suse/kernel-azure&distro=SUSE Linux Enterprise Module for Public Cloud 15 SP7

Vulnerabilities (2,269)

• CVE-2025-21836Mar 7, 2025
  affected < 6.4.0-150700.20.3.1fixed 6.4.0-150700.20.3.1

  In the Linux kernel, the following vulnerability has been resolved: io_uring/kbuf: reallocate buf lists on upgrade IORING_REGISTER_PBUF_RING can reuse an old struct io_buffer_list if it was created for legacy selected buffer and has been emptied. It violates the requirement tha

• CVE-2025-21833Mar 6, 2025
  affected < 6.4.0-150700.20.3.1fixed 6.4.0-150700.20.3.1

  In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Avoid use of NULL after WARN_ON_ONCE There is a WARN_ON_ONCE to catch an unlikely situation when domain_remove_dev_pasid can't find the `pasid`. In case it nevertheless happens we must avoid using a

• CVE-2025-21832Mar 6, 2025
  affected < 6.4.0-150700.20.3.1fixed 6.4.0-150700.20.3.1

  In the Linux kernel, the following vulnerability has been resolved: block: don't revert iter for -EIOCBQUEUED blkdev_read_iter() has a few odd checks, like gating the position and count adjustment on whether or not the result is bigger-than-or-equal to zero (where bigger than m

• CVE-2024-58071MedMar 6, 2025
  affected < 6.4.0-150700.20.3.1fixed 6.4.0-150700.20.3.1

  In the Linux kernel, the following vulnerability has been resolved: team: prevent adding a device which is already a team device lower Prevent adding a device which is already a team device lower, e.g. adding veth0 if vlan1 was already added and veth0 is a lower of vlan1. This

• CVE-2024-58083Mar 6, 2025
  affected < 6.4.0-150700.20.3.1fixed 6.4.0-150700.20.3.1

  In the Linux kernel, the following vulnerability has been resolved: KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() Explicitly verify the target vCPU is fully online _prior_ to clamping the index in kvm_get_vcpu(). If the index is "bad", the nospec clamping will

• CVE-2024-58077Mar 6, 2025
  affected < 6.4.0-150700.20.6.1fixed 6.4.0-150700.20.6.1

  In the Linux kernel, the following vulnerability has been resolved: ASoC: soc-pcm: don't use soc_pcm_ret() on .prepare callback commit 1f5664351410 ("ASoC: lower "no backend DAIs enabled for ... Port" log severity") ignores -EINVAL error message on common soc_pcm_ret(). It is u

• CVE-2024-58074Mar 6, 2025
  affected < 6.4.0-150700.20.3.1fixed 6.4.0-150700.20.3.1

  In the Linux kernel, the following vulnerability has been resolved: drm/i915: Grab intel_display from the encoder to avoid potential oopsies Grab the intel_display from 'encoder' rather than 'state' in the encoder hooks to avoid the massive footgun that is intel_sanitize_encode

• CVE-2024-58070Mar 6, 2025
  affected < 6.4.0-150700.20.3.1fixed 6.4.0-150700.20.3.1

  In the Linux kernel, the following vulnerability has been resolved: bpf: bpf_local_storage: Always use bpf_mem_alloc in PREEMPT_RT In PREEMPT_RT, kmalloc(GFP_ATOMIC) is still not safe in non preemptible context. bpf_mem_alloc must be used in PREEMPT_RT. This patch is to enforce

• CVE-2024-58068Mar 6, 2025
  affected < 6.4.0-150700.20.3.1fixed 6.4.0-150700.20.3.1

  In the Linux kernel, the following vulnerability has been resolved: OPP: fix dev_pm_opp_find_bw_*() when bandwidth table not initialized If a driver calls dev_pm_opp_find_bw_ceil/floor() the retrieve bandwidth from the OPP table but the bandwidth table was not created because t

• CVE-2024-58062Mar 6, 2025
  affected < 6.4.0-150700.20.6.1fixed 6.4.0-150700.20.6.1

  In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: avoid NULL pointer dereference When iterating over the links of a vif, we need to make sure that the pointer is valid (in other words - that the link exists) before dereferncing it. Use for_

• CVE-2024-58053Mar 6, 2025
  affected < 6.4.0-150700.20.6.1fixed 6.4.0-150700.20.6.1

  In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix handling of received connection abort Fix the handling of a connection abort that we've received. Though the abort is at the connection level, it needs propagating to the calls on that connection.

• CVE-2025-21814MedFeb 27, 2025
  affected < 6.4.0-150700.20.3.1fixed 6.4.0-150700.20.3.1

  In the Linux kernel, the following vulnerability has been resolved: ptp: Ensure info->enable callback is always set The ioctl and sysfs handlers unconditionally call the ->enable callback. Not all drivers implement that callback, leading to NULL dereferences. Example of affecte

• CVE-2025-21806MedFeb 27, 2025
  affected < 6.4.0-150700.20.3.1fixed 6.4.0-150700.20.3.1

  In the Linux kernel, the following vulnerability has been resolved: net: let net.core.dev_weight always be non-zero The following problem was encountered during stability test: (NULL net_device): NAPI poll function process_backlog+0x0/0x530 \ returned 1, exceeding its budget

• CVE-2025-21824Feb 27, 2025
  affected < 6.4.0-150700.20.6.1fixed 6.4.0-150700.20.6.1

  In the Linux kernel, the following vulnerability has been resolved: gpu: host1x: Fix a use of uninitialized mutex commit c8347f915e67 ("gpu: host1x: Fix boot regression for Tegra") caused a use of uninitialized mutex leading to below warning when CONFIG_DEBUG_MUTEXES and CONFIG

• CVE-2025-21821Feb 27, 2025
  affected < 6.4.0-150700.20.3.1fixed 6.4.0-150700.20.3.1

  In the Linux kernel, the following vulnerability has been resolved: fbdev: omap: use threaded IRQ for LCD DMA When using touchscreen and framebuffer, Nokia 770 crashes easily with: BUG: scheduling while atomic: irq/144-ads7846/82/0x00010000 Modules linked in: usb_f_ecm

• CVE-2025-21812Feb 27, 2025
  affected < 6.4.0-150700.20.3.1fixed 6.4.0-150700.20.3.1

  In the Linux kernel, the following vulnerability has been resolved: ax25: rcu protect dev->ax25_ptr syzbot found a lockdep issue [1]. We should remove ax25 RTNL dependency in ax25_setsockopt() This should also fix a variety of possible UAF in ax25. [1] WARNING: possible cir

• CVE-2025-21808Feb 27, 2025
  affected < 6.4.0-150700.20.3.1fixed 6.4.0-150700.20.3.1

  In the Linux kernel, the following vulnerability has been resolved: net: xdp: Disallow attaching device-bound programs in generic mode Device-bound programs are used to support RX metadata kfuncs. These kfuncs are driver-specific and rely on the driver context to read the metad

• CVE-2025-21805Feb 27, 2025
  affected < 6.4.0-150700.20.6.1fixed 6.4.0-150700.20.6.1

  In the Linux kernel, the following vulnerability has been resolved: RDMA/rtrs: Add missing deinit() call A warning is triggered when repeatedly connecting and disconnecting the rnbd: list_add corruption. prev->next should be next (ffff88800b13e480), but was ffff88801ecd1338. (

• CVE-2025-21800Feb 27, 2025
  affected < 6.4.0-150700.20.3.1fixed 6.4.0-150700.20.3.1

  In the Linux kernel, the following vulnerability has been resolved: net/mlx5: HWS, fix definer's HWS_SET32 macro for negative offset When bit offset for HWS_SET32 macro is negative, UBSAN complains about the shift-out-of-bounds: UBSAN: shift-out-of-bounds in drivers/net/et

• CVE-2025-21796HigFeb 27, 2025
  affected < 6.4.0-150700.20.3.1fixed 6.4.0-150700.20.3.1

  In the Linux kernel, the following vulnerability has been resolved: nfsd: clear acl_access/acl_default after releasing them If getting acl_default fails, acl_access and acl_default will be released simultaneously. However, acl_access will still retain a pointer pointing to the