rpm package

suse/kernel-default&distro=SUSE Linux Enterprise Server 15 SP3-LTSS

pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSS

Vulnerabilities (1,483)

CVE	CVSS	Affected versions	Fixed in	Published	Description
CVE-2022-49767	—	< 5.3.18-150300.59.207.1	5.3.18-150300.59.207.1	May 1, 2025	In the Linux kernel, the following vulnerability has been resolved: 9p/trans_fd: always use O_NONBLOCK read/write syzbot is reporting hung task at p9_fd_close() [1], for p9_mux_poll_stop() from p9_conn_destroy() from p9_fd_close() is failing to interrupt already started kernel
CVE-2020-36790	—	< 5.3.18-150300.59.207.1	5.3.18-150300.59.207.1	May 1, 2025	In the Linux kernel, the following vulnerability has been resolved: nvmet: fix a memory leak We forgot to free new_model_number
CVE-2025-37789	—	< 5.3.18-150300.59.207.1	5.3.18-150300.59.207.1	May 1, 2025	In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix nested key length validation in the set() action It's not safe to access nla_len(ovs_key) if the data is smaller than the netlink header. Check that the attribute is OK first.
CVE-2025-37752	—	< 5.3.18-150300.59.211.1	5.3.18-150300.59.211.1	May 1, 2025	In the Linux kernel, the following vulnerability has been resolved: net_sched: sch_sfq: move the limit validation It is not sufficient to directly validate the limit on the data that the user passes as it can be updated based on how the other parameters are changed. Move the c
CVE-2025-40364	—	< 5.3.18-150300.59.207.1	5.3.18-150300.59.207.1	Apr 18, 2025	In the Linux kernel, the following vulnerability has been resolved: io_uring: fix io_req_prep_async with provided buffers io_req_prep_async() can import provided buffers, commit the ring state by giving up on that before, it'll be reimported later if needed.
CVE-2021-47670	—	< 5.3.18-150300.59.204.1	5.3.18-150300.59.204.1	Apr 17, 2025	In the Linux kernel, the following vulnerability has been resolved: can: peak_usb: fix use after free bugs After calling peak_usb_netif_rx_ni(skb), dereferencing skb is unsafe. Especially, the can_frame cf which aliases skb memory is accessed after the peak_usb_netif_rx_ni().
CVE-2021-47669	—	< 5.3.18-150300.59.204.1	5.3.18-150300.59.204.1	Apr 17, 2025	In the Linux kernel, the following vulnerability has been resolved: can: vxcan: vxcan_xmit: fix use after free bug After calling netif_rx_ni(skb), dereferencing skb is unsafe. Especially, the canfd_frame cfd which aliases skb memory is accessed after the netif_rx_ni().
CVE-2021-47668	—	< 5.3.18-150300.59.204.1	5.3.18-150300.59.204.1	Apr 17, 2025	In the Linux kernel, the following vulnerability has been resolved: can: dev: can_restart: fix use after free bug After calling netif_rx_ni(skb), dereferencing skb is unsafe. Especially, the can_frame cf which aliases skb memory is accessed after the netif_rx_ni() in: sta
CVE-2020-36789	—	< 5.3.18-150300.59.204.1	5.3.18-150300.59.204.1	Apr 17, 2025	In the Linux kernel, the following vulnerability has been resolved: can: dev: can_get_echo_skb(): prevent call to kfree_skb() in hard IRQ context If a driver calls can_get_echo_skb() during a hardware IRQ (which is often, but not always, the case), the 'WARN_ON(in_irq)' in net/
CVE-2025-22121	—	< 5.3.18-150300.59.207.1	5.3.18-150300.59.207.1	Apr 16, 2025	In the Linux kernel, the following vulnerability has been resolved: ext4: fix out-of-bound read in ext4_xattr_inode_dec_ref_all() There's issue as follows: BUG: KASAN: use-after-free in ext4_xattr_inode_dec_ref_all+0x6ff/0x790 Read of size 4 at addr ffff88807b003000 by task syz
CVE-2025-22055	—	< 5.3.18-150300.59.204.1	5.3.18-150300.59.204.1	Apr 16, 2025	In the Linux kernel, the following vulnerability has been resolved: net: fix geneve_opt length integer overflow struct geneve_opt uses 5 bit length for each single option, which means every vary size option should be smaller than 128 bytes. However, all current related Netlink
CVE-2025-22045	—	< 5.3.18-150300.59.218.1	5.3.18-150300.59.218.1	Apr 16, 2025	In the Linux kernel, the following vulnerability has been resolved: x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs On the following path, flush_tlb_range() can be used for zapping normal PMD entries (PMD entries that point to page tables) together with the PTE
CVE-2025-22028	—	< 5.3.18-150300.59.207.1	5.3.18-150300.59.207.1	Apr 16, 2025	In the Linux kernel, the following vulnerability has been resolved: media: vimc: skip .s_stream() for stopped entities Syzbot reported [1] a warning prompted by a check in call_s_stream() that checks whether .s_stream() operation is warranted for unstarted or stopped subdevs.
CVE-2025-22020	—	< 5.3.18-150300.59.204.1	5.3.18-150300.59.204.1	Apr 16, 2025	In the Linux kernel, the following vulnerability has been resolved: memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove This fixes the following crash: ================================================================== BUG: KASAN: slab-use-after-free in rt
CVE-2025-22004	—	< 5.3.18-150300.59.204.1	5.3.18-150300.59.204.1	Apr 3, 2025	In the Linux kernel, the following vulnerability has been resolved: net: atm: fix use after free in lec_send() The ->send() operation frees skb so save the length before calling ->send() to avoid a use after free.
CVE-2025-21999	—	< 5.3.18-150300.59.207.1	5.3.18-150300.59.207.1	Apr 3, 2025	In the Linux kernel, the following vulnerability has been resolved: proc: fix UAF in proc_get_inode() Fix race between rmmod and /proc/XXX's inode instantiation. The bug is that pde->proc_ops don't belong to /proc, it belongs to a module, therefore dereferencing it after /proc
CVE-2025-21971	—	< 5.3.18-150300.59.218.1	5.3.18-150300.59.218.1	Apr 1, 2025	In the Linux kernel, the following vulnerability has been resolved: net_sched: Prevent creation of classes with TC_H_ROOT The function qdisc_tree_reduce_backlog() uses TC_H_ROOT as a termination condition when traversing up the qdisc tree to update parent backlog counters. Howe
CVE-2025-21969	—	< 5.3.18-150300.59.221.1	5.3.18-150300.59.221.1	Apr 1, 2025	In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix slab-use-after-free Read in l2cap_send_cmd After the hci sync command releases l2cap_conn, the hci receive data work queue references the released l2cap_conn when sending to the upper laye
CVE-2023-53033	—	< 5.3.18-150300.59.204.1	5.3.18-150300.59.204.1	Mar 27, 2025	In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_payload: incorrect arithmetics when fetching VLAN header bits If the offset + length goes over the ethernet + vlan header, then the length is adjusted to copy the bytes that are within the bounda
CVE-2023-53026	—	< 5.3.18-150300.59.204.1	5.3.18-150300.59.204.1	Mar 27, 2025	In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Fix ib block iterator counter overflow When registering a new DMA MR after selecting the best aligned page size for it, we iterate over the given sglist to split each entry to smaller, aligned to the

CVE-2022-49767May 1, 2025
affected < 5.3.18-150300.59.207.1fixed 5.3.18-150300.59.207.1
In the Linux kernel, the following vulnerability has been resolved: 9p/trans_fd: always use O_NONBLOCK read/write syzbot is reporting hung task at p9_fd_close() [1], for p9_mux_poll_stop() from p9_conn_destroy() from p9_fd_close() is failing to interrupt already started kernel
CVE-2020-36790May 1, 2025
affected < 5.3.18-150300.59.207.1fixed 5.3.18-150300.59.207.1
In the Linux kernel, the following vulnerability has been resolved: nvmet: fix a memory leak We forgot to free new_model_number
CVE-2025-37789May 1, 2025
affected < 5.3.18-150300.59.207.1fixed 5.3.18-150300.59.207.1
In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix nested key length validation in the set() action It's not safe to access nla_len(ovs_key) if the data is smaller than the netlink header. Check that the attribute is OK first.
CVE-2025-37752May 1, 2025
affected < 5.3.18-150300.59.211.1fixed 5.3.18-150300.59.211.1
In the Linux kernel, the following vulnerability has been resolved: net_sched: sch_sfq: move the limit validation It is not sufficient to directly validate the limit on the data that the user passes as it can be updated based on how the other parameters are changed. Move the c
CVE-2025-40364Apr 18, 2025
affected < 5.3.18-150300.59.207.1fixed 5.3.18-150300.59.207.1
In the Linux kernel, the following vulnerability has been resolved: io_uring: fix io_req_prep_async with provided buffers io_req_prep_async() can import provided buffers, commit the ring state by giving up on that before, it'll be reimported later if needed.
CVE-2021-47670Apr 17, 2025
affected < 5.3.18-150300.59.204.1fixed 5.3.18-150300.59.204.1
In the Linux kernel, the following vulnerability has been resolved: can: peak_usb: fix use after free bugs After calling peak_usb_netif_rx_ni(skb), dereferencing skb is unsafe. Especially, the can_frame cf which aliases skb memory is accessed after the peak_usb_netif_rx_ni().
CVE-2021-47669Apr 17, 2025
affected < 5.3.18-150300.59.204.1fixed 5.3.18-150300.59.204.1
In the Linux kernel, the following vulnerability has been resolved: can: vxcan: vxcan_xmit: fix use after free bug After calling netif_rx_ni(skb), dereferencing skb is unsafe. Especially, the canfd_frame cfd which aliases skb memory is accessed after the netif_rx_ni().
CVE-2021-47668Apr 17, 2025
affected < 5.3.18-150300.59.204.1fixed 5.3.18-150300.59.204.1
In the Linux kernel, the following vulnerability has been resolved: can: dev: can_restart: fix use after free bug After calling netif_rx_ni(skb), dereferencing skb is unsafe. Especially, the can_frame cf which aliases skb memory is accessed after the netif_rx_ni() in: sta
CVE-2020-36789Apr 17, 2025
affected < 5.3.18-150300.59.204.1fixed 5.3.18-150300.59.204.1
In the Linux kernel, the following vulnerability has been resolved: can: dev: can_get_echo_skb(): prevent call to kfree_skb() in hard IRQ context If a driver calls can_get_echo_skb() during a hardware IRQ (which is often, but not always, the case), the 'WARN_ON(in_irq)' in net/
CVE-2025-22121Apr 16, 2025
affected < 5.3.18-150300.59.207.1fixed 5.3.18-150300.59.207.1
In the Linux kernel, the following vulnerability has been resolved: ext4: fix out-of-bound read in ext4_xattr_inode_dec_ref_all() There's issue as follows: BUG: KASAN: use-after-free in ext4_xattr_inode_dec_ref_all+0x6ff/0x790 Read of size 4 at addr ffff88807b003000 by task syz
CVE-2025-22055Apr 16, 2025
affected < 5.3.18-150300.59.204.1fixed 5.3.18-150300.59.204.1
In the Linux kernel, the following vulnerability has been resolved: net: fix geneve_opt length integer overflow struct geneve_opt uses 5 bit length for each single option, which means every vary size option should be smaller than 128 bytes. However, all current related Netlink
CVE-2025-22045Apr 16, 2025
affected < 5.3.18-150300.59.218.1fixed 5.3.18-150300.59.218.1
In the Linux kernel, the following vulnerability has been resolved: x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs On the following path, flush_tlb_range() can be used for zapping normal PMD entries (PMD entries that point to page tables) together with the PTE
CVE-2025-22028Apr 16, 2025
affected < 5.3.18-150300.59.207.1fixed 5.3.18-150300.59.207.1
In the Linux kernel, the following vulnerability has been resolved: media: vimc: skip .s_stream() for stopped entities Syzbot reported [1] a warning prompted by a check in call_s_stream() that checks whether .s_stream() operation is warranted for unstarted or stopped subdevs.
CVE-2025-22020Apr 16, 2025
affected < 5.3.18-150300.59.204.1fixed 5.3.18-150300.59.204.1
In the Linux kernel, the following vulnerability has been resolved: memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove This fixes the following crash: ================================================================== BUG: KASAN: slab-use-after-free in rt
CVE-2025-22004Apr 3, 2025
affected < 5.3.18-150300.59.204.1fixed 5.3.18-150300.59.204.1
In the Linux kernel, the following vulnerability has been resolved: net: atm: fix use after free in lec_send() The ->send() operation frees skb so save the length before calling ->send() to avoid a use after free.
CVE-2025-21999Apr 3, 2025
affected < 5.3.18-150300.59.207.1fixed 5.3.18-150300.59.207.1
In the Linux kernel, the following vulnerability has been resolved: proc: fix UAF in proc_get_inode() Fix race between rmmod and /proc/XXX's inode instantiation. The bug is that pde->proc_ops don't belong to /proc, it belongs to a module, therefore dereferencing it after /proc
CVE-2025-21971Apr 1, 2025
affected < 5.3.18-150300.59.218.1fixed 5.3.18-150300.59.218.1
In the Linux kernel, the following vulnerability has been resolved: net_sched: Prevent creation of classes with TC_H_ROOT The function qdisc_tree_reduce_backlog() uses TC_H_ROOT as a termination condition when traversing up the qdisc tree to update parent backlog counters. Howe
CVE-2025-21969Apr 1, 2025
affected < 5.3.18-150300.59.221.1fixed 5.3.18-150300.59.221.1
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix slab-use-after-free Read in l2cap_send_cmd After the hci sync command releases l2cap_conn, the hci receive data work queue references the released l2cap_conn when sending to the upper laye
CVE-2023-53033Mar 27, 2025
affected < 5.3.18-150300.59.204.1fixed 5.3.18-150300.59.204.1
In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_payload: incorrect arithmetics when fetching VLAN header bits If the offset + length goes over the ethernet + vlan header, then the length is adjusted to copy the bytes that are within the bounda
CVE-2023-53026Mar 27, 2025
affected < 5.3.18-150300.59.204.1fixed 5.3.18-150300.59.204.1
In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Fix ib block iterator counter overflow When registering a new DMA MR after selecting the best aligned page size for it, we iterate over the given sglist to split each entry to smaller, aligned to the

Page 16 of 75