6.4.0-150600.23.38.1
In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Set private->all_drm_private[i]->drm to NULL if mtk_drm_bind returns err The pointer need to be set to NULL, otherwise KASAN complains about use-after-free. Because in mtk_drm_bind, all private's
- affected < 6.4.0-150600.23.50.1fixed 6.4.0-150600.23.50.1
In the Linux kernel, the following vulnerability has been resolved: fs: relax assertions on failure to encode file handles Encoding file handles is usually performed by a filesystem >encode_fh() method that may fail for various reasons. The legacy users of exportfs_encode_fh()
- affected < 6.4.0-150600.23.38.1fixed 6.4.0-150600.23.38.1
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add check for granularity in dml ceil/floor helpers [Why] Wrapper functions for dcn_bw_ceil2() and dcn_bw_floor2() should check for granularity is non zero to avoid assert and divide-by-zero er
- affected < 6.4.0-150600.23.38.1fixed 6.4.0-150600.23.38.1
In the Linux kernel, the following vulnerability has been resolved: topology: Keep the cpumask unchanged when printing cpumap During fuzz testing, the following warning was discovered: different return values (15 and 11) from vsnprintf("%*pbl ", ...) test:keyward is WARNIN
- affected < 6.4.0-150600.23.38.1fixed 6.4.0-150600.23.38.1
In the Linux kernel, the following vulnerability has been resolved: misc: microchip: pci1xxxx: Resolve kernel panic during GPIO IRQ handling Resolve kernel panic caused by improper handling of IRQs while accessing GPIO values. This is done by replacing generic_handle_irq with h
- affected < 6.4.0-150600.23.38.1fixed 6.4.0-150600.23.38.1
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_fs: Remove WARN_ON in functionfs_bind This commit addresses an issue related to below kernel panic where panic_on_warn is enabled. It is caused by the unnecessary use of WARN_ON in functionsfs_bi
Page 76 of 188