VYPR

rpm package

suse/kernel-azure&distro=SUSE Linux Enterprise Server for SAP applications 16.0

pkg:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20applications%2016.0

Vulnerabilities (594)

  • CVE-2025-40214Dec 4, 2025
    affected < 6.12.0-160000.9.1fixed 6.12.0-160000.9.1

    In the Linux kernel, the following vulnerability has been resolved: af_unix: Initialise scc_index in unix_add_edge(). Quang Le reported that the AF_UNIX GC could garbage-collect a receive queue of an alive in-flight socket, with a nice repro. The repro consists of three stages

  • CVE-2025-40213Nov 24, 2025
    affected < 6.12.0-160000.9.1fixed 6.12.0-160000.9.1

    In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: fix crash in set_mesh_sync and set_mesh_complete There is a BUG: KASAN: stack-out-of-bounds in set_mesh_sync due to memcpy from badly declared on-stack flexible array. Another crash is in set_

  • CVE-2025-40212Nov 24, 2025
    affected < 6.12.0-160000.9.1fixed 6.12.0-160000.9.1

    In the Linux kernel, the following vulnerability has been resolved: nfsd: fix refcount leak in nfsd_set_fh_dentry() nfsd exports a "pseudo root filesystem" which is used by NFSv4 to find the various exported filesystems using LOOKUP requests from a known root filehandle. NFSv3

  • CVE-2025-40211Nov 21, 2025
    affected < 6.12.0-160000.9.1fixed 6.12.0-160000.9.1

    In the Linux kernel, the following vulnerability has been resolved: ACPI: video: Fix use-after-free in acpi_video_switch_brightness() The switch_brightness_work delayed work accesses device->brightness and device->backlight, freed by acpi_video_dev_unregister_backlight() during

  • CVE-2025-40209Nov 21, 2025
    affected < 6.12.0-160000.9.1fixed 6.12.0-160000.9.1

    In the Linux kernel, the following vulnerability has been resolved: btrfs: fix memory leak of qgroup_list in btrfs_add_qgroup_relation When btrfs_add_qgroup_relation() is called with invalid qgroup levels (src >= dst), the function returns -EINVAL directly without freeing the p

  • CVE-2025-40195Nov 12, 2025
    affected < 6.12.0-160000.26.1fixed 6.12.0-160000.26.1

    In the Linux kernel, the following vulnerability has been resolved: mount: handle NULL values in mnt_ns_release() When calling in listmount() mnt_ns_release() may be passed a NULL pointer. Handle that case gracefully.

  • CVE-2025-40190Nov 12, 2025
    affected < 6.12.0-160000.9.1fixed 6.12.0-160000.9.1

    In the Linux kernel, the following vulnerability has been resolved: ext4: guard against EA inode refcount underflow in xattr update syzkaller found a path where ext4_xattr_inode_update_ref() reads an EA inode refcount that is already <= 0 and then applies ref_change (often -1).

  • CVE-2025-40179Nov 12, 2025
    affected < 6.12.0-160000.9.1fixed 6.12.0-160000.9.1

    In the Linux kernel, the following vulnerability has been resolved: ext4: verify orphan file size is not too big In principle orphan file can be arbitrarily large. However orphan replay needs to traverse it all and we also pin all its buffers in memory. Thus filesystems with ab

  • CVE-2025-40170Nov 12, 2025
    affected < 6.12.0-160000.9.1fixed 6.12.0-160000.9.1

    In the Linux kernel, the following vulnerability has been resolved: net: use dst_dev_rcu() in sk_setup_caps() Use RCU to protect accesses to dst->dev from sk_setup_caps() and sk_dst_gso_max_size(). Also use dst_dev_rcu() in ip6_dst_mtu_maybe_forward(), and ip_dst_mtu_maybe_for

  • CVE-2025-40167Nov 12, 2025
    affected < 6.12.0-160000.9.1fixed 6.12.0-160000.9.1

    In the Linux kernel, the following vulnerability has been resolved: ext4: detect invalid INLINE_DATA + EXTENTS flag combination syzbot reported a BUG_ON in ext4_es_cache_extent() when opening a verity file on a corrupted ext4 filesystem mounted without a journal. The issue is

  • CVE-2025-40160Nov 12, 2025
    affected < 6.12.0-160000.9.1fixed 6.12.0-160000.9.1

    In the Linux kernel, the following vulnerability has been resolved: xen/events: Return -EEXIST for bound VIRQs Change find_virq() to return -EEXIST when a VIRQ is bound to a different CPU than the one passed in. With that, remove the BUG_ON() from bind_virq_to_irq() to propoga

  • CVE-2025-40147Nov 12, 2025
    affected < 6.12.0-160000.26.1fixed 6.12.0-160000.26.1

    In the Linux kernel, the following vulnerability has been resolved: blk-throttle: fix access race during throttle policy activation On repeated cold boots we occasionally hit a NULL pointer crash in blk_should_throtl() when throttling is consulted before the throttle policy is

  • CVE-2025-40130Nov 12, 2025
    affected < 6.12.0-160000.9.1fixed 6.12.0-160000.9.1

    In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Fix data race in CPU latency PM QoS request handling The cpu_latency_qos_add/remove/update_request interfaces lack internal synchronization by design, requiring the caller to ensure thread safe

  • CVE-2025-40123Nov 12, 2025
    affected < 6.12.0-160000.9.1fixed 6.12.0-160000.9.1

    In the Linux kernel, the following vulnerability has been resolved: bpf: Enforce expected_attach_type for tailcall compatibility Yinhao et al. recently reported: Our fuzzer tool discovered an uninitialized pointer issue in the bpf_prog_test_run_xdp() function within the Li

  • CVE-2025-40106Oct 31, 2025
    affected < 6.12.0-160000.26.1fixed 6.12.0-160000.26.1

    In the Linux kernel, the following vulnerability has been resolved: comedi: fix divide-by-zero in comedi_buf_munge() The comedi_buf_munge() function performs a modulo operation `async->munge_chan %= async->cmd.chanlist_len` without first checking if chanlist_len is zero. If a u

  • CVE-2025-40103Oct 30, 2025
    affected < 6.12.0-160000.27.1fixed 6.12.0-160000.27.1

    In the Linux kernel, the following vulnerability has been resolved: smb: client: Fix refcount leak for cifs_sb_tlink Fix three refcount inconsistency issues related to `cifs_sb_tlink`. Comments for `cifs_sb_tlink` state that `cifs_put_tlink()` needs to be called after successf

  • CVE-2025-40099Oct 30, 2025
    affected < 6.12.0-160000.27.1fixed 6.12.0-160000.27.1

    In the Linux kernel, the following vulnerability has been resolved: cifs: parse_dfs_referrals: prevent oob on malformed input Malicious SMB server can send invalid reply to FSCTL_DFS_GET_REFERRALS - reply smaller than sizeof(struct get_dfs_referral_rsp) - reply with number of

  • CVE-2025-40097Oct 30, 2025
    affected < 6.12.0-160000.26.1fixed 6.12.0-160000.26.1

    In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: Fix missing pointer check in hda_component_manager_init function The __component_match_add function may assign the 'matchptr' pointer the value ERR_PTR(-ENOMEM), which will subsequently be dereferenc

  • CVE-2025-40045Oct 28, 2025
    affected < 6.12.0-160000.26.1fixed 6.12.0-160000.26.1

    In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: wcd937x: set the comp soundwire port correctly For some reason we endup with setting soundwire port for HPHL_COMP and HPHR_COMP as zero, this can potentially result in a memory corruption due to a

  • CVE-2025-40042Oct 28, 2025
    affected < 6.12.0-160000.9.1fixed 6.12.0-160000.9.1

    In the Linux kernel, the following vulnerability has been resolved: tracing: Fix race condition in kprobe initialization causing NULL pointer dereference There is a critical race condition in kprobe initialization that can lead to NULL pointer dereference and kernel crash. [11

Page 27 of 30