rpm package
suse/kernel-default&distro=SUSE Linux Enterprise Live Patching 15 SP5
pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP5
Vulnerabilities (4,709)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-22045 | Med | 5.5 | < 5.14.21-150500.55.103.1 | 5.14.21-150500.55.103.1 | Apr 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs On the following path, flush_tlb_range() can be used for zapping normal PMD entries (PMD entries that point to page tables) together with the PTE | |
| CVE-2025-22020 | Hig | 7.8 | < 5.14.21-150500.55.103.1 | 5.14.21-150500.55.103.1 | Apr 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove This fixes the following crash: ================================================================== BUG: KASAN: slab-use-after-free in rt | |
| CVE-2025-22004 | Hig | 7.8 | < 5.14.21-150500.55.103.1 | 5.14.21-150500.55.103.1 | Apr 3, 2025 | In the Linux kernel, the following vulnerability has been resolved: net: atm: fix use after free in lec_send() The ->send() operation frees skb so save the length before calling ->send() to avoid a use after free. | |
| CVE-2025-21999 | Hig | 7.8 | < 5.14.21-150500.55.110.1 | 5.14.21-150500.55.110.1 | Apr 3, 2025 | In the Linux kernel, the following vulnerability has been resolved: proc: fix UAF in proc_get_inode() Fix race between rmmod and /proc/XXX's inode instantiation. The bug is that pde->proc_ops don't belong to /proc, it belongs to a module, therefore dereferencing it after /proc | |
| CVE-2025-21971 | Med | 5.5 | < 5.14.21-150500.55.121.2 | 5.14.21-150500.55.121.2 | Apr 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: net_sched: Prevent creation of classes with TC_H_ROOT The function qdisc_tree_reduce_backlog() uses TC_H_ROOT as a termination condition when traversing up the qdisc tree to update parent backlog counters. Howe | |
| CVE-2023-53033 | Med | 5.5 | < 5.14.21-150500.55.100.1 | 5.14.21-150500.55.100.1 | Mar 27, 2025 | In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_payload: incorrect arithmetics when fetching VLAN header bits If the offset + length goes over the ethernet + vlan header, then the length is adjusted to copy the bytes that are within the bounda | |
| CVE-2023-53031 | Med | 5.5 | < 5.14.21-150500.55.103.1 | 5.14.21-150500.55.103.1 | Mar 27, 2025 | In the Linux kernel, the following vulnerability has been resolved: powerpc/imc-pmu: Fix use of mutex in IRQs disabled section Current imc-pmu code triggers a WARNING with CONFIG_DEBUG_ATOMIC_SLEEP and CONFIG_PROVE_LOCKING enabled, while running a thread_imc event. Command to | |
| CVE-2023-53030 | Med | 5.5 | < 5.14.21-150500.55.100.1 | 5.14.21-150500.55.100.1 | Mar 27, 2025 | In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: Avoid use of GFP_KERNEL in atomic context Using GFP_KERNEL in preemption disable context, causing below warning when CONFIG_DEBUG_ATOMIC_SLEEP is enabled. [ 32.542271] BUG: sleeping function ca | |
| CVE-2023-53029 | Med | 5.5 | < 5.14.21-150500.55.100.1 | 5.14.21-150500.55.100.1 | Mar 27, 2025 | In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: Fix the use of GFP_KERNEL in atomic context on rt The commit 4af1b64f80fb ("octeontx2-pf: Fix lmtst ID used in aura free") uses the get/put_cpu() to protect the usage of percpu pointer in ->aura_f | |
| CVE-2023-53028 | Med | 5.5 | < 5.14.21-150500.55.100.1 | 5.14.21-150500.55.100.1 | Mar 27, 2025 | In the Linux kernel, the following vulnerability has been resolved: Revert "wifi: mac80211: fix memory leak in ieee80211_if_add()" This reverts commit 13e5afd3d773c6fc6ca2b89027befaaaa1ea7293. ieee80211_if_free() is already called from free_netdev(ndev) because ndev->priv_dest | |
| CVE-2023-53026 | Med | 5.5 | < 5.14.21-150500.55.100.1 | 5.14.21-150500.55.100.1 | Mar 27, 2025 | In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Fix ib block iterator counter overflow When registering a new DMA MR after selecting the best aligned page size for it, we iterate over the given sglist to split each entry to smaller, aligned to the | |
| CVE-2023-53024 | Hig | 7.1 | < 5.14.21-150500.55.100.1 | 5.14.21-150500.55.100.1 | Mar 27, 2025 | In the Linux kernel, the following vulnerability has been resolved: bpf: Fix pointer-leak due to insufficient speculative store bypass mitigation To mitigate Spectre v4, 2039f26f3aca ("bpf: Fix leakage due to insufficient speculative store bypass mitigation") inserts lfence ins | |
| CVE-2023-53023 | Hig | 7.8 | < 5.14.21-150500.55.100.1 | 5.14.21-150500.55.100.1 | Mar 27, 2025 | In the Linux kernel, the following vulnerability has been resolved: net: nfc: Fix use-after-free in local_cleanup() Fix a use-after-free that occurs in kfree_skb() called from local_cleanup(). This could happen when killing nfc daemon (e.g. neard) after detaching an nfc device. | |
| CVE-2023-53019 | Hig | 7.8 | < 5.14.21-150500.55.100.1 | 5.14.21-150500.55.100.1 | Mar 27, 2025 | In the Linux kernel, the following vulnerability has been resolved: net: mdio: validate parameter addr in mdiobus_get_phy() The caller may pass any value as addr, what may result in an out-of-bounds access to array mdio_map. One existing case is stmmac_init_phy() that may pass | |
| CVE-2023-53018 | Med | 5.5 | < 5.14.21-150500.55.103.1 | 5.14.21-150500.55.103.1 | Mar 27, 2025 | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_conn: Fix memory leaks When hci_cmd_sync_queue() failed in hci_le_terminate_big() or hci_le_big_terminate(), the memory pointed by variable d is not freed, which will cause memory leak. Add relea | |
| CVE-2023-53016 | Med | 5.5 | < 5.14.21-150500.55.100.1 | 5.14.21-150500.55.100.1 | Mar 27, 2025 | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix possible deadlock in rfcomm_sk_state_change syzbot reports a possible deadlock in rfcomm_sk_state_change [1]. While rfcomm_sock_connect acquires the sk lock and waits for the rfcomm lock, rfcomm_ | |
| CVE-2023-53015 | Med | 5.5 | < 5.14.21-150500.55.100.1 | 5.14.21-150500.55.100.1 | Mar 27, 2025 | In the Linux kernel, the following vulnerability has been resolved: HID: betop: check shape of output reports betopff_init() only checks the total sum of the report counts for each report field to be at least 4, but hid_betopff_play() expects 4 report fields. A device advertisi | |
| CVE-2023-53014 | Med | 5.5 | < 5.14.21-150500.55.103.1 | 5.14.21-150500.55.103.1 | Mar 27, 2025 | In the Linux kernel, the following vulnerability has been resolved: dmaengine: tegra: Fix memory leak in terminate_all() Terminate vdesc when terminating an ongoing transfer. This will ensure that the vdesc is present in the desc_terminated list The descriptor will be freed lat | |
| CVE-2023-53010 | Med | 5.5 | < 5.14.21-150500.55.100.1 | 5.14.21-150500.55.100.1 | Mar 27, 2025 | In the Linux kernel, the following vulnerability has been resolved: bnxt: Do not read past the end of test names Test names were being concatenated based on a offset beyond the end of the first name, which tripped the buffer overflow detection logic: detected buffer overflow | |
| CVE-2023-53009 | Med | 5.5 | < 5.14.21-150500.55.103.1 | 5.14.21-150500.55.103.1 | Mar 27, 2025 | In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Add sync after creating vram bo There will be data corruption on vram allocated by svm if the initialization is not complete and application is writting on the memory. Adding sync to wait for the in |
- affected < 5.14.21-150500.55.103.1fixed 5.14.21-150500.55.103.1
In the Linux kernel, the following vulnerability has been resolved: x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs On the following path, flush_tlb_range() can be used for zapping normal PMD entries (PMD entries that point to page tables) together with the PTE
- affected < 5.14.21-150500.55.103.1fixed 5.14.21-150500.55.103.1
In the Linux kernel, the following vulnerability has been resolved: memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove This fixes the following crash: ================================================================== BUG: KASAN: slab-use-after-free in rt
- affected < 5.14.21-150500.55.103.1fixed 5.14.21-150500.55.103.1
In the Linux kernel, the following vulnerability has been resolved: net: atm: fix use after free in lec_send() The ->send() operation frees skb so save the length before calling ->send() to avoid a use after free.
- affected < 5.14.21-150500.55.110.1fixed 5.14.21-150500.55.110.1
In the Linux kernel, the following vulnerability has been resolved: proc: fix UAF in proc_get_inode() Fix race between rmmod and /proc/XXX's inode instantiation. The bug is that pde->proc_ops don't belong to /proc, it belongs to a module, therefore dereferencing it after /proc
- affected < 5.14.21-150500.55.121.2fixed 5.14.21-150500.55.121.2
In the Linux kernel, the following vulnerability has been resolved: net_sched: Prevent creation of classes with TC_H_ROOT The function qdisc_tree_reduce_backlog() uses TC_H_ROOT as a termination condition when traversing up the qdisc tree to update parent backlog counters. Howe
- affected < 5.14.21-150500.55.100.1fixed 5.14.21-150500.55.100.1
In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_payload: incorrect arithmetics when fetching VLAN header bits If the offset + length goes over the ethernet + vlan header, then the length is adjusted to copy the bytes that are within the bounda
- affected < 5.14.21-150500.55.103.1fixed 5.14.21-150500.55.103.1
In the Linux kernel, the following vulnerability has been resolved: powerpc/imc-pmu: Fix use of mutex in IRQs disabled section Current imc-pmu code triggers a WARNING with CONFIG_DEBUG_ATOMIC_SLEEP and CONFIG_PROVE_LOCKING enabled, while running a thread_imc event. Command to
- affected < 5.14.21-150500.55.100.1fixed 5.14.21-150500.55.100.1
In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: Avoid use of GFP_KERNEL in atomic context Using GFP_KERNEL in preemption disable context, causing below warning when CONFIG_DEBUG_ATOMIC_SLEEP is enabled. [ 32.542271] BUG: sleeping function ca
- affected < 5.14.21-150500.55.100.1fixed 5.14.21-150500.55.100.1
In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: Fix the use of GFP_KERNEL in atomic context on rt The commit 4af1b64f80fb ("octeontx2-pf: Fix lmtst ID used in aura free") uses the get/put_cpu() to protect the usage of percpu pointer in ->aura_f
- affected < 5.14.21-150500.55.100.1fixed 5.14.21-150500.55.100.1
In the Linux kernel, the following vulnerability has been resolved: Revert "wifi: mac80211: fix memory leak in ieee80211_if_add()" This reverts commit 13e5afd3d773c6fc6ca2b89027befaaaa1ea7293. ieee80211_if_free() is already called from free_netdev(ndev) because ndev->priv_dest
- affected < 5.14.21-150500.55.100.1fixed 5.14.21-150500.55.100.1
In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Fix ib block iterator counter overflow When registering a new DMA MR after selecting the best aligned page size for it, we iterate over the given sglist to split each entry to smaller, aligned to the
- affected < 5.14.21-150500.55.100.1fixed 5.14.21-150500.55.100.1
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix pointer-leak due to insufficient speculative store bypass mitigation To mitigate Spectre v4, 2039f26f3aca ("bpf: Fix leakage due to insufficient speculative store bypass mitigation") inserts lfence ins
- affected < 5.14.21-150500.55.100.1fixed 5.14.21-150500.55.100.1
In the Linux kernel, the following vulnerability has been resolved: net: nfc: Fix use-after-free in local_cleanup() Fix a use-after-free that occurs in kfree_skb() called from local_cleanup(). This could happen when killing nfc daemon (e.g. neard) after detaching an nfc device.
- affected < 5.14.21-150500.55.100.1fixed 5.14.21-150500.55.100.1
In the Linux kernel, the following vulnerability has been resolved: net: mdio: validate parameter addr in mdiobus_get_phy() The caller may pass any value as addr, what may result in an out-of-bounds access to array mdio_map. One existing case is stmmac_init_phy() that may pass
- affected < 5.14.21-150500.55.103.1fixed 5.14.21-150500.55.103.1
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_conn: Fix memory leaks When hci_cmd_sync_queue() failed in hci_le_terminate_big() or hci_le_big_terminate(), the memory pointed by variable d is not freed, which will cause memory leak. Add relea
- affected < 5.14.21-150500.55.100.1fixed 5.14.21-150500.55.100.1
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix possible deadlock in rfcomm_sk_state_change syzbot reports a possible deadlock in rfcomm_sk_state_change [1]. While rfcomm_sock_connect acquires the sk lock and waits for the rfcomm lock, rfcomm_
- affected < 5.14.21-150500.55.100.1fixed 5.14.21-150500.55.100.1
In the Linux kernel, the following vulnerability has been resolved: HID: betop: check shape of output reports betopff_init() only checks the total sum of the report counts for each report field to be at least 4, but hid_betopff_play() expects 4 report fields. A device advertisi
- affected < 5.14.21-150500.55.103.1fixed 5.14.21-150500.55.103.1
In the Linux kernel, the following vulnerability has been resolved: dmaengine: tegra: Fix memory leak in terminate_all() Terminate vdesc when terminating an ongoing transfer. This will ensure that the vdesc is present in the desc_terminated list The descriptor will be freed lat
- affected < 5.14.21-150500.55.100.1fixed 5.14.21-150500.55.100.1
In the Linux kernel, the following vulnerability has been resolved: bnxt: Do not read past the end of test names Test names were being concatenated based on a offset beyond the end of the first name, which tripped the buffer overflow detection logic: detected buffer overflow
- affected < 5.14.21-150500.55.103.1fixed 5.14.21-150500.55.103.1
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Add sync after creating vram bo There will be data corruption on vram allocated by svm if the initialization is not complete and application is writting on the memory. Adding sync to wait for the in
Page 73 of 236