VYPR

rpm package

suse/kernel-default&distro=SUSE Linux Enterprise High Availability Extension 15 SP6

pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP6

Vulnerabilities (4,170)

  • CVE-2025-39681MedSep 5, 2025
    affected < 6.4.0-150600.23.73.1fixed 6.4.0-150600.23.73.1

    In the Linux kernel, the following vulnerability has been resolved: x86/cpu/hygon: Add missing resctrl_cpu_detect() in bsp_init helper Since 923f3a2b48bd ("x86/resctrl: Query LLC monitoring properties once during boot") resctrl_cpu_detect() has been moved from common CPU in

  • CVE-2025-39676MedSep 5, 2025
    affected < 6.4.0-150600.23.78.1fixed 6.4.0-150600.23.78.1

    In the Linux kernel, the following vulnerability has been resolved: scsi: qla4xxx: Prevent a potential error pointer dereference The qla4xxx_get_ep_fwdb() function is supposed to return NULL on error, but qla4xxx_ep_connect() returns error pointers. Propagating the error point

  • CVE-2025-39675MedSep 5, 2025
    affected < 6.4.0-150600.23.73.1fixed 6.4.0-150600.23.73.1

    In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add null pointer check in mod_hdcp_hdcp1_create_session() The function mod_hdcp_hdcp1_create_session() calls the function get_first_active_display(), but does not check its return value. The re

  • CVE-2025-39673MedSep 5, 2025
    affected < 6.4.0-150600.23.78.1fixed 6.4.0-150600.23.78.1

    In the Linux kernel, the following vulnerability has been resolved: ppp: fix race conditions in ppp_fill_forward_path ppp_fill_forward_path() has two race conditions: 1. The ppp->channels list can change between list_empty() and list_first_entry(), as ppp_lock() is not held

  • CVE-2025-38736HigSep 5, 2025
    affected < 6.4.0-150600.23.73.1fixed 6.4.0-150600.23.73.1

    In the Linux kernel, the following vulnerability has been resolved: net: usb: asix_devices: Fix PHY address mask in MDIO bus initialization Syzbot reported shift-out-of-bounds exception on MDIO bus initialization. The PHY address should be masked to 5 bits (0-31). Without this

  • CVE-2025-38735MedSep 5, 2025
    affected < 6.4.0-150600.23.73.1fixed 6.4.0-150600.23.73.1

    In the Linux kernel, the following vulnerability has been resolved: gve: prevent ethtool ops after shutdown A crash can occur if an ethtool operation is invoked after shutdown() is called. shutdown() is invoked during system shutdown to stop DMA operations without performing e

  • CVE-2025-38732MedSep 5, 2025
    affected < 6.4.0-150600.23.73.1fixed 6.4.0-150600.23.73.1

    In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_reject: don't leak dst refcount for loopback packets recent patches to add a WARN() when replacing skb dst entry found an old bug: WARNING: include/linux/skbuff.h:1165 skb_dst_check_unset include

  • CVE-2025-39726Sep 5, 2025
    affected < 6.4.0-150600.23.73.1fixed 6.4.0-150600.23.73.1

    In the Linux kernel, the following vulnerability has been resolved: s390/ism: fix concurrency management in ism_cmd() The s390x ISM device data sheet clearly states that only one request-response sequence is allowable per ISM function at any point in time. Unfortunately as of

  • CVE-2025-39721Sep 5, 2025
    affected < 6.4.0-150600.23.73.1fixed 6.4.0-150600.23.73.1

    In the Linux kernel, the following vulnerability has been resolved: crypto: qat - flush misc workqueue during device shutdown Repeated loading and unloading of a device specific QAT driver, for example qat_4xxx, in a tight loop can lead to a crash due to a use-after-free scenar

  • CVE-2025-39705Sep 5, 2025
    affected < 6.4.0-150600.23.73.1fixed 6.4.0-150600.23.73.1

    In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix a Null pointer dereference vulnerability [Why] A null pointer dereference vulnerability exists in the AMD display driver's (DC module) cleanup function dc_destruct(). When display control c

  • CVE-2025-39679Sep 5, 2025
    affected < 6.4.0-150600.23.73.1fixed 6.4.0-150600.23.73.1

    In the Linux kernel, the following vulnerability has been resolved: drm/nouveau/nvif: Fix potential memory leak in nvif_vmm_ctor(). When the nvif_vmm_type is invalid, we will return error directly without freeing the args in nvif_vmm_ctor(), which leading a memory leak. Fix it

  • CVE-2025-39678Sep 5, 2025
    affected < 6.4.0-150600.23.73.1fixed 6.4.0-150600.23.73.1

    In the Linux kernel, the following vulnerability has been resolved: platform/x86/amd/hsmp: Ensure sock->metric_tbl_addr is non-NULL If metric table address is not allocated, accessing metrics_bin will result in a NULL pointer dereference, so add a check.

  • CVE-2025-39677Sep 5, 2025
    affected < 6.4.0-150600.23.73.1fixed 6.4.0-150600.23.73.1

    In the Linux kernel, the following vulnerability has been resolved: net/sched: Fix backlog accounting in qdisc_dequeue_internal This issue applies for the following qdiscs: hhf, fq, fq_codel, and fq_pie, and occurs in their change handlers when adjusting to the new limit. The p

  • CVE-2025-38734Sep 5, 2025
    affected < 6.4.0-150600.23.73.1fixed 6.4.0-150600.23.73.1

    In the Linux kernel, the following vulnerability has been resolved: net/smc: fix UAF on smcsk after smc_listen_out() BPF CI testing report a UAF issue: [ 16.446633] BUG: kernel NULL pointer dereference, address: 000000000000003 0 [ 16.447134] #PF: supervisor read acce

  • CVE-2025-38729HigSep 4, 2025
    affected < 6.4.0-150600.23.73.1fixed 6.4.0-150600.23.73.1

    In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Validate UAC3 power domain descriptors, too UAC3 power domain descriptors need to be verified with its variable bLength for avoiding the unexpected OOB accesses by malicious firmware, too.

  • CVE-2025-38728HigSep 4, 2025
    affected < 6.4.0-150600.23.84.1fixed 6.4.0-150600.23.84.1

    In the Linux kernel, the following vulnerability has been resolved: smb3: fix for slab out of bounds on mount to ksmbd With KASAN enabled, it is possible to get a slab out of bounds during mount to ksmbd due to missing check in parse_server_interfaces() (see below): BUG: KASA

  • CVE-2025-38727MedSep 4, 2025
    affected < 6.4.0-150600.23.73.1fixed 6.4.0-150600.23.73.1

    In the Linux kernel, the following vulnerability has been resolved: netlink: avoid infinite retry looping in netlink_unicast() netlink_attachskb() checks for the socket's read memory allocation constraints. Firstly, it has: rmem < READ_ONCE(sk->sk_rcvbuf) to check if the ju

  • CVE-2025-38725MedSep 4, 2025
    affected < 6.4.0-150600.23.73.1fixed 6.4.0-150600.23.73.1

    In the Linux kernel, the following vulnerability has been resolved: net: usb: asix_devices: add phy_mask for ax88772 mdio bus Without setting phy_mask for ax88772 mdio bus, current driver may create at most 32 mdio phy devices with phy address range from 0x00 ~ 0x1f. DLink DUB-

  • CVE-2025-38724HigSep 4, 2025
    affected < 6.4.0-150600.23.73.1fixed 6.4.0-150600.23.73.1

    In the Linux kernel, the following vulnerability has been resolved: nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() Lei Lu recently reported that nfsd4_setclientid_confirm() did not check the return value from get_client_locked(). a SETCLIENTID_CONFIRM c

  • CVE-2025-38721MedSep 4, 2025
    affected < 6.4.0-150600.23.73.1fixed 6.4.0-150600.23.73.1

    In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: fix refcount leak on table dump There is a reference count leak in ctnetlink_dump_table(): if (res < 0) { nf_conntrack_get(&ct->ct_general); // HERE c

Page 46 of 209