rpm package
suse/kernel-default&distro=SUSE Linux Enterprise Server for SAP Applications 15 SP5
pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP5
Vulnerabilities (2,318)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-23089 | — | < 5.14.21-150500.55.141.1 | 5.14.21-150500.55.141.1 | Feb 4, 2026 | In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free() When snd_usb_create_mixer() fails, snd_usb_mixer_free() frees mixer->id_elems but the controls already added to the card still reference the freed mem | ||
| CVE-2026-23060 | — | < 5.14.21-150500.55.141.1 | 5.14.21-150500.55.141.1 | Feb 4, 2026 | In the Linux kernel, the following vulnerability has been resolved: crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec authencesn assumes an ESP/ESN-formatted AAD. When assoclen is shorter than the minimum expected length, crypto_authenc_esn_decrypt() | ||
| CVE-2026-23004 | Hig | 7.8 | < 5.14.21-150500.55.141.1 | 5.14.21-150500.55.141.1 | Jan 25, 2026 | In the Linux kernel, the following vulnerability has been resolved: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() syzbot was able to crash the kernel in rt6_uncached_list_flush_dev() in an interesting way [1] Crash happens in list_del_init()/INIT_LIST_HE | |
| CVE-2026-23001 | Hig | 7.8 | < 5.14.21-150500.55.136.1 | 5.14.21-150500.55.136.1 | Jan 25, 2026 | In the Linux kernel, the following vulnerability has been resolved: macvlan: fix possible UAF in macvlan_forward_source() Add RCU protection on (struct macvlan_source_entry)->vlan. Whenever macvlan_hash_del_source() is called, we must clear entry->vlan pointer before RCU grace | |
| CVE-2026-22999 | Hig | 7.8 | < 5.14.21-150500.55.136.1 | 5.14.21-150500.55.136.1 | Jan 25, 2026 | In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_qfq: do not free existing class in qfq_change_class() Fixes qfq_change_class() error case. cl->qdisc and cl should only be freed if a new class and qdisc were allocated, or we risk various UAF. | |
| CVE-2025-71120 | — | < 5.14.21-150500.55.136.1 | 5.14.21-150500.55.136.1 | Jan 14, 2026 | In the Linux kernel, the following vulnerability has been resolved: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf A zero length gss_token results in pages == 0 and in_token->pages[0] is NULL. The code unconditionally evaluates page_addres | ||
| CVE-2025-71116 | — | < 5.14.21-150500.55.136.1 | 5.14.21-150500.55.136.1 | Jan 14, 2026 | In the Linux kernel, the following vulnerability has been resolved: libceph: make decode_pool() more resilient against corrupted osdmaps If the osdmap is (maliciously) corrupted such that the encoded length of ceph_pg_pool envelope is less than what is expected for a particular | ||
| CVE-2025-71112 | — | < 5.14.21-150500.55.136.1 | 5.14.21-150500.55.136.1 | Jan 14, 2026 | In the Linux kernel, the following vulnerability has been resolved: net: hns3: add VLAN id validation before using Currently, the VLAN id may be used without validation when receive a VLAN configuration mailbox from VF. The length of vlan_del_fail_bmap is BITS_TO_LONGS(VLAN_N_V | ||
| CVE-2025-71089 | Hig | 7.8 | < 5.14.21-150500.55.136.1 | 5.14.21-150500.55.136.1 | Jan 13, 2026 | In the Linux kernel, the following vulnerability has been resolved: iommu: disable SVA when CONFIG_X86 is set Patch series "Fix stale IOTLB entries for kernel address space", v7. This proposes a fix for a security vulnerability related to IOMMU Shared Virtual Addressing (SVA). | |
| CVE-2025-71066 | Hig | 7.5 | < 5.14.21-150500.55.141.1 | 5.14.21-150500.55.141.1 | Jan 13, 2026 | In the Linux kernel, the following vulnerability has been resolved: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change zdi-disclosures@trendmicro.com says: The vulnerability is a race condition between `ets_qdisc_dequeue` and `ets_qdisc_ch | |
| CVE-2025-68818 | — | < 5.14.21-150500.55.144.1 | 5.14.21-150500.55.144.1 | Jan 13, 2026 | In the Linux kernel, the following vulnerability has been resolved: scsi: Revert "scsi: qla2xxx: Perform lockless command completion in abort path" This reverts commit 0367076b0817d5c75dfb83001ce7ce5c64d803a9. The commit being reverted added code to __qla2x00_abort_all_cmds() | ||
| CVE-2025-68813 | — | < 5.14.21-150500.55.136.1 | 5.14.21-150500.55.136.1 | Jan 13, 2026 | In the Linux kernel, the following vulnerability has been resolved: ipvs: fix ipv4 null-ptr-deref in route error path The IPv4 code path in __ip_vs_get_out_rt() calls dst_link_failure() without ensuring skb->dev is set, leading to a NULL pointer dereference in fib_compute_spec_ | ||
| CVE-2025-68771 | — | < 5.14.21-150500.55.136.1 | 5.14.21-150500.55.136.1 | Jan 13, 2026 | In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix kernel BUG in ocfs2_find_victim_chain syzbot reported a kernel BUG in ocfs2_find_victim_chain() because the `cl_next_free_rec` field of the allocation chain list (next free slot in the chain list) is | ||
| CVE-2025-71085 | — | < 5.14.21-150500.55.136.1 | 5.14.21-150500.55.136.1 | Jan 13, 2026 | In the Linux kernel, the following vulnerability has been resolved: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() There exists a kernel oops caused by a BUG_ON(nhead < 0) at net/core/skbuff.c:2232 in pskb_expand_head(). This bug is triggered as part of t | ||
| CVE-2023-54326 | — | < 5.14.21-150500.55.133.1 | 5.14.21-150500.55.133.1 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: misc: pci_endpoint_test: Free IRQs before removing the device In pci_endpoint_test_remove(), freeing the IRQs after removing the device creates a small race window for IRQs to be received with the test device m | ||
| CVE-2023-54325 | — | < 5.14.21-150500.55.133.1 | 5.14.21-150500.55.133.1 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: crypto: qat - fix out-of-bounds read When preparing an AER-CTR request, the driver copies the key provided by the user into a data structure that is accessible by the firmware. If the target device is QAT GEN4, | ||
| CVE-2023-54322 | — | < 5.14.21-150500.55.133.1 | 5.14.21-150500.55.133.1 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: arm64: set __exception_irq_entry with __irq_entry as a default filter_irq_stacks() is supposed to cut entries which are related irq entries from its call stack. And in_irqentry_text() which is called by filter_ | ||
| CVE-2023-54320 | — | < 5.14.21-150500.55.133.1 | 5.14.21-150500.55.133.1 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: platform/x86/amd: pmc: Fix memory leak in amd_pmc_stb_debugfs_open_v2() Function amd_pmc_stb_debugfs_open_v2() may be called when the STB debug mechanism enabled. When amd_pmc_send_cmd() fails, the 'buf' needs | ||
| CVE-2023-54319 | — | < 5.14.21-150500.55.133.1 | 5.14.21-150500.55.133.1 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: pinctrl: at91-pio4: check return value of devm_kasprintf() devm_kasprintf() returns a pointer to dynamically allocated memory. Pointer could be NULL in case allocation fails. Check pointer validity. Identified | ||
| CVE-2023-54317 | — | < 5.14.21-150500.55.133.1 | 5.14.21-150500.55.133.1 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: dm flakey: don't corrupt the zero page When we need to zero some range on a block device, the function __blkdev_issue_zero_pages submits a write bio with the bio vector pointing to the zero page. If we use dm-f |
- CVE-2026-23089Feb 4, 2026affected < 5.14.21-150500.55.141.1fixed 5.14.21-150500.55.141.1
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free() When snd_usb_create_mixer() fails, snd_usb_mixer_free() frees mixer->id_elems but the controls already added to the card still reference the freed mem
- CVE-2026-23060Feb 4, 2026affected < 5.14.21-150500.55.141.1fixed 5.14.21-150500.55.141.1
In the Linux kernel, the following vulnerability has been resolved: crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec authencesn assumes an ESP/ESN-formatted AAD. When assoclen is shorter than the minimum expected length, crypto_authenc_esn_decrypt()
- affected < 5.14.21-150500.55.141.1fixed 5.14.21-150500.55.141.1
In the Linux kernel, the following vulnerability has been resolved: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() syzbot was able to crash the kernel in rt6_uncached_list_flush_dev() in an interesting way [1] Crash happens in list_del_init()/INIT_LIST_HE
- affected < 5.14.21-150500.55.136.1fixed 5.14.21-150500.55.136.1
In the Linux kernel, the following vulnerability has been resolved: macvlan: fix possible UAF in macvlan_forward_source() Add RCU protection on (struct macvlan_source_entry)->vlan. Whenever macvlan_hash_del_source() is called, we must clear entry->vlan pointer before RCU grace
- affected < 5.14.21-150500.55.136.1fixed 5.14.21-150500.55.136.1
In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_qfq: do not free existing class in qfq_change_class() Fixes qfq_change_class() error case. cl->qdisc and cl should only be freed if a new class and qdisc were allocated, or we risk various UAF.
- CVE-2025-71120Jan 14, 2026affected < 5.14.21-150500.55.136.1fixed 5.14.21-150500.55.136.1
In the Linux kernel, the following vulnerability has been resolved: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf A zero length gss_token results in pages == 0 and in_token->pages[0] is NULL. The code unconditionally evaluates page_addres
- CVE-2025-71116Jan 14, 2026affected < 5.14.21-150500.55.136.1fixed 5.14.21-150500.55.136.1
In the Linux kernel, the following vulnerability has been resolved: libceph: make decode_pool() more resilient against corrupted osdmaps If the osdmap is (maliciously) corrupted such that the encoded length of ceph_pg_pool envelope is less than what is expected for a particular
- CVE-2025-71112Jan 14, 2026affected < 5.14.21-150500.55.136.1fixed 5.14.21-150500.55.136.1
In the Linux kernel, the following vulnerability has been resolved: net: hns3: add VLAN id validation before using Currently, the VLAN id may be used without validation when receive a VLAN configuration mailbox from VF. The length of vlan_del_fail_bmap is BITS_TO_LONGS(VLAN_N_V
- affected < 5.14.21-150500.55.136.1fixed 5.14.21-150500.55.136.1
In the Linux kernel, the following vulnerability has been resolved: iommu: disable SVA when CONFIG_X86 is set Patch series "Fix stale IOTLB entries for kernel address space", v7. This proposes a fix for a security vulnerability related to IOMMU Shared Virtual Addressing (SVA).
- affected < 5.14.21-150500.55.141.1fixed 5.14.21-150500.55.141.1
In the Linux kernel, the following vulnerability has been resolved: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change zdi-disclosures@trendmicro.com says: The vulnerability is a race condition between `ets_qdisc_dequeue` and `ets_qdisc_ch
- CVE-2025-68818Jan 13, 2026affected < 5.14.21-150500.55.144.1fixed 5.14.21-150500.55.144.1
In the Linux kernel, the following vulnerability has been resolved: scsi: Revert "scsi: qla2xxx: Perform lockless command completion in abort path" This reverts commit 0367076b0817d5c75dfb83001ce7ce5c64d803a9. The commit being reverted added code to __qla2x00_abort_all_cmds()
- CVE-2025-68813Jan 13, 2026affected < 5.14.21-150500.55.136.1fixed 5.14.21-150500.55.136.1
In the Linux kernel, the following vulnerability has been resolved: ipvs: fix ipv4 null-ptr-deref in route error path The IPv4 code path in __ip_vs_get_out_rt() calls dst_link_failure() without ensuring skb->dev is set, leading to a NULL pointer dereference in fib_compute_spec_
- CVE-2025-68771Jan 13, 2026affected < 5.14.21-150500.55.136.1fixed 5.14.21-150500.55.136.1
In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix kernel BUG in ocfs2_find_victim_chain syzbot reported a kernel BUG in ocfs2_find_victim_chain() because the `cl_next_free_rec` field of the allocation chain list (next free slot in the chain list) is
- CVE-2025-71085Jan 13, 2026affected < 5.14.21-150500.55.136.1fixed 5.14.21-150500.55.136.1
In the Linux kernel, the following vulnerability has been resolved: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() There exists a kernel oops caused by a BUG_ON(nhead < 0) at net/core/skbuff.c:2232 in pskb_expand_head(). This bug is triggered as part of t
- CVE-2023-54326Dec 30, 2025affected < 5.14.21-150500.55.133.1fixed 5.14.21-150500.55.133.1
In the Linux kernel, the following vulnerability has been resolved: misc: pci_endpoint_test: Free IRQs before removing the device In pci_endpoint_test_remove(), freeing the IRQs after removing the device creates a small race window for IRQs to be received with the test device m
- CVE-2023-54325Dec 30, 2025affected < 5.14.21-150500.55.133.1fixed 5.14.21-150500.55.133.1
In the Linux kernel, the following vulnerability has been resolved: crypto: qat - fix out-of-bounds read When preparing an AER-CTR request, the driver copies the key provided by the user into a data structure that is accessible by the firmware. If the target device is QAT GEN4,
- CVE-2023-54322Dec 30, 2025affected < 5.14.21-150500.55.133.1fixed 5.14.21-150500.55.133.1
In the Linux kernel, the following vulnerability has been resolved: arm64: set __exception_irq_entry with __irq_entry as a default filter_irq_stacks() is supposed to cut entries which are related irq entries from its call stack. And in_irqentry_text() which is called by filter_
- CVE-2023-54320Dec 30, 2025affected < 5.14.21-150500.55.133.1fixed 5.14.21-150500.55.133.1
In the Linux kernel, the following vulnerability has been resolved: platform/x86/amd: pmc: Fix memory leak in amd_pmc_stb_debugfs_open_v2() Function amd_pmc_stb_debugfs_open_v2() may be called when the STB debug mechanism enabled. When amd_pmc_send_cmd() fails, the 'buf' needs
- CVE-2023-54319Dec 30, 2025affected < 5.14.21-150500.55.133.1fixed 5.14.21-150500.55.133.1
In the Linux kernel, the following vulnerability has been resolved: pinctrl: at91-pio4: check return value of devm_kasprintf() devm_kasprintf() returns a pointer to dynamically allocated memory. Pointer could be NULL in case allocation fails. Check pointer validity. Identified
- CVE-2023-54317Dec 30, 2025affected < 5.14.21-150500.55.133.1fixed 5.14.21-150500.55.133.1
In the Linux kernel, the following vulnerability has been resolved: dm flakey: don't corrupt the zero page When we need to zero some range on a block device, the function __blkdev_issue_zero_pages submits a write bio with the bio vector pointing to the zero page. If we use dm-f
Page 2 of 116