rpm package
suse/kernel-default&distro=SUSE Linux Enterprise High Availability Extension 15 SP6
pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP6
Vulnerabilities (4,170)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-38680 | Hig | 7.1 | < 6.4.0-150600.23.73.1 | 6.4.0-150600.23.73.1 | Sep 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format() The buffer length check before calling uvc_parse_format() only ensured that the buffer has at least 3 bytes (buflen > 2), buf the function ac | |
| CVE-2025-38679 | Hig | 7.1 | < 6.4.0-150600.23.73.1 | 6.4.0-150600.23.73.1 | Sep 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: media: venus: Fix OOB read due to missing payload bound check Currently, The event_seq_changed() handler processes a variable number of properties sent by the firmware. The number of properties is indicated by | |
| CVE-2025-38730 | — | < 6.4.0-150600.23.73.1 | 6.4.0-150600.23.73.1 | Sep 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: io_uring/net: commit partial buffers on retry Ring provided buffers are potentially only valid within the single execution context in which they were acquired. io_uring deals with this and invalidates them on r | ||
| CVE-2025-38722 | — | < 6.4.0-150600.23.73.1 | 6.4.0-150600.23.73.1 | Sep 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: habanalabs: fix UAF in export_dmabuf() As soon as we'd inserted a file reference into descriptor table, another thread could close it. That's fine for the case when all we are doing is returning that descripto | ||
| CVE-2025-38718 | — | < 6.4.0-150600.23.78.1 | 6.4.0-150600.23.78.1 | Sep 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: sctp: linearize cloned gso packets in sctp_rcv A cloned head skb still shares these frag skbs in fraglist with the original head skb. It's not safe to access these frag skbs. syzbot reported two use-of-uniniti | ||
| CVE-2025-38709 | — | < 6.4.0-150600.23.73.1 | 6.4.0-150600.23.73.1 | Sep 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: loop: Avoid updating block size under exclusive owner Syzbot came up with a reproducer where a loop device block size is changed underneath a mounted filesystem. This causes a mismatch between the block device | ||
| CVE-2025-38705 | — | < 6.4.0-150600.23.73.1 | 6.4.0-150600.23.73.1 | Sep 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: fix null pointer access Writing a string without delimiters (' ', '\n', '\0') to the under gpu_od/fan_ctrl sysfs or pp_power_profile_mode for the CUSTOM profile will result in a null pointer derefer | ||
| CVE-2025-38692 | — | < 6.4.0-150600.23.73.1 | 6.4.0-150600.23.73.1 | Sep 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: exfat: add cluster chain loop check for dir An infinite loop may occur if the following conditions occur due to file system corruption. (1) Condition for exfat_count_dir_entries() to loop infinitely. - The | ||
| CVE-2025-38678 | — | < 6.4.0-150600.23.73.1 | 6.4.0-150600.23.73.1 | Sep 3, 2025 | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: reject duplicate device on updates A chain/flowtable update with duplicated devices in the same batch is possible. Unfortunately, netdev event path only removes the first device that is fo | ||
| CVE-2024-58240 | Hig | 7.8 | < 6.4.0-150600.23.73.1 | 6.4.0-150600.23.73.1 | Aug 28, 2025 | In the Linux kernel, the following vulnerability has been resolved: tls: separate no-async decryption request handling from async If we're not doing async, the handling is much simpler. There's no reference counting, we just need to wait for the completion to wake us up and ret | |
| CVE-2025-38676 | Hig | 7.8 | < 6.4.0-150600.23.73.1 | 6.4.0-150600.23.73.1 | Aug 26, 2025 | In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Avoid stack buffer overflow from kernel cmdline While the kernel command line is considered trusted in most environments, avoid writing 1 byte past the end of "acpiid" if the "str" argument is maximu | |
| CVE-2025-38670 | Hig | 7.1 | < 6.4.0-150600.23.70.1 | 6.4.0-150600.23.70.1 | Aug 22, 2025 | In the Linux kernel, the following vulnerability has been resolved: arm64/entry: Mask DAIF in cpu_switch_to(), call_on_irq_stack() `cpu_switch_to()` and `call_on_irq_stack()` manipulate SP to change to different stacks along with the Shadow Call Stack if it is enabled. Those tw | |
| CVE-2025-38659 | Med | 5.5 | < 6.4.0-150600.23.73.1 | 6.4.0-150600.23.73.1 | Aug 22, 2025 | In the Linux kernel, the following vulnerability has been resolved: gfs2: No more self recovery When a node withdraws and it turns out that it is the only node that has the filesystem mounted, gfs2 currently tries to replay the local journal to bring the filesystem back into a | |
| CVE-2025-38671 | — | < 6.4.0-150600.23.70.1 | 6.4.0-150600.23.70.1 | Aug 22, 2025 | In the Linux kernel, the following vulnerability has been resolved: i2c: qup: jump out of the loop in case of timeout Original logic only sets the return value but doesn't jump out of the loop if the bus is kept active by a client. This is not expected. A malicious or buggy i2c | ||
| CVE-2025-38668 | — | < 6.4.0-150600.23.73.1 | 6.4.0-150600.23.73.1 | Aug 22, 2025 | In the Linux kernel, the following vulnerability has been resolved: regulator: core: fix NULL dereference on unbind due to stale coupling data Failing to reset coupling_desc.n_coupled after freeing coupled_rdevs can lead to NULL pointer dereference when regulators are accessed | ||
| CVE-2025-38665 | — | < 6.4.0-150600.23.70.1 | 6.4.0-150600.23.70.1 | Aug 22, 2025 | In the Linux kernel, the following vulnerability has been resolved: can: netlink: can_changelink(): fix NULL pointer deref of struct can_priv::do_set_mode Andrei Lalaev reported a NULL pointer deref when a CAN device is restarted from Bus Off and the driver does not implement t | ||
| CVE-2025-38664 | — | < 6.4.0-150600.23.73.1 | 6.4.0-150600.23.73.1 | Aug 22, 2025 | In the Linux kernel, the following vulnerability has been resolved: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() Add check for the return value of devm_kmemdup() to prevent potential null pointer dereference. | ||
| CVE-2025-38663 | — | < 6.4.0-150600.23.70.1 | 6.4.0-150600.23.70.1 | Aug 22, 2025 | In the Linux kernel, the following vulnerability has been resolved: nilfs2: reject invalid file types when reading inodes To prevent inodes with invalid file types from tripping through the vfs and causing malfunctions or assertion failures, add a missing sanity check when read | ||
| CVE-2025-38660 | — | < 6.4.0-150600.23.73.1 | 6.4.0-150600.23.73.1 | Aug 22, 2025 | In the Linux kernel, the following vulnerability has been resolved: [ceph] parse_longname(): strrchr() expects NUL-terminated string ... and parse_longname() is not guaranteed that. That's the reason why it uses kmemdup_nul() to build the argument for kstrtou64(); the problem | ||
| CVE-2025-38656 | — | < 6.4.0-150600.23.70.1 | 6.4.0-150600.23.70.1 | Aug 22, 2025 | In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: Fix error code in iwl_op_mode_dvm_start() Preserve the error code if iwl_setup_deferred_work() fails. The current code returns ERR_PTR(0) (which is NULL) on this path. I believe the missing err |
- affected < 6.4.0-150600.23.73.1fixed 6.4.0-150600.23.73.1
In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format() The buffer length check before calling uvc_parse_format() only ensured that the buffer has at least 3 bytes (buflen > 2), buf the function ac
- affected < 6.4.0-150600.23.73.1fixed 6.4.0-150600.23.73.1
In the Linux kernel, the following vulnerability has been resolved: media: venus: Fix OOB read due to missing payload bound check Currently, The event_seq_changed() handler processes a variable number of properties sent by the firmware. The number of properties is indicated by
- CVE-2025-38730Sep 4, 2025affected < 6.4.0-150600.23.73.1fixed 6.4.0-150600.23.73.1
In the Linux kernel, the following vulnerability has been resolved: io_uring/net: commit partial buffers on retry Ring provided buffers are potentially only valid within the single execution context in which they were acquired. io_uring deals with this and invalidates them on r
- CVE-2025-38722Sep 4, 2025affected < 6.4.0-150600.23.73.1fixed 6.4.0-150600.23.73.1
In the Linux kernel, the following vulnerability has been resolved: habanalabs: fix UAF in export_dmabuf() As soon as we'd inserted a file reference into descriptor table, another thread could close it. That's fine for the case when all we are doing is returning that descripto
- CVE-2025-38718Sep 4, 2025affected < 6.4.0-150600.23.78.1fixed 6.4.0-150600.23.78.1
In the Linux kernel, the following vulnerability has been resolved: sctp: linearize cloned gso packets in sctp_rcv A cloned head skb still shares these frag skbs in fraglist with the original head skb. It's not safe to access these frag skbs. syzbot reported two use-of-uniniti
- CVE-2025-38709Sep 4, 2025affected < 6.4.0-150600.23.73.1fixed 6.4.0-150600.23.73.1
In the Linux kernel, the following vulnerability has been resolved: loop: Avoid updating block size under exclusive owner Syzbot came up with a reproducer where a loop device block size is changed underneath a mounted filesystem. This causes a mismatch between the block device
- CVE-2025-38705Sep 4, 2025affected < 6.4.0-150600.23.73.1fixed 6.4.0-150600.23.73.1
In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: fix null pointer access Writing a string without delimiters (' ', '\n', '\0') to the under gpu_od/fan_ctrl sysfs or pp_power_profile_mode for the CUSTOM profile will result in a null pointer derefer
- CVE-2025-38692Sep 4, 2025affected < 6.4.0-150600.23.73.1fixed 6.4.0-150600.23.73.1
In the Linux kernel, the following vulnerability has been resolved: exfat: add cluster chain loop check for dir An infinite loop may occur if the following conditions occur due to file system corruption. (1) Condition for exfat_count_dir_entries() to loop infinitely. - The
- CVE-2025-38678Sep 3, 2025affected < 6.4.0-150600.23.73.1fixed 6.4.0-150600.23.73.1
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: reject duplicate device on updates A chain/flowtable update with duplicated devices in the same batch is possible. Unfortunately, netdev event path only removes the first device that is fo
- affected < 6.4.0-150600.23.73.1fixed 6.4.0-150600.23.73.1
In the Linux kernel, the following vulnerability has been resolved: tls: separate no-async decryption request handling from async If we're not doing async, the handling is much simpler. There's no reference counting, we just need to wait for the completion to wake us up and ret
- affected < 6.4.0-150600.23.73.1fixed 6.4.0-150600.23.73.1
In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Avoid stack buffer overflow from kernel cmdline While the kernel command line is considered trusted in most environments, avoid writing 1 byte past the end of "acpiid" if the "str" argument is maximu
- affected < 6.4.0-150600.23.70.1fixed 6.4.0-150600.23.70.1
In the Linux kernel, the following vulnerability has been resolved: arm64/entry: Mask DAIF in cpu_switch_to(), call_on_irq_stack() `cpu_switch_to()` and `call_on_irq_stack()` manipulate SP to change to different stacks along with the Shadow Call Stack if it is enabled. Those tw
- affected < 6.4.0-150600.23.73.1fixed 6.4.0-150600.23.73.1
In the Linux kernel, the following vulnerability has been resolved: gfs2: No more self recovery When a node withdraws and it turns out that it is the only node that has the filesystem mounted, gfs2 currently tries to replay the local journal to bring the filesystem back into a
- CVE-2025-38671Aug 22, 2025affected < 6.4.0-150600.23.70.1fixed 6.4.0-150600.23.70.1
In the Linux kernel, the following vulnerability has been resolved: i2c: qup: jump out of the loop in case of timeout Original logic only sets the return value but doesn't jump out of the loop if the bus is kept active by a client. This is not expected. A malicious or buggy i2c
- CVE-2025-38668Aug 22, 2025affected < 6.4.0-150600.23.73.1fixed 6.4.0-150600.23.73.1
In the Linux kernel, the following vulnerability has been resolved: regulator: core: fix NULL dereference on unbind due to stale coupling data Failing to reset coupling_desc.n_coupled after freeing coupled_rdevs can lead to NULL pointer dereference when regulators are accessed
- CVE-2025-38665Aug 22, 2025affected < 6.4.0-150600.23.70.1fixed 6.4.0-150600.23.70.1
In the Linux kernel, the following vulnerability has been resolved: can: netlink: can_changelink(): fix NULL pointer deref of struct can_priv::do_set_mode Andrei Lalaev reported a NULL pointer deref when a CAN device is restarted from Bus Off and the driver does not implement t
- CVE-2025-38664Aug 22, 2025affected < 6.4.0-150600.23.73.1fixed 6.4.0-150600.23.73.1
In the Linux kernel, the following vulnerability has been resolved: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() Add check for the return value of devm_kmemdup() to prevent potential null pointer dereference.
- CVE-2025-38663Aug 22, 2025affected < 6.4.0-150600.23.70.1fixed 6.4.0-150600.23.70.1
In the Linux kernel, the following vulnerability has been resolved: nilfs2: reject invalid file types when reading inodes To prevent inodes with invalid file types from tripping through the vfs and causing malfunctions or assertion failures, add a missing sanity check when read
- CVE-2025-38660Aug 22, 2025affected < 6.4.0-150600.23.73.1fixed 6.4.0-150600.23.73.1
In the Linux kernel, the following vulnerability has been resolved: [ceph] parse_longname(): strrchr() expects NUL-terminated string ... and parse_longname() is not guaranteed that. That's the reason why it uses kmemdup_nul() to build the argument for kstrtou64(); the problem
- CVE-2025-38656Aug 22, 2025affected < 6.4.0-150600.23.70.1fixed 6.4.0-150600.23.70.1
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: Fix error code in iwl_op_mode_dvm_start() Preserve the error code if iwl_setup_deferred_work() fails. The current code returns ERR_PTR(0) (which is NULL) on this path. I believe the missing err
Page 48 of 209