rpm package
suse/kernel-64kb&distro=SUSE Linux Enterprise Server 15 SP6-LTSS
pkg:rpm/suse/kernel-64kb&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP6-LTSS
Vulnerabilities (421)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-23001 | Hig | 7.8 | < 6.4.0-150600.23.87.1 | 6.4.0-150600.23.87.1 | Jan 25, 2026 | In the Linux kernel, the following vulnerability has been resolved: macvlan: fix possible UAF in macvlan_forward_source() Add RCU protection on (struct macvlan_source_entry)->vlan. Whenever macvlan_hash_del_source() is called, we must clear entry->vlan pointer before RCU grace | |
| CVE-2026-22999 | Hig | 7.8 | < 6.4.0-150600.23.87.1 | 6.4.0-150600.23.87.1 | Jan 25, 2026 | In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_qfq: do not free existing class in qfq_change_class() Fixes qfq_change_class() error case. cl->qdisc and cl should only be freed if a new class and qdisc were allocated, or we risk various UAF. | |
| CVE-2025-71147 | — | < 6.4.0-150600.23.87.1 | 6.4.0-150600.23.87.1 | Jan 23, 2026 | In the Linux kernel, the following vulnerability has been resolved: KEYS: trusted: Fix a memory leak in tpm2_load_cmd 'tpm2_load_cmd' allocates a tempoary blob indirectly via 'tpm2_key_decode' but it is not freed in the failure paths. Address this by wrapping the blob into with | ||
| CVE-2025-71136 | — | < 6.4.0-150600.23.87.1 | 6.4.0-150600.23.87.1 | Jan 14, 2026 | In the Linux kernel, the following vulnerability has been resolved: media: adv7842: Avoid possible out-of-bounds array accesses in adv7842_cp_log_status() It's possible for cp_read() and hdmi_read() to return -EIO. Those values are further used as indexes for accessing arrays. | ||
| CVE-2025-71120 | — | < 6.4.0-150600.23.87.1 | 6.4.0-150600.23.87.1 | Jan 14, 2026 | In the Linux kernel, the following vulnerability has been resolved: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf A zero length gss_token results in pages == 0 and in_token->pages[0] is NULL. The code unconditionally evaluates page_addres | ||
| CVE-2025-71113 | — | < 6.4.0-150600.23.92.1 | 6.4.0-150600.23.92.1 | Jan 14, 2026 | In the Linux kernel, the following vulnerability has been resolved: crypto: af_alg - zero initialize memory allocated via sock_kmalloc Several crypto user API contexts and requests allocated with sock_kmalloc() were left uninitialized, relying on callers to set fields explicitl | ||
| CVE-2025-71112 | — | < 6.4.0-150600.23.87.1 | 6.4.0-150600.23.87.1 | Jan 14, 2026 | In the Linux kernel, the following vulnerability has been resolved: net: hns3: add VLAN id validation before using Currently, the VLAN id may be used without validation when receive a VLAN configuration mailbox from VF. The length of vlan_del_fail_bmap is BITS_TO_LONGS(VLAN_N_V | ||
| CVE-2025-71111 | — | < 6.4.0-150600.23.87.1 | 6.4.0-150600.23.87.1 | Jan 14, 2026 | In the Linux kernel, the following vulnerability has been resolved: hwmon: (w83791d) Convert macros to functions to avoid TOCTOU The macro FAN_FROM_REG evaluates its arguments multiple times. When used in lockless contexts involving shared driver data, this leads to Time-of-Che | ||
| CVE-2025-71089 | Hig | 7.8 | < 6.4.0-150600.23.87.1 | 6.4.0-150600.23.87.1 | Jan 13, 2026 | In the Linux kernel, the following vulnerability has been resolved: iommu: disable SVA when CONFIG_X86 is set Patch series "Fix stale IOTLB entries for kernel address space", v7. This proposes a fix for a security vulnerability related to IOMMU Shared Virtual Addressing (SVA). | |
| CVE-2025-71066 | Hig | 7.5 | < 6.4.0-150600.23.92.1 | 6.4.0-150600.23.92.1 | Jan 13, 2026 | In the Linux kernel, the following vulnerability has been resolved: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change zdi-disclosures@trendmicro.com says: The vulnerability is a race condition between `ets_qdisc_dequeue` and `ets_qdisc_ch | |
| CVE-2025-68819 | — | < 6.4.0-150600.23.87.1 | 6.4.0-150600.23.87.1 | Jan 13, 2026 | In the Linux kernel, the following vulnerability has been resolved: media: dvb-usb: dtv5100: fix out-of-bounds in dtv5100_i2c_msg() rlen value is a user-controlled value, but dtv5100_i2c_msg() does not check the size of the rlen value. Therefore, if it is set to a value larger | ||
| CVE-2025-68813 | — | < 6.4.0-150600.23.87.1 | 6.4.0-150600.23.87.1 | Jan 13, 2026 | In the Linux kernel, the following vulnerability has been resolved: ipvs: fix ipv4 null-ptr-deref in route error path The IPv4 code path in __ip_vs_get_out_rt() calls dst_link_failure() without ensuring skb->dev is set, leading to a NULL pointer dereference in fib_compute_spec_ | ||
| CVE-2025-68808 | — | < 6.4.0-150600.23.87.1 | 6.4.0-150600.23.87.1 | Jan 13, 2026 | In the Linux kernel, the following vulnerability has been resolved: media: vidtv: initialize local pointers upon transfer of memory ownership vidtv_channel_si_init() creates a temporary list (program, service, event) and ownership of the memory itself is transferred to the PAT/ | ||
| CVE-2025-68804 | — | < 6.4.0-150600.23.87.1 | 6.4.0-150600.23.87.1 | Jan 13, 2026 | In the Linux kernel, the following vulnerability has been resolved: platform/chrome: cros_ec_ishtp: Fix UAF after unbinding driver After unbinding the driver, another kthread `cros_ec_console_log_work` is still accessing the device, resulting an UAF and crash. The driver doesn | ||
| CVE-2025-68775 | — | < 6.4.0-150600.23.87.1 | 6.4.0-150600.23.87.1 | Jan 13, 2026 | In the Linux kernel, the following vulnerability has been resolved: net/handshake: duplicate handshake cancellations leak socket When a handshake request is cancelled it is removed from the handshake_net->hn_requests list, but it is still present in the handshake_rhashtbl until | ||
| CVE-2025-71085 | — | < 6.4.0-150600.23.87.1 | 6.4.0-150600.23.87.1 | Jan 13, 2026 | In the Linux kernel, the following vulnerability has been resolved: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() There exists a kernel oops caused by a BUG_ON(nhead < 0) at net/core/skbuff.c:2232 in pskb_expand_head(). This bug is triggered as part of t | ||
| CVE-2025-71083 | — | < 6.4.0-150600.23.87.1 | 6.4.0-150600.23.87.1 | Jan 13, 2026 | In the Linux kernel, the following vulnerability has been resolved: drm/ttm: Avoid NULL pointer deref for evicted BOs It is possible for a BO to exist that is not currently associated with a resource, e.g. because it has been evicted. When devcoredump tries to read the content | ||
| CVE-2025-71081 | — | < 6.4.0-150600.23.87.1 | 6.4.0-150600.23.87.1 | Jan 13, 2026 | In the Linux kernel, the following vulnerability has been resolved: ASoC: stm32: sai: fix OF node leak on probe The reference taken to the sync provider OF node when probing the platform device is currently only dropped if the set_sync() callback fails during DAI probe. Make s | ||
| CVE-2025-71078 | — | < 6.4.0-150600.23.87.1 | 6.4.0-150600.23.87.1 | Jan 13, 2026 | In the Linux kernel, the following vulnerability has been resolved: powerpc/64s/slb: Fix SLB multihit issue during SLB preload On systems using the hash MMU, there is a software SLB preload cache that mirrors the entries loaded into the hardware SLB buffer. This preload cache i | ||
| CVE-2025-68766 | — | < 6.4.0-150600.23.84.1 | 6.4.0-150600.23.84.1 | Jan 5, 2026 | In the Linux kernel, the following vulnerability has been resolved: irqchip/mchp-eic: Fix error code in mchp_eic_domain_alloc() If irq_domain_translate_twocell() sets "hwirq" to >= MCHP_EIC_NIRQ (2) then it results in an out of bounds access. The code checks for invalid values |
- affected < 6.4.0-150600.23.87.1fixed 6.4.0-150600.23.87.1
In the Linux kernel, the following vulnerability has been resolved: macvlan: fix possible UAF in macvlan_forward_source() Add RCU protection on (struct macvlan_source_entry)->vlan. Whenever macvlan_hash_del_source() is called, we must clear entry->vlan pointer before RCU grace
- affected < 6.4.0-150600.23.87.1fixed 6.4.0-150600.23.87.1
In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_qfq: do not free existing class in qfq_change_class() Fixes qfq_change_class() error case. cl->qdisc and cl should only be freed if a new class and qdisc were allocated, or we risk various UAF.
- CVE-2025-71147Jan 23, 2026affected < 6.4.0-150600.23.87.1fixed 6.4.0-150600.23.87.1
In the Linux kernel, the following vulnerability has been resolved: KEYS: trusted: Fix a memory leak in tpm2_load_cmd 'tpm2_load_cmd' allocates a tempoary blob indirectly via 'tpm2_key_decode' but it is not freed in the failure paths. Address this by wrapping the blob into with
- CVE-2025-71136Jan 14, 2026affected < 6.4.0-150600.23.87.1fixed 6.4.0-150600.23.87.1
In the Linux kernel, the following vulnerability has been resolved: media: adv7842: Avoid possible out-of-bounds array accesses in adv7842_cp_log_status() It's possible for cp_read() and hdmi_read() to return -EIO. Those values are further used as indexes for accessing arrays.
- CVE-2025-71120Jan 14, 2026affected < 6.4.0-150600.23.87.1fixed 6.4.0-150600.23.87.1
In the Linux kernel, the following vulnerability has been resolved: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf A zero length gss_token results in pages == 0 and in_token->pages[0] is NULL. The code unconditionally evaluates page_addres
- CVE-2025-71113Jan 14, 2026affected < 6.4.0-150600.23.92.1fixed 6.4.0-150600.23.92.1
In the Linux kernel, the following vulnerability has been resolved: crypto: af_alg - zero initialize memory allocated via sock_kmalloc Several crypto user API contexts and requests allocated with sock_kmalloc() were left uninitialized, relying on callers to set fields explicitl
- CVE-2025-71112Jan 14, 2026affected < 6.4.0-150600.23.87.1fixed 6.4.0-150600.23.87.1
In the Linux kernel, the following vulnerability has been resolved: net: hns3: add VLAN id validation before using Currently, the VLAN id may be used without validation when receive a VLAN configuration mailbox from VF. The length of vlan_del_fail_bmap is BITS_TO_LONGS(VLAN_N_V
- CVE-2025-71111Jan 14, 2026affected < 6.4.0-150600.23.87.1fixed 6.4.0-150600.23.87.1
In the Linux kernel, the following vulnerability has been resolved: hwmon: (w83791d) Convert macros to functions to avoid TOCTOU The macro FAN_FROM_REG evaluates its arguments multiple times. When used in lockless contexts involving shared driver data, this leads to Time-of-Che
- affected < 6.4.0-150600.23.87.1fixed 6.4.0-150600.23.87.1
In the Linux kernel, the following vulnerability has been resolved: iommu: disable SVA when CONFIG_X86 is set Patch series "Fix stale IOTLB entries for kernel address space", v7. This proposes a fix for a security vulnerability related to IOMMU Shared Virtual Addressing (SVA).
- affected < 6.4.0-150600.23.92.1fixed 6.4.0-150600.23.92.1
In the Linux kernel, the following vulnerability has been resolved: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change zdi-disclosures@trendmicro.com says: The vulnerability is a race condition between `ets_qdisc_dequeue` and `ets_qdisc_ch
- CVE-2025-68819Jan 13, 2026affected < 6.4.0-150600.23.87.1fixed 6.4.0-150600.23.87.1
In the Linux kernel, the following vulnerability has been resolved: media: dvb-usb: dtv5100: fix out-of-bounds in dtv5100_i2c_msg() rlen value is a user-controlled value, but dtv5100_i2c_msg() does not check the size of the rlen value. Therefore, if it is set to a value larger
- CVE-2025-68813Jan 13, 2026affected < 6.4.0-150600.23.87.1fixed 6.4.0-150600.23.87.1
In the Linux kernel, the following vulnerability has been resolved: ipvs: fix ipv4 null-ptr-deref in route error path The IPv4 code path in __ip_vs_get_out_rt() calls dst_link_failure() without ensuring skb->dev is set, leading to a NULL pointer dereference in fib_compute_spec_
- CVE-2025-68808Jan 13, 2026affected < 6.4.0-150600.23.87.1fixed 6.4.0-150600.23.87.1
In the Linux kernel, the following vulnerability has been resolved: media: vidtv: initialize local pointers upon transfer of memory ownership vidtv_channel_si_init() creates a temporary list (program, service, event) and ownership of the memory itself is transferred to the PAT/
- CVE-2025-68804Jan 13, 2026affected < 6.4.0-150600.23.87.1fixed 6.4.0-150600.23.87.1
In the Linux kernel, the following vulnerability has been resolved: platform/chrome: cros_ec_ishtp: Fix UAF after unbinding driver After unbinding the driver, another kthread `cros_ec_console_log_work` is still accessing the device, resulting an UAF and crash. The driver doesn
- CVE-2025-68775Jan 13, 2026affected < 6.4.0-150600.23.87.1fixed 6.4.0-150600.23.87.1
In the Linux kernel, the following vulnerability has been resolved: net/handshake: duplicate handshake cancellations leak socket When a handshake request is cancelled it is removed from the handshake_net->hn_requests list, but it is still present in the handshake_rhashtbl until
- CVE-2025-71085Jan 13, 2026affected < 6.4.0-150600.23.87.1fixed 6.4.0-150600.23.87.1
In the Linux kernel, the following vulnerability has been resolved: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() There exists a kernel oops caused by a BUG_ON(nhead < 0) at net/core/skbuff.c:2232 in pskb_expand_head(). This bug is triggered as part of t
- CVE-2025-71083Jan 13, 2026affected < 6.4.0-150600.23.87.1fixed 6.4.0-150600.23.87.1
In the Linux kernel, the following vulnerability has been resolved: drm/ttm: Avoid NULL pointer deref for evicted BOs It is possible for a BO to exist that is not currently associated with a resource, e.g. because it has been evicted. When devcoredump tries to read the content
- CVE-2025-71081Jan 13, 2026affected < 6.4.0-150600.23.87.1fixed 6.4.0-150600.23.87.1
In the Linux kernel, the following vulnerability has been resolved: ASoC: stm32: sai: fix OF node leak on probe The reference taken to the sync provider OF node when probing the platform device is currently only dropped if the set_sync() callback fails during DAI probe. Make s
- CVE-2025-71078Jan 13, 2026affected < 6.4.0-150600.23.87.1fixed 6.4.0-150600.23.87.1
In the Linux kernel, the following vulnerability has been resolved: powerpc/64s/slb: Fix SLB multihit issue during SLB preload On systems using the hash MMU, there is a software SLB preload cache that mirrors the entries loaded into the hardware SLB buffer. This preload cache i
- CVE-2025-68766Jan 5, 2026affected < 6.4.0-150600.23.84.1fixed 6.4.0-150600.23.84.1
In the Linux kernel, the following vulnerability has been resolved: irqchip/mchp-eic: Fix error code in mchp_eic_domain_alloc() If irq_domain_translate_twocell() sets "hwirq" to >= MCHP_EIC_NIRQ (2) then it results in an out of bounds access. The code checks for invalid values
Page 3 of 22