rpm package
suse/kernel-default&distro=SUSE Linux Enterprise Module for Legacy 15 SP7
pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Legacy%2015%20SP7
Vulnerabilities (2,262)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-38574 | — | < 6.4.0-150700.53.19.1 | 6.4.0-150700.53.19.1 | Aug 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: pptp: ensure minimal skb length in pptp_xmit() Commit aabc6596ffb3 ("net: ppp: Add bound checking for skb data on ppp_sync_txmung") fixed ppp_sync_txmunge() We need a similar fix in pptp_xmit(), otherwise we m | ||
| CVE-2025-38572 | — | < 6.4.0-150700.53.16.1 | 6.4.0-150700.53.16.1 | Aug 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: ipv6: reject malicious packets in ipv6_gso_segment() syzbot was able to craft a packet with very long IPv6 extension headers leading to an overflow of skb->transport_header. This 16bit field has a limited rang | ||
| CVE-2025-38571 | — | < 6.4.0-150700.53.16.1 | 6.4.0-150700.53.16.1 | Aug 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix client side handling of tls alerts A security exploit was discovered in NFS over TLS in tls_alert_recv due to its assumption that there is valid data in the msghdr's iterator's kvec. Instead, this | ||
| CVE-2025-38568 | — | < 6.4.0-150700.53.16.1 | 6.4.0-150700.53.16.1 | Aug 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: net/sched: mqprio: fix stack out-of-bounds write in tc entry parsing TCA_MQPRIO_TC_ENTRY_INDEX is validated using NLA_POLICY_MAX(NLA_U32, TC_QOPT_MAX_QUEUE), which allows the value TC_QOPT_MAX_QUEUE (16). This | ||
| CVE-2025-38566 | — | < 6.4.0-150700.53.16.1 | 6.4.0-150700.53.16.1 | Aug 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix handling of server side tls alerts Scott Mayhew discovered a security exploit in NFS over TLS in tls_alert_recv() due to its assumption it can read data from the msg iterator's kvec.. kTLS implemen | ||
| CVE-2025-38565 | — | < 6.4.0-150700.53.16.1 | 6.4.0-150700.53.16.1 | Aug 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: perf/core: Exit early on perf_mmap() fail When perf_mmap() fails to allocate a buffer, it still invokes the event_mapped() callback of the related event. On X86 this might increase the perf_rdpmc_allowed refere | ||
| CVE-2025-38563 | — | < 6.4.0-150700.53.16.1 | 6.4.0-150700.53.16.1 | Aug 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: perf/core: Prevent VMA split of buffer mappings The perf mmap code is careful about mmap()'ing the user page with the ringbuffer and additionally the auxiliary buffer, when the event supports it. Once the first | ||
| CVE-2025-38560 | — | < 6.4.0-150700.53.16.1 | 6.4.0-150700.53.16.1 | Aug 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: x86/sev: Evict cache lines during SNP memory validation An SNP cache coherency vulnerability requires a cache line eviction mitigation when validating memory after a page state change to private. The specific m | ||
| CVE-2025-38556 | — | < 6.4.0-150700.53.19.1 | 6.4.0-150700.53.19.1 | Aug 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: HID: core: Harden s32ton() against conversion to 0 bits Testing by the syzbot fuzzer showed that the HID core gets a shift-out-of-bounds exception when it tries to convert a 32-bit quantity to a 0-bit quantity. | ||
| CVE-2025-38555 | — | < 6.4.0-150700.53.16.1 | 6.4.0-150700.53.16.1 | Aug 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: usb: gadget : fix use-after-free in composite_dev_cleanup() 1. In func configfs_composite_bind() -> composite_os_desc_req_prepare(): if kmalloc fails, the pointer cdev->os_desc_req will be freed but not set to | ||
| CVE-2025-38553 | — | < 6.4.0-150700.53.16.1 | 6.4.0-150700.53.16.1 | Aug 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: net/sched: Restrict conditions for adding duplicating netems to qdisc tree netem_enqueue's duplication prevention logic breaks when a netem resides in a qdisc tree with other netems - this can lead to a soft lo | ||
| CVE-2023-3867 | — | < 6.4.0-150700.53.16.1 | 6.4.0-150700.53.16.1 | Aug 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix out of bounds read in smb2_sess_setup ksmbd does not consider the case of that smb2 session setup is in compound request. If this is the second payload of the compound, OOB read issue occurs while pr | ||
| CVE-2023-4130 | — | < 6.4.0-150700.53.16.1 | 6.4.0-150700.53.16.1 | Aug 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix wrong next length validation of ea buffer in smb2_set_ea() There are multiple smb2_ea_info buffers in FILE_FULL_EA_INFORMATION request from client. ksmbd find next smb2_ea_info using ->NextEntryOffse | ||
| CVE-2023-4515 | — | < 6.4.0-150700.53.16.1 | 6.4.0-150700.53.16.1 | Aug 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate command request size In commit 2b9b8f3b68ed ("ksmbd: validate command payload size"), except for SMB2_OPLOCK_BREAK_HE command, the request size of other commands is not checked, it's not expecte | ||
| CVE-2025-38552 | Hig | 7.8 | < 6.4.0-150700.53.22.1 | 6.4.0-150700.53.22.1 | Aug 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: mptcp: plug races between subflow fail and subflow creation We have races similar to the one addressed by the previous patch between subflow failing and additional subflow creation. They are just harder to trig | |
| CVE-2025-38531 | Med | 5.5 | < 6.4.0-150700.53.16.1 | 6.4.0-150700.53.16.1 | Aug 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: iio: common: st_sensors: Fix use of uninitialize device structs Throughout the various probe functions &indio_dev->dev is used before it is initialized. This caused a kernel panic in st_sensors_power_enable() w | |
| CVE-2025-38550 | — | < 6.4.0-150700.53.16.1 | 6.4.0-150700.53.16.1 | Aug 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: ipv6: mcast: Delay put pmc->idev in mld_del_delrec() pmc->idev is still used in ip6_mc_clear_src(), so as mld_clear_delrec() does, the reference should be put after ip6_mc_clear_src() return. | ||
| CVE-2025-38548 | — | < 6.4.0-150700.53.16.1 | 6.4.0-150700.53.16.1 | Aug 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: hwmon: (corsair-cpro) Validate the size of the received input buffer Add buffer_recv_size to store the size of the received bytes. Validate buffer_recv_size in send_usb_cmd(). | ||
| CVE-2025-38546 | — | < 6.4.0-150700.53.16.1 | 6.4.0-150700.53.16.1 | Aug 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: atm: clip: Fix memory leak of struct clip_vcc. ioctl(ATMARP_MKIP) allocates struct clip_vcc and set it to vcc->user_back. The code assumes that vcc_destroy_socket() passes NULL skb to vcc->push() when the sock | ||
| CVE-2025-38544 | — | < 6.4.0-150700.53.19.1 | 6.4.0-150700.53.19.1 | Aug 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix bug due to prealloc collision When userspace is using AF_RXRPC to provide a server, it has to preallocate incoming calls and assign to them call IDs that will be used to thread related recvmsg() and |
- CVE-2025-38574Aug 19, 2025affected < 6.4.0-150700.53.19.1fixed 6.4.0-150700.53.19.1
In the Linux kernel, the following vulnerability has been resolved: pptp: ensure minimal skb length in pptp_xmit() Commit aabc6596ffb3 ("net: ppp: Add bound checking for skb data on ppp_sync_txmung") fixed ppp_sync_txmunge() We need a similar fix in pptp_xmit(), otherwise we m
- CVE-2025-38572Aug 19, 2025affected < 6.4.0-150700.53.16.1fixed 6.4.0-150700.53.16.1
In the Linux kernel, the following vulnerability has been resolved: ipv6: reject malicious packets in ipv6_gso_segment() syzbot was able to craft a packet with very long IPv6 extension headers leading to an overflow of skb->transport_header. This 16bit field has a limited rang
- CVE-2025-38571Aug 19, 2025affected < 6.4.0-150700.53.16.1fixed 6.4.0-150700.53.16.1
In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix client side handling of tls alerts A security exploit was discovered in NFS over TLS in tls_alert_recv due to its assumption that there is valid data in the msghdr's iterator's kvec. Instead, this
- CVE-2025-38568Aug 19, 2025affected < 6.4.0-150700.53.16.1fixed 6.4.0-150700.53.16.1
In the Linux kernel, the following vulnerability has been resolved: net/sched: mqprio: fix stack out-of-bounds write in tc entry parsing TCA_MQPRIO_TC_ENTRY_INDEX is validated using NLA_POLICY_MAX(NLA_U32, TC_QOPT_MAX_QUEUE), which allows the value TC_QOPT_MAX_QUEUE (16). This
- CVE-2025-38566Aug 19, 2025affected < 6.4.0-150700.53.16.1fixed 6.4.0-150700.53.16.1
In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix handling of server side tls alerts Scott Mayhew discovered a security exploit in NFS over TLS in tls_alert_recv() due to its assumption it can read data from the msg iterator's kvec.. kTLS implemen
- CVE-2025-38565Aug 19, 2025affected < 6.4.0-150700.53.16.1fixed 6.4.0-150700.53.16.1
In the Linux kernel, the following vulnerability has been resolved: perf/core: Exit early on perf_mmap() fail When perf_mmap() fails to allocate a buffer, it still invokes the event_mapped() callback of the related event. On X86 this might increase the perf_rdpmc_allowed refere
- CVE-2025-38563Aug 19, 2025affected < 6.4.0-150700.53.16.1fixed 6.4.0-150700.53.16.1
In the Linux kernel, the following vulnerability has been resolved: perf/core: Prevent VMA split of buffer mappings The perf mmap code is careful about mmap()'ing the user page with the ringbuffer and additionally the auxiliary buffer, when the event supports it. Once the first
- CVE-2025-38560Aug 19, 2025affected < 6.4.0-150700.53.16.1fixed 6.4.0-150700.53.16.1
In the Linux kernel, the following vulnerability has been resolved: x86/sev: Evict cache lines during SNP memory validation An SNP cache coherency vulnerability requires a cache line eviction mitigation when validating memory after a page state change to private. The specific m
- CVE-2025-38556Aug 19, 2025affected < 6.4.0-150700.53.19.1fixed 6.4.0-150700.53.19.1
In the Linux kernel, the following vulnerability has been resolved: HID: core: Harden s32ton() against conversion to 0 bits Testing by the syzbot fuzzer showed that the HID core gets a shift-out-of-bounds exception when it tries to convert a 32-bit quantity to a 0-bit quantity.
- CVE-2025-38555Aug 19, 2025affected < 6.4.0-150700.53.16.1fixed 6.4.0-150700.53.16.1
In the Linux kernel, the following vulnerability has been resolved: usb: gadget : fix use-after-free in composite_dev_cleanup() 1. In func configfs_composite_bind() -> composite_os_desc_req_prepare(): if kmalloc fails, the pointer cdev->os_desc_req will be freed but not set to
- CVE-2025-38553Aug 19, 2025affected < 6.4.0-150700.53.16.1fixed 6.4.0-150700.53.16.1
In the Linux kernel, the following vulnerability has been resolved: net/sched: Restrict conditions for adding duplicating netems to qdisc tree netem_enqueue's duplication prevention logic breaks when a netem resides in a qdisc tree with other netems - this can lead to a soft lo
- CVE-2023-3867Aug 16, 2025affected < 6.4.0-150700.53.16.1fixed 6.4.0-150700.53.16.1
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix out of bounds read in smb2_sess_setup ksmbd does not consider the case of that smb2 session setup is in compound request. If this is the second payload of the compound, OOB read issue occurs while pr
- CVE-2023-4130Aug 16, 2025affected < 6.4.0-150700.53.16.1fixed 6.4.0-150700.53.16.1
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix wrong next length validation of ea buffer in smb2_set_ea() There are multiple smb2_ea_info buffers in FILE_FULL_EA_INFORMATION request from client. ksmbd find next smb2_ea_info using ->NextEntryOffse
- CVE-2023-4515Aug 16, 2025affected < 6.4.0-150700.53.16.1fixed 6.4.0-150700.53.16.1
In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate command request size In commit 2b9b8f3b68ed ("ksmbd: validate command payload size"), except for SMB2_OPLOCK_BREAK_HE command, the request size of other commands is not checked, it's not expecte
- affected < 6.4.0-150700.53.22.1fixed 6.4.0-150700.53.22.1
In the Linux kernel, the following vulnerability has been resolved: mptcp: plug races between subflow fail and subflow creation We have races similar to the one addressed by the previous patch between subflow failing and additional subflow creation. They are just harder to trig
- affected < 6.4.0-150700.53.16.1fixed 6.4.0-150700.53.16.1
In the Linux kernel, the following vulnerability has been resolved: iio: common: st_sensors: Fix use of uninitialize device structs Throughout the various probe functions &indio_dev->dev is used before it is initialized. This caused a kernel panic in st_sensors_power_enable() w
- CVE-2025-38550Aug 16, 2025affected < 6.4.0-150700.53.16.1fixed 6.4.0-150700.53.16.1
In the Linux kernel, the following vulnerability has been resolved: ipv6: mcast: Delay put pmc->idev in mld_del_delrec() pmc->idev is still used in ip6_mc_clear_src(), so as mld_clear_delrec() does, the reference should be put after ip6_mc_clear_src() return.
- CVE-2025-38548Aug 16, 2025affected < 6.4.0-150700.53.16.1fixed 6.4.0-150700.53.16.1
In the Linux kernel, the following vulnerability has been resolved: hwmon: (corsair-cpro) Validate the size of the received input buffer Add buffer_recv_size to store the size of the received bytes. Validate buffer_recv_size in send_usb_cmd().
- CVE-2025-38546Aug 16, 2025affected < 6.4.0-150700.53.16.1fixed 6.4.0-150700.53.16.1
In the Linux kernel, the following vulnerability has been resolved: atm: clip: Fix memory leak of struct clip_vcc. ioctl(ATMARP_MKIP) allocates struct clip_vcc and set it to vcc->user_back. The code assumes that vcc_destroy_socket() passes NULL skb to vcc->push() when the sock
- CVE-2025-38544Aug 16, 2025affected < 6.4.0-150700.53.19.1fixed 6.4.0-150700.53.19.1
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix bug due to prealloc collision When userspace is using AF_RXRPC to provide a server, it has to preallocate incoming calls and assign to them call IDs that will be used to thread related recvmsg() and
Page 67 of 114