rpm package
suse/kernel-default&distro=SUSE Linux Enterprise Module for Legacy 15 SP6
pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015%20SP6
Vulnerabilities (3,752)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-40154 | — | < 6.4.0-150600.23.81.3 | 6.4.0-150600.23.81.3 | Nov 12, 2025 | In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping When an invalid value is passed via quirk option, currently bytcr_rt5640 driver only shows an error message but leaves as is. This may lead to unepxect | ||
| CVE-2025-40141 | — | < 6.4.0-150600.23.81.3 | 6.4.0-150600.23.81.3 | Nov 12, 2025 | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ISO: Fix possible UAF on iso_conn_free This attempt to fix similar issue to sco_conn_free where if the conn->sk is not set to NULL may lead to UAF on iso_conn_free. | ||
| CVE-2025-40140 | — | < 6.4.0-150600.23.81.3 | 6.4.0-150600.23.81.3 | Nov 12, 2025 | In the Linux kernel, the following vulnerability has been resolved: net: usb: Remove disruptive netif_wake_queue in rtl8150_set_multicast syzbot reported WARNING in rtl8150_start_xmit/usb_submit_urb. This is the sequence of events that leads to the warning: rtl8150_start_xmit( | ||
| CVE-2025-40139 | — | < 6.4.0-150600.23.81.3 | 6.4.0-150600.23.81.3 | Nov 12, 2025 | In the Linux kernel, the following vulnerability has been resolved: smc: Use __sk_dst_get() and dst_dev_rcu() in in smc_clc_prfx_set(). smc_clc_prfx_set() is called during connect() and not under RCU nor RTNL. Using sk_dst_get(sk)->dev could trigger UAF. Let's use __sk_dst_ge | ||
| CVE-2025-40129 | — | < 6.4.0-150600.23.81.3 | 6.4.0-150600.23.81.3 | Nov 12, 2025 | In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix null pointer dereference on zero-length checksum In xdr_stream_decode_opaque_auth(), zero-length checksum.len causes checksum.data to be set to NULL. This triggers a NPD when accessing checksum.data | ||
| CVE-2025-40127 | — | < 6.4.0-150600.23.81.3 | 6.4.0-150600.23.81.3 | Nov 12, 2025 | In the Linux kernel, the following vulnerability has been resolved: hwrng: ks-sa - fix division by zero in ks_sa_rng_init Fix division by zero in ks_sa_rng_init caused by missing clock pointer initialization. The clk_get_rate() call is performed on an uninitialized clk pointer, | ||
| CVE-2025-40121 | — | < 6.4.0-150600.23.81.3 | 6.4.0-150600.23.81.3 | Nov 12, 2025 | In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping When an invalid value is passed via quirk option, currently bytcr_rt5640 driver just ignores and leaves as is, which may lead to unepxected results lik | ||
| CVE-2025-40120 | — | < 6.4.0-150600.23.81.3 | 6.4.0-150600.23.81.3 | Nov 12, 2025 | In the Linux kernel, the following vulnerability has been resolved: net: usb: asix: hold PM usage ref to avoid PM/MDIO + RTNL deadlock Prevent USB runtime PM (autosuspend) for AX88772* in bind. usbnet enables runtime PM (autosuspend) by default, so disabling it via the usb_dri | ||
| CVE-2025-40118 | — | < 6.4.0-150600.23.81.3 | 6.4.0-150600.23.81.3 | Nov 12, 2025 | In the Linux kernel, the following vulnerability has been resolved: scsi: pm80xx: Fix array-index-out-of-of-bounds on rmmod Since commit f7b705c238d1 ("scsi: pm80xx: Set phy_attached to zero when device is gone") UBSAN reports: UBSAN: array-index-out-of-bounds in drivers/scs | ||
| CVE-2025-40116 | — | < 6.4.0-150600.23.81.3 | 6.4.0-150600.23.81.3 | Nov 12, 2025 | In the Linux kernel, the following vulnerability has been resolved: usb: host: max3421-hcd: Fix error pointer dereference in probe cleanup The kthread_run() function returns error pointers so the max3421_hcd->spi_thread pointer can be either error pointers or NULL. Check for bo | ||
| CVE-2025-40115 | — | < 6.4.0-150600.23.81.3 | 6.4.0-150600.23.81.3 | Nov 12, 2025 | In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Fix crash in transport port remove by using ioc_info() During mpt3sas_transport_port_remove(), messages were logged with dev_printk() against &mpt3sas_port->port->dev. At this point the SAS trans | ||
| CVE-2025-40164 | — | < 6.4.0-150600.23.81.3 | 6.4.0-150600.23.81.3 | Nov 12, 2025 | In the Linux kernel, the following vulnerability has been resolved: usbnet: Fix using smp_processor_id() in preemptible code warnings Syzbot reported the following warning: BUG: using smp_processor_id() in preemptible [00000000] code: dhcpcd/2879 caller is usbnet_skb_return+0x | ||
| CVE-2025-40149 | — | < 6.4.0-150600.23.81.3 | 6.4.0-150600.23.81.3 | Nov 12, 2025 | In the Linux kernel, the following vulnerability has been resolved: tls: Use __sk_dst_get() and dst_dev_rcu() in get_netdev_for_sock(). get_netdev_for_sock() is called during setsockopt(), so not under RCU. Using sk_dst_get(sk)->dev could trigger UAF. Let's use __sk_dst_get() | ||
| CVE-2025-40111 | — | < 6.4.0-150600.23.81.3 | 6.4.0-150600.23.81.3 | Nov 12, 2025 | In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix Use-after-free in validation Nodes stored in the validation duplicates hashtable come from an arena allocator that is cleared at the end of vmw_execbuf_process. All nodes are expected to be clea | ||
| CVE-2025-40110 | — | < 6.4.0-150600.23.81.3 | 6.4.0-150600.23.81.3 | Nov 12, 2025 | In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix a null-ptr access in the cursor snooper Check that the resource which is converted to a surface exists before trying to use the cursor snooper on it. vmw_cmd_res_check allows explicit invalid ( | ||
| CVE-2025-40109 | — | < 6.4.0-150600.23.81.3 | 6.4.0-150600.23.81.3 | Nov 9, 2025 | In the Linux kernel, the following vulnerability has been resolved: crypto: rng - Ensure set_ent is always present Ensure that set_ent is always set since only drbg provides it. | ||
| CVE-2025-40107 | — | < 6.4.0-150600.23.81.3 | 6.4.0-150600.23.81.3 | Nov 3, 2025 | In the Linux kernel, the following vulnerability has been resolved: can: hi311x: fix null pointer dereference when resuming from sleep before interface was enabled This issue is similar to the vulnerability in the `mcp251x` driver, which was fixed in commit 03c427147b2d ("can: | ||
| CVE-2025-40105 | — | < 6.4.0-150600.23.81.3 | 6.4.0-150600.23.81.3 | Oct 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: vfs: Don't leak disconnected dentries on umount When user calls open_by_handle_at() on some inode that is not cached, we will create disconnected dentry for it. If such dentry is a directory, exportfs_decode_fh | ||
| CVE-2025-40100 | — | < 6.4.0-150600.23.78.1 | 6.4.0-150600.23.78.1 | Oct 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: btrfs: do not assert we found block group item when creating free space tree Currently, when building a free space tree at populate_free_space_tree(), if we are not using the block group tree feature, we always | ||
| CVE-2025-40098 | — | < 6.4.0-150600.23.81.3 | 6.4.0-150600.23.81.3 | Oct 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: cs35l41: Fix NULL pointer dereference in cs35l41_get_acpi_mute_state() Return value of a function acpi_evaluate_dsm() is dereferenced without checking for NULL, but it is usually checked for this fu |
- CVE-2025-40154Nov 12, 2025affected < 6.4.0-150600.23.81.3fixed 6.4.0-150600.23.81.3
In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: bytcr_rt5640: Fix invalid quirk input mapping When an invalid value is passed via quirk option, currently bytcr_rt5640 driver only shows an error message but leaves as is. This may lead to unepxect
- CVE-2025-40141Nov 12, 2025affected < 6.4.0-150600.23.81.3fixed 6.4.0-150600.23.81.3
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ISO: Fix possible UAF on iso_conn_free This attempt to fix similar issue to sco_conn_free where if the conn->sk is not set to NULL may lead to UAF on iso_conn_free.
- CVE-2025-40140Nov 12, 2025affected < 6.4.0-150600.23.81.3fixed 6.4.0-150600.23.81.3
In the Linux kernel, the following vulnerability has been resolved: net: usb: Remove disruptive netif_wake_queue in rtl8150_set_multicast syzbot reported WARNING in rtl8150_start_xmit/usb_submit_urb. This is the sequence of events that leads to the warning: rtl8150_start_xmit(
- CVE-2025-40139Nov 12, 2025affected < 6.4.0-150600.23.81.3fixed 6.4.0-150600.23.81.3
In the Linux kernel, the following vulnerability has been resolved: smc: Use __sk_dst_get() and dst_dev_rcu() in in smc_clc_prfx_set(). smc_clc_prfx_set() is called during connect() and not under RCU nor RTNL. Using sk_dst_get(sk)->dev could trigger UAF. Let's use __sk_dst_ge
- CVE-2025-40129Nov 12, 2025affected < 6.4.0-150600.23.81.3fixed 6.4.0-150600.23.81.3
In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix null pointer dereference on zero-length checksum In xdr_stream_decode_opaque_auth(), zero-length checksum.len causes checksum.data to be set to NULL. This triggers a NPD when accessing checksum.data
- CVE-2025-40127Nov 12, 2025affected < 6.4.0-150600.23.81.3fixed 6.4.0-150600.23.81.3
In the Linux kernel, the following vulnerability has been resolved: hwrng: ks-sa - fix division by zero in ks_sa_rng_init Fix division by zero in ks_sa_rng_init caused by missing clock pointer initialization. The clk_get_rate() call is performed on an uninitialized clk pointer,
- CVE-2025-40121Nov 12, 2025affected < 6.4.0-150600.23.81.3fixed 6.4.0-150600.23.81.3
In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: bytcr_rt5651: Fix invalid quirk input mapping When an invalid value is passed via quirk option, currently bytcr_rt5640 driver just ignores and leaves as is, which may lead to unepxected results lik
- CVE-2025-40120Nov 12, 2025affected < 6.4.0-150600.23.81.3fixed 6.4.0-150600.23.81.3
In the Linux kernel, the following vulnerability has been resolved: net: usb: asix: hold PM usage ref to avoid PM/MDIO + RTNL deadlock Prevent USB runtime PM (autosuspend) for AX88772* in bind. usbnet enables runtime PM (autosuspend) by default, so disabling it via the usb_dri
- CVE-2025-40118Nov 12, 2025affected < 6.4.0-150600.23.81.3fixed 6.4.0-150600.23.81.3
In the Linux kernel, the following vulnerability has been resolved: scsi: pm80xx: Fix array-index-out-of-of-bounds on rmmod Since commit f7b705c238d1 ("scsi: pm80xx: Set phy_attached to zero when device is gone") UBSAN reports: UBSAN: array-index-out-of-bounds in drivers/scs
- CVE-2025-40116Nov 12, 2025affected < 6.4.0-150600.23.81.3fixed 6.4.0-150600.23.81.3
In the Linux kernel, the following vulnerability has been resolved: usb: host: max3421-hcd: Fix error pointer dereference in probe cleanup The kthread_run() function returns error pointers so the max3421_hcd->spi_thread pointer can be either error pointers or NULL. Check for bo
- CVE-2025-40115Nov 12, 2025affected < 6.4.0-150600.23.81.3fixed 6.4.0-150600.23.81.3
In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Fix crash in transport port remove by using ioc_info() During mpt3sas_transport_port_remove(), messages were logged with dev_printk() against &mpt3sas_port->port->dev. At this point the SAS trans
- CVE-2025-40164Nov 12, 2025affected < 6.4.0-150600.23.81.3fixed 6.4.0-150600.23.81.3
In the Linux kernel, the following vulnerability has been resolved: usbnet: Fix using smp_processor_id() in preemptible code warnings Syzbot reported the following warning: BUG: using smp_processor_id() in preemptible [00000000] code: dhcpcd/2879 caller is usbnet_skb_return+0x
- CVE-2025-40149Nov 12, 2025affected < 6.4.0-150600.23.81.3fixed 6.4.0-150600.23.81.3
In the Linux kernel, the following vulnerability has been resolved: tls: Use __sk_dst_get() and dst_dev_rcu() in get_netdev_for_sock(). get_netdev_for_sock() is called during setsockopt(), so not under RCU. Using sk_dst_get(sk)->dev could trigger UAF. Let's use __sk_dst_get()
- CVE-2025-40111Nov 12, 2025affected < 6.4.0-150600.23.81.3fixed 6.4.0-150600.23.81.3
In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix Use-after-free in validation Nodes stored in the validation duplicates hashtable come from an arena allocator that is cleared at the end of vmw_execbuf_process. All nodes are expected to be clea
- CVE-2025-40110Nov 12, 2025affected < 6.4.0-150600.23.81.3fixed 6.4.0-150600.23.81.3
In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix a null-ptr access in the cursor snooper Check that the resource which is converted to a surface exists before trying to use the cursor snooper on it. vmw_cmd_res_check allows explicit invalid (
- CVE-2025-40109Nov 9, 2025affected < 6.4.0-150600.23.81.3fixed 6.4.0-150600.23.81.3
In the Linux kernel, the following vulnerability has been resolved: crypto: rng - Ensure set_ent is always present Ensure that set_ent is always set since only drbg provides it.
- CVE-2025-40107Nov 3, 2025affected < 6.4.0-150600.23.81.3fixed 6.4.0-150600.23.81.3
In the Linux kernel, the following vulnerability has been resolved: can: hi311x: fix null pointer dereference when resuming from sleep before interface was enabled This issue is similar to the vulnerability in the `mcp251x` driver, which was fixed in commit 03c427147b2d ("can:
- CVE-2025-40105Oct 30, 2025affected < 6.4.0-150600.23.81.3fixed 6.4.0-150600.23.81.3
In the Linux kernel, the following vulnerability has been resolved: vfs: Don't leak disconnected dentries on umount When user calls open_by_handle_at() on some inode that is not cached, we will create disconnected dentry for it. If such dentry is a directory, exportfs_decode_fh
- CVE-2025-40100Oct 30, 2025affected < 6.4.0-150600.23.78.1fixed 6.4.0-150600.23.78.1
In the Linux kernel, the following vulnerability has been resolved: btrfs: do not assert we found block group item when creating free space tree Currently, when building a free space tree at populate_free_space_tree(), if we are not using the block group tree feature, we always
- CVE-2025-40098Oct 30, 2025affected < 6.4.0-150600.23.81.3fixed 6.4.0-150600.23.81.3
In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: cs35l41: Fix NULL pointer dereference in cs35l41_get_acpi_mute_state() Return value of a function acpi_evaluate_dsm() is dereferenced without checking for NULL, but it is usually checked for this fu
Page 2 of 188