rpm package
suse/kernel-azure&distro=SUSE Linux Enterprise Module for Public Cloud 15 SP7
pkg:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP7
Vulnerabilities (2,372)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-38205 | Med | 5.5 | < 6.4.0-150700.20.15.2 | 6.4.0-150700.20.15.2 | Jul 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Avoid divide by zero by initializing dummy pitch to 1 [Why] If the dummy values in `populate_dummy_dml_surface_cfg()` aren't updated then they can lead to a divide by zero in downstream callers | |
| CVE-2025-38204 | Hig | 7.1 | < 6.4.0-150700.20.11.1 | 6.4.0-150700.20.11.1 | Jul 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: jfs: fix array-index-out-of-bounds read in add_missing_indices stbl is s8 but it must contain offsets into slot which can go from 0 to 127. Added a bound check for that error and return -EIO if the check fails | |
| CVE-2025-38203 | Med | 5.5 | < 6.4.0-150700.20.11.1 | 6.4.0-150700.20.11.1 | Jul 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: jfs: Fix null-ptr-deref in jfs_ioc_trim [ Syzkaller Report ] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000087: 0000 [#1 KASAN: null-ptr-deref in range [0x0000000000000438-0 | |
| CVE-2025-38202 | Med | 5.5 | < 6.4.0-150700.20.11.1 | 6.4.0-150700.20.11.1 | Jul 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: bpf: Check rcu_read_lock_trace_held() in bpf_map_lookup_percpu_elem() bpf_map_lookup_percpu_elem() helper is also available for sleepable bpf program. When BPF JIT is disabled or under 32-bit host, bpf_map_look | |
| CVE-2025-38201 | Hig | 7.8 | < 6.4.0-150700.20.15.2 | 6.4.0-150700.20.15.2 | Jul 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo: clamp maximum map bucket size to INT_MAX Otherwise, it is possible to hit WARN_ON_ONCE in __kvmalloc_node_noprof() when resizing hashtable because __GFP_NOWARN is unset. Similar to: | |
| CVE-2025-38200 | Med | 5.5 | < 6.4.0-150700.20.11.1 | 6.4.0-150700.20.11.1 | Jul 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: i40e: fix MMIO write access to an invalid page in i40e_clear_hw When the device sends a specific input, an integer underflow can occur, leading to MMIO write access to an invalid page. Prevent the integer unde | |
| CVE-2025-38198 | Hig | 7.8 | < 6.4.0-150700.20.11.1 | 6.4.0-150700.20.11.1 | Jul 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: fbcon: Make sure modelist not set on unregistered console It looks like attempting to write to the "store_modes" sysfs node will run afoul of unregistered consoles: UBSAN: array-index-out-of-bounds in drivers/ | |
| CVE-2025-38197 | Med | 5.5 | < 6.4.0-150700.20.11.1 | 6.4.0-150700.20.11.1 | Jul 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell_rbu: Fix list usage Pass the correct list head to list_for_each_entry*() when looping through the packet list. Without this patch, reading the packet data via sysfs will show the data incorr | |
| CVE-2025-38194 | Med | 5.5 | < 6.4.0-150700.20.11.1 | 6.4.0-150700.20.11.1 | Jul 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: jffs2: check that raw node were preallocated before writing summary Syzkaller detected a kernel bug in jffs2_link_node_ref, caused by fault injection in jffs2_prealloc_raw_node_refs. jffs2_sum_write_sumnode doe | |
| CVE-2025-38193 | Med | 5.5 | < 6.4.0-150700.20.11.1 | 6.4.0-150700.20.11.1 | Jul 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: net_sched: sch_sfq: reject invalid perturb period Gerrard Tai reported that SFQ perturb_period has no range check yet, and this can be used to trigger a race condition fixed in a separate patch. We want to mak | |
| CVE-2025-38192 | Med | 5.5 | < 6.4.0-150700.20.11.1 | 6.4.0-150700.20.11.1 | Jul 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: net: clear the dst when changing skb protocol A not-so-careful NAT46 BPF program can crash the kernel if it indiscriminately flips ingress packets from v4 to v6: BUG: kernel NULL pointer dereference, address | |
| CVE-2025-38190 | Med | 5.5 | < 6.4.0-150700.20.15.2 | 6.4.0-150700.20.15.2 | Jul 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: atm: Revert atm_account_tx() if copy_from_iter_full() fails. In vcc_sendmsg(), we account skb->truesize to sk->sk_wmem_alloc by atm_account_tx(). It is expected to be reverted by atm_pop_raw() later called by | |
| CVE-2025-38189 | Med | 5.5 | < 6.4.0-150700.20.11.1 | 6.4.0-150700.20.11.1 | Jul 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Avoid NULL pointer dereference in `v3d_job_update_stats()` The following kernel Oops was recently reported by Mesa CI: [ 800.139824] Unable to handle kernel NULL pointer dereference at virtual addres | |
| CVE-2025-38188 | Med | 5.5 | < 6.4.0-150700.20.11.1 | 6.4.0-150700.20.11.1 | Jul 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: drm/msm/a7xx: Call CP_RESET_CONTEXT_STATE Calling this packet is necessary when we switch contexts because there are various pieces of state used by userspace to synchronize between BR and BV that are persisten | |
| CVE-2025-38187 | Hig | 7.8 | < 6.4.0-150700.20.11.1 | 6.4.0-150700.20.11.1 | Jul 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fix a use-after-free in r535_gsp_rpc_push() The RPC container is released after being passed to r535_gsp_rpc_send(). When sending the initial fragment of a large RPC and passing the caller's RPC c | |
| CVE-2025-38186 | Med | 5.5 | < 6.4.0-150700.20.11.1 | 6.4.0-150700.20.11.1 | Jul 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix double invocation of bnxt_ulp_stop()/bnxt_ulp_start() Before the commit under the Fixes tag below, bnxt_ulp_stop() and bnxt_ulp_start() were always invoked in pairs. After that commit, the new bnx | |
| CVE-2025-38185 | Med | 5.5 | < 6.4.0-150700.20.15.2 | 6.4.0-150700.20.15.2 | Jul 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: atm: atmtcp: Free invalid length skb in atmtcp_c_send(). syzbot reported the splat below. [0] vcc_sendmsg() copies data passed from userspace to skb and passes it to vcc->dev->ops->send(). atmtcp_c_send() acc | |
| CVE-2025-38184 | Med | 5.5 | < 6.4.0-150700.20.15.2 | 6.4.0-150700.20.15.2 | Jul 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer The reproduction steps: 1. create a tun interface 2. enable l2 bearer 3. TIPC_NL_UDP_GET_REMOTEIP with media name set to tun tipc: Started i | |
| CVE-2025-38183 | Hig | 7.8 | < 6.4.0-150700.20.11.1 | 6.4.0-150700.20.11.1 | Jul 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: net: lan743x: fix potential out-of-bounds write in lan743x_ptp_io_event_clock_get() Before calling lan743x_ptp_io_event_clock_get(), the 'channel' value is checked against the maximum value of PCI11X1X_PTP_IO_M | |
| CVE-2025-38182 | Hig | 7.8 | < 6.4.0-150700.20.11.1 | 6.4.0-150700.20.11.1 | Jul 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: ublk: santizize the arguments from userspace when adding a device Sanity check the values for queue depth and number of queues we get from userspace when adding a device. |
- affected < 6.4.0-150700.20.15.2fixed 6.4.0-150700.20.15.2
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Avoid divide by zero by initializing dummy pitch to 1 [Why] If the dummy values in `populate_dummy_dml_surface_cfg()` aren't updated then they can lead to a divide by zero in downstream callers
- affected < 6.4.0-150700.20.11.1fixed 6.4.0-150700.20.11.1
In the Linux kernel, the following vulnerability has been resolved: jfs: fix array-index-out-of-bounds read in add_missing_indices stbl is s8 but it must contain offsets into slot which can go from 0 to 127. Added a bound check for that error and return -EIO if the check fails
- affected < 6.4.0-150700.20.11.1fixed 6.4.0-150700.20.11.1
In the Linux kernel, the following vulnerability has been resolved: jfs: Fix null-ptr-deref in jfs_ioc_trim [ Syzkaller Report ] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000087: 0000 [#1 KASAN: null-ptr-deref in range [0x0000000000000438-0
- affected < 6.4.0-150700.20.11.1fixed 6.4.0-150700.20.11.1
In the Linux kernel, the following vulnerability has been resolved: bpf: Check rcu_read_lock_trace_held() in bpf_map_lookup_percpu_elem() bpf_map_lookup_percpu_elem() helper is also available for sleepable bpf program. When BPF JIT is disabled or under 32-bit host, bpf_map_look
- affected < 6.4.0-150700.20.15.2fixed 6.4.0-150700.20.15.2
In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo: clamp maximum map bucket size to INT_MAX Otherwise, it is possible to hit WARN_ON_ONCE in __kvmalloc_node_noprof() when resizing hashtable because __GFP_NOWARN is unset. Similar to:
- affected < 6.4.0-150700.20.11.1fixed 6.4.0-150700.20.11.1
In the Linux kernel, the following vulnerability has been resolved: i40e: fix MMIO write access to an invalid page in i40e_clear_hw When the device sends a specific input, an integer underflow can occur, leading to MMIO write access to an invalid page. Prevent the integer unde
- affected < 6.4.0-150700.20.11.1fixed 6.4.0-150700.20.11.1
In the Linux kernel, the following vulnerability has been resolved: fbcon: Make sure modelist not set on unregistered console It looks like attempting to write to the "store_modes" sysfs node will run afoul of unregistered consoles: UBSAN: array-index-out-of-bounds in drivers/
- affected < 6.4.0-150700.20.11.1fixed 6.4.0-150700.20.11.1
In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell_rbu: Fix list usage Pass the correct list head to list_for_each_entry*() when looping through the packet list. Without this patch, reading the packet data via sysfs will show the data incorr
- affected < 6.4.0-150700.20.11.1fixed 6.4.0-150700.20.11.1
In the Linux kernel, the following vulnerability has been resolved: jffs2: check that raw node were preallocated before writing summary Syzkaller detected a kernel bug in jffs2_link_node_ref, caused by fault injection in jffs2_prealloc_raw_node_refs. jffs2_sum_write_sumnode doe
- affected < 6.4.0-150700.20.11.1fixed 6.4.0-150700.20.11.1
In the Linux kernel, the following vulnerability has been resolved: net_sched: sch_sfq: reject invalid perturb period Gerrard Tai reported that SFQ perturb_period has no range check yet, and this can be used to trigger a race condition fixed in a separate patch. We want to mak
- affected < 6.4.0-150700.20.11.1fixed 6.4.0-150700.20.11.1
In the Linux kernel, the following vulnerability has been resolved: net: clear the dst when changing skb protocol A not-so-careful NAT46 BPF program can crash the kernel if it indiscriminately flips ingress packets from v4 to v6: BUG: kernel NULL pointer dereference, address
- affected < 6.4.0-150700.20.15.2fixed 6.4.0-150700.20.15.2
In the Linux kernel, the following vulnerability has been resolved: atm: Revert atm_account_tx() if copy_from_iter_full() fails. In vcc_sendmsg(), we account skb->truesize to sk->sk_wmem_alloc by atm_account_tx(). It is expected to be reverted by atm_pop_raw() later called by
- affected < 6.4.0-150700.20.11.1fixed 6.4.0-150700.20.11.1
In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Avoid NULL pointer dereference in `v3d_job_update_stats()` The following kernel Oops was recently reported by Mesa CI: [ 800.139824] Unable to handle kernel NULL pointer dereference at virtual addres
- affected < 6.4.0-150700.20.11.1fixed 6.4.0-150700.20.11.1
In the Linux kernel, the following vulnerability has been resolved: drm/msm/a7xx: Call CP_RESET_CONTEXT_STATE Calling this packet is necessary when we switch contexts because there are various pieces of state used by userspace to synchronize between BR and BV that are persisten
- affected < 6.4.0-150700.20.11.1fixed 6.4.0-150700.20.11.1
In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fix a use-after-free in r535_gsp_rpc_push() The RPC container is released after being passed to r535_gsp_rpc_send(). When sending the initial fragment of a large RPC and passing the caller's RPC c
- affected < 6.4.0-150700.20.11.1fixed 6.4.0-150700.20.11.1
In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix double invocation of bnxt_ulp_stop()/bnxt_ulp_start() Before the commit under the Fixes tag below, bnxt_ulp_stop() and bnxt_ulp_start() were always invoked in pairs. After that commit, the new bnx
- affected < 6.4.0-150700.20.15.2fixed 6.4.0-150700.20.15.2
In the Linux kernel, the following vulnerability has been resolved: atm: atmtcp: Free invalid length skb in atmtcp_c_send(). syzbot reported the splat below. [0] vcc_sendmsg() copies data passed from userspace to skb and passes it to vcc->dev->ops->send(). atmtcp_c_send() acc
- affected < 6.4.0-150700.20.15.2fixed 6.4.0-150700.20.15.2
In the Linux kernel, the following vulnerability has been resolved: tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer The reproduction steps: 1. create a tun interface 2. enable l2 bearer 3. TIPC_NL_UDP_GET_REMOTEIP with media name set to tun tipc: Started i
- affected < 6.4.0-150700.20.11.1fixed 6.4.0-150700.20.11.1
In the Linux kernel, the following vulnerability has been resolved: net: lan743x: fix potential out-of-bounds write in lan743x_ptp_io_event_clock_get() Before calling lan743x_ptp_io_event_clock_get(), the 'channel' value is checked against the maximum value of PCI11X1X_PTP_IO_M
- affected < 6.4.0-150700.20.11.1fixed 6.4.0-150700.20.11.1
In the Linux kernel, the following vulnerability has been resolved: ublk: santizize the arguments from userspace when adding a device Sanity check the values for queue depth and number of queues we get from userspace when adding a device.
Page 84 of 119