rpm package
suse/kernel-default&distro=SUSE Linux Enterprise High Availability Extension 15 SP6
pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP6
Vulnerabilities (4,170)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-38008 | — | < 6.4.0-150600.23.78.1 | 6.4.0-150600.23.78.1 | Jun 18, 2025 | In the Linux kernel, the following vulnerability has been resolved: mm/page_alloc: fix race condition in unaccepted memory handling The page allocator tracks the number of zones that have unaccepted memory using static_branch_enc/dec() and uses that static branch in hot paths t | ||
| CVE-2025-38007 | — | < 6.4.0-150600.23.60.5 | 6.4.0-150600.23.60.5 | Jun 18, 2025 | In the Linux kernel, the following vulnerability has been resolved: HID: uclogic: Add NULL check in uclogic_input_configured() devm_kasprintf() returns NULL when memory allocation fails. Currently, uclogic_input_configured() does not check for this case, which results in a NULL | ||
| CVE-2025-38005 | — | < 6.4.0-150600.23.60.5 | 6.4.0-150600.23.60.5 | Jun 18, 2025 | In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: k3-udma: Add missing locking Recent kernels complain about a missing lock in k3-udma.c when the lock validator is enabled: [ 4.128073] WARNING: CPU: 0 PID: 746 at drivers/dma/ti/../virt-dma.h | ||
| CVE-2025-38004 | — | < 6.4.0-150600.23.60.5 | 6.4.0-150600.23.60.5 | Jun 8, 2025 | In the Linux kernel, the following vulnerability has been resolved: can: bcm: add locking for bcm_op runtime updates The CAN broadcast manager (CAN BCM) can send a sequence of CAN frames via hrtimer. The content and also the length of the sequence can be changed resp reduced at | ||
| CVE-2025-38003 | — | < 6.4.0-150600.23.60.5 | 6.4.0-150600.23.60.5 | Jun 8, 2025 | In the Linux kernel, the following vulnerability has been resolved: can: bcm: add missing rcu read protection for procfs content When the procfs content is generated for a bcm_op which is in the process to be removed the procfs output might show unreliable data (UAF). As the r | ||
| CVE-2025-38001 | — | < 6.4.0-150600.23.60.5 | 6.4.0-150600.23.60.5 | Jun 6, 2025 | In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice Savino says: "We are writing to report that this recent patch (141d34391abbb315d68556b7c67ad97885407547) [1] can be bypassed, | ||
| CVE-2025-38000 | — | < 6.4.0-150600.23.60.5 | 6.4.0-150600.23.60.5 | Jun 6, 2025 | In the Linux kernel, the following vulnerability has been resolved: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() When enqueuing the first packet to an HFSC class, hfsc_enqueue() calls the child qdisc's peek() operation before incrementing sch->q.qlen and | ||
| CVE-2025-37998 | — | < 6.4.0-150600.23.60.5 | 6.4.0-150600.23.60.5 | May 29, 2025 | In the Linux kernel, the following vulnerability has been resolved: openvswitch: Fix unsafe attribute parsing in output_userspace() This patch replaces the manual Netlink attribute iteration in output_userspace() with nla_for_each_nested(), which ensures that only well-formed a | ||
| CVE-2025-37997 | — | < 6.4.0-150600.23.60.5 | 6.4.0-150600.23.60.5 | May 29, 2025 | In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: fix region locking in hash types Region locking introduced in v5.6-rc4 contained three macros to handle the region locks: ahash_bucket_start(), ahash_bucket_end() which gave back the start and | ||
| CVE-2025-37995 | — | < 6.4.0-150600.23.60.5 | 6.4.0-150600.23.60.5 | May 29, 2025 | In the Linux kernel, the following vulnerability has been resolved: module: ensure that kobject_put() is safe for module type kobjects In 'lookup_or_create_module_kobject()', an internal kobject is created using 'module_ktype'. So call to 'kobject_put()' on error handling path | ||
| CVE-2025-37994 | — | < 6.4.0-150600.23.60.5 | 6.4.0-150600.23.60.5 | May 29, 2025 | In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: displayport: Fix NULL pointer access This patch ensures that the UCSI driver waits for all pending tasks in the ucsi_displayport_work workqueue to finish executing before proceeding with the p | ||
| CVE-2025-37992 | — | < 6.4.0-150600.23.60.5 | 6.4.0-150600.23.60.5 | May 26, 2025 | In the Linux kernel, the following vulnerability has been resolved: net_sched: Flush gso_skb list too during ->change() Previously, when reducing a qdisc's limit via the ->change() operation, only the main skb queue was trimmed, potentially leaving packets in the gso_skb list. | ||
| CVE-2025-37990 | — | < 6.4.0-150600.23.53.1 | 6.4.0-150600.23.53.1 | May 20, 2025 | In the Linux kernel, the following vulnerability has been resolved: wifi: brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage() The function brcmf_usb_dl_writeimage() calls the function brcmf_usb_dl_cmd() but dose not check its return value. The 'state.state' and th | ||
| CVE-2025-37980 | Med | 5.5 | < 6.4.0-150600.23.53.1 | 6.4.0-150600.23.53.1 | May 20, 2025 | In the Linux kernel, the following vulnerability has been resolved: block: fix resource leak in blk_register_queue() error path When registering a queue fails after blk_mq_sysfs_register() is successful but the function later encounters an error, we need to clean up the blk_mq_ | |
| CVE-2025-37968 | Med | 5.5 | < 6.4.0-150600.23.60.5 | 6.4.0-150600.23.60.5 | May 20, 2025 | In the Linux kernel, the following vulnerability has been resolved: iio: light: opt3001: fix deadlock due to concurrent flag access The threaded IRQ function in this driver is reading the flag twice: once to lock a mutex and once to unlock it. Even though the code setting the f | |
| CVE-2025-37989 | — | < 6.4.0-150600.23.53.1 | 6.4.0-150600.23.53.1 | May 20, 2025 | In the Linux kernel, the following vulnerability has been resolved: net: phy: leds: fix memory leak A network restart test on a router led to an out-of-memory condition, which was traced to a memory leak in the PHY LED trigger code. The root cause is misuse of the devm API. Th | ||
| CVE-2025-37987 | — | < 6.4.0-150600.23.60.5 | 6.4.0-150600.23.60.5 | May 20, 2025 | In the Linux kernel, the following vulnerability has been resolved: pds_core: Prevent possible adminq overflow/stuck condition The pds_core's adminq is protected by the adminq_lock, which prevents more than 1 command to be posted onto it at any one time. This makes it so the cl | ||
| CVE-2025-37986 | — | < 6.4.0-150600.23.53.1 | 6.4.0-150600.23.53.1 | May 20, 2025 | In the Linux kernel, the following vulnerability has been resolved: usb: typec: class: Invalidate USB device pointers on partner unregistration To avoid using invalid USB device pointers after a Type-C partner disconnects, this patch clears the pointers upon partner unregistrat | ||
| CVE-2025-37985 | — | < 6.4.0-150600.23.53.1 | 6.4.0-150600.23.53.1 | May 20, 2025 | In the Linux kernel, the following vulnerability has been resolved: USB: wdm: close race between wdm_open and wdm_wwan_port_stop Clearing WDM_WWAN_IN_USE must be the last action or we can open a chardev whose URBs are still poisoned | ||
| CVE-2025-37984 | — | < 6.4.0-150600.23.65.1 | 6.4.0-150600.23.65.1 | May 20, 2025 | In the Linux kernel, the following vulnerability has been resolved: crypto: ecdsa - Harden against integer overflows in DIV_ROUND_UP() Herbert notes that DIV_ROUND_UP() may overflow unnecessarily if an ecdsa implementation's ->key_size() callback returns an unusually large valu |
- CVE-2025-38008Jun 18, 2025affected < 6.4.0-150600.23.78.1fixed 6.4.0-150600.23.78.1
In the Linux kernel, the following vulnerability has been resolved: mm/page_alloc: fix race condition in unaccepted memory handling The page allocator tracks the number of zones that have unaccepted memory using static_branch_enc/dec() and uses that static branch in hot paths t
- CVE-2025-38007Jun 18, 2025affected < 6.4.0-150600.23.60.5fixed 6.4.0-150600.23.60.5
In the Linux kernel, the following vulnerability has been resolved: HID: uclogic: Add NULL check in uclogic_input_configured() devm_kasprintf() returns NULL when memory allocation fails. Currently, uclogic_input_configured() does not check for this case, which results in a NULL
- CVE-2025-38005Jun 18, 2025affected < 6.4.0-150600.23.60.5fixed 6.4.0-150600.23.60.5
In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: k3-udma: Add missing locking Recent kernels complain about a missing lock in k3-udma.c when the lock validator is enabled: [ 4.128073] WARNING: CPU: 0 PID: 746 at drivers/dma/ti/../virt-dma.h
- CVE-2025-38004Jun 8, 2025affected < 6.4.0-150600.23.60.5fixed 6.4.0-150600.23.60.5
In the Linux kernel, the following vulnerability has been resolved: can: bcm: add locking for bcm_op runtime updates The CAN broadcast manager (CAN BCM) can send a sequence of CAN frames via hrtimer. The content and also the length of the sequence can be changed resp reduced at
- CVE-2025-38003Jun 8, 2025affected < 6.4.0-150600.23.60.5fixed 6.4.0-150600.23.60.5
In the Linux kernel, the following vulnerability has been resolved: can: bcm: add missing rcu read protection for procfs content When the procfs content is generated for a bcm_op which is in the process to be removed the procfs output might show unreliable data (UAF). As the r
- CVE-2025-38001Jun 6, 2025affected < 6.4.0-150600.23.60.5fixed 6.4.0-150600.23.60.5
In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice Savino says: "We are writing to report that this recent patch (141d34391abbb315d68556b7c67ad97885407547) [1] can be bypassed,
- CVE-2025-38000Jun 6, 2025affected < 6.4.0-150600.23.60.5fixed 6.4.0-150600.23.60.5
In the Linux kernel, the following vulnerability has been resolved: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() When enqueuing the first packet to an HFSC class, hfsc_enqueue() calls the child qdisc's peek() operation before incrementing sch->q.qlen and
- CVE-2025-37998May 29, 2025affected < 6.4.0-150600.23.60.5fixed 6.4.0-150600.23.60.5
In the Linux kernel, the following vulnerability has been resolved: openvswitch: Fix unsafe attribute parsing in output_userspace() This patch replaces the manual Netlink attribute iteration in output_userspace() with nla_for_each_nested(), which ensures that only well-formed a
- CVE-2025-37997May 29, 2025affected < 6.4.0-150600.23.60.5fixed 6.4.0-150600.23.60.5
In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: fix region locking in hash types Region locking introduced in v5.6-rc4 contained three macros to handle the region locks: ahash_bucket_start(), ahash_bucket_end() which gave back the start and
- CVE-2025-37995May 29, 2025affected < 6.4.0-150600.23.60.5fixed 6.4.0-150600.23.60.5
In the Linux kernel, the following vulnerability has been resolved: module: ensure that kobject_put() is safe for module type kobjects In 'lookup_or_create_module_kobject()', an internal kobject is created using 'module_ktype'. So call to 'kobject_put()' on error handling path
- CVE-2025-37994May 29, 2025affected < 6.4.0-150600.23.60.5fixed 6.4.0-150600.23.60.5
In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: displayport: Fix NULL pointer access This patch ensures that the UCSI driver waits for all pending tasks in the ucsi_displayport_work workqueue to finish executing before proceeding with the p
- CVE-2025-37992May 26, 2025affected < 6.4.0-150600.23.60.5fixed 6.4.0-150600.23.60.5
In the Linux kernel, the following vulnerability has been resolved: net_sched: Flush gso_skb list too during ->change() Previously, when reducing a qdisc's limit via the ->change() operation, only the main skb queue was trimmed, potentially leaving packets in the gso_skb list.
- CVE-2025-37990May 20, 2025affected < 6.4.0-150600.23.53.1fixed 6.4.0-150600.23.53.1
In the Linux kernel, the following vulnerability has been resolved: wifi: brcm80211: fmac: Add error handling for brcmf_usb_dl_writeimage() The function brcmf_usb_dl_writeimage() calls the function brcmf_usb_dl_cmd() but dose not check its return value. The 'state.state' and th
- affected < 6.4.0-150600.23.53.1fixed 6.4.0-150600.23.53.1
In the Linux kernel, the following vulnerability has been resolved: block: fix resource leak in blk_register_queue() error path When registering a queue fails after blk_mq_sysfs_register() is successful but the function later encounters an error, we need to clean up the blk_mq_
- affected < 6.4.0-150600.23.60.5fixed 6.4.0-150600.23.60.5
In the Linux kernel, the following vulnerability has been resolved: iio: light: opt3001: fix deadlock due to concurrent flag access The threaded IRQ function in this driver is reading the flag twice: once to lock a mutex and once to unlock it. Even though the code setting the f
- CVE-2025-37989May 20, 2025affected < 6.4.0-150600.23.53.1fixed 6.4.0-150600.23.53.1
In the Linux kernel, the following vulnerability has been resolved: net: phy: leds: fix memory leak A network restart test on a router led to an out-of-memory condition, which was traced to a memory leak in the PHY LED trigger code. The root cause is misuse of the devm API. Th
- CVE-2025-37987May 20, 2025affected < 6.4.0-150600.23.60.5fixed 6.4.0-150600.23.60.5
In the Linux kernel, the following vulnerability has been resolved: pds_core: Prevent possible adminq overflow/stuck condition The pds_core's adminq is protected by the adminq_lock, which prevents more than 1 command to be posted onto it at any one time. This makes it so the cl
- CVE-2025-37986May 20, 2025affected < 6.4.0-150600.23.53.1fixed 6.4.0-150600.23.53.1
In the Linux kernel, the following vulnerability has been resolved: usb: typec: class: Invalidate USB device pointers on partner unregistration To avoid using invalid USB device pointers after a Type-C partner disconnects, this patch clears the pointers upon partner unregistrat
- CVE-2025-37985May 20, 2025affected < 6.4.0-150600.23.53.1fixed 6.4.0-150600.23.53.1
In the Linux kernel, the following vulnerability has been resolved: USB: wdm: close race between wdm_open and wdm_wwan_port_stop Clearing WDM_WWAN_IN_USE must be the last action or we can open a chardev whose URBs are still poisoned
- CVE-2025-37984May 20, 2025affected < 6.4.0-150600.23.65.1fixed 6.4.0-150600.23.65.1
In the Linux kernel, the following vulnerability has been resolved: crypto: ecdsa - Harden against integer overflows in DIV_ROUND_UP() Herbert notes that DIV_ROUND_UP() may overflow unnecessarily if an ecdsa implementation's ->key_size() callback returns an unusually large valu
Page 68 of 209