rpm package
suse/kernel-default&distro=SUSE Linux Enterprise Workstation Extension 15 SP6
pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP6
Vulnerabilities (3,752)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-21772 | Hig | 7.8 | < 6.4.0-150600.23.47.2 | 6.4.0-150600.23.47.2 | Feb 27, 2025 | In the Linux kernel, the following vulnerability has been resolved: partitions: mac: fix handling of bogus partition table Fix several issues in partition probing: - The bailout for a bad partoffset must use put_dev_sector(), since the preceding read_part_sector() succeede | |
| CVE-2025-21768 | Med | 5.5 | < 6.4.0-150600.23.50.1 | 6.4.0-150600.23.50.1 | Feb 27, 2025 | In the Linux kernel, the following vulnerability has been resolved: net: ipv6: fix dst ref loops in rpl, seg6 and ioam6 lwtunnels Some lwtunnels have a dst cache for post-transformation dst. If the packet destination did not change we may end up recording a reference to the lwt | |
| CVE-2025-21767 | Med | 5.5 | < 6.4.0-150600.23.42.2 | 6.4.0-150600.23.42.2 | Feb 27, 2025 | In the Linux kernel, the following vulnerability has been resolved: clocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context The following bug report happened with a PREEMPT_RT kernel: BUG: sleeping function called from invalid context at kernel | |
| CVE-2025-21766 | Med | 5.5 | < 6.4.0-150600.23.47.2 | 6.4.0-150600.23.47.2 | Feb 27, 2025 | In the Linux kernel, the following vulnerability has been resolved: ipv4: use RCU protection in __ip_rt_update_pmtu() __ip_rt_update_pmtu() must use RCU protection to make sure the net structure it reads does not disappear. | |
| CVE-2025-21765 | Med | 5.5 | < 6.4.0-150600.23.47.2 | 6.4.0-150600.23.47.2 | Feb 27, 2025 | In the Linux kernel, the following vulnerability has been resolved: ipv6: use RCU protection in ip6_default_advmss() ip6_default_advmss() needs rcu protection to make sure the net structure it reads does not disappear. | |
| CVE-2025-21764 | Hig | 7.8 | < 6.4.0-150600.23.47.2 | 6.4.0-150600.23.47.2 | Feb 27, 2025 | In the Linux kernel, the following vulnerability has been resolved: ndisc: use RCU protection in ndisc_alloc_skb() ndisc_alloc_skb() can be called without RTNL or RCU being held. Add RCU protection to avoid possible UAF. | |
| CVE-2025-21763 | Hig | 7.8 | < 6.4.0-150600.23.47.2 | 6.4.0-150600.23.47.2 | Feb 27, 2025 | In the Linux kernel, the following vulnerability has been resolved: neighbour: use RCU protection in __neigh_notify() __neigh_notify() can be called without RTNL or RCU protection. Use RCU protection to avoid potential UAF. | |
| CVE-2025-21762 | Hig | 7.8 | < 6.4.0-150600.23.47.2 | 6.4.0-150600.23.47.2 | Feb 27, 2025 | In the Linux kernel, the following vulnerability has been resolved: arp: use RCU protection in arp_xmit() arp_xmit() can be called without RTNL or RCU protection. Use RCU protection to avoid potential UAF. | |
| CVE-2025-21761 | Hig | 7.8 | < 6.4.0-150600.23.47.2 | 6.4.0-150600.23.47.2 | Feb 27, 2025 | In the Linux kernel, the following vulnerability has been resolved: openvswitch: use RCU protection in ovs_vport_cmd_fill_info() ovs_vport_cmd_fill_info() can be called without RTNL or RCU. Use RCU protection and dev_net_rcu() to avoid potential UAF. | |
| CVE-2025-21760 | Hig | 7.8 | < 6.4.0-150600.23.47.2 | 6.4.0-150600.23.47.2 | Feb 27, 2025 | In the Linux kernel, the following vulnerability has been resolved: ndisc: extend RCU protection in ndisc_send_skb() ndisc_send_skb() can be called without RTNL or RCU held. Acquire rcu_read_lock() earlier, so that we can use dev_net_rcu() and avoid a potential UAF. | |
| CVE-2025-21759 | Hig | 7.8 | < 6.4.0-150600.23.47.2 | 6.4.0-150600.23.47.2 | Feb 27, 2025 | In the Linux kernel, the following vulnerability has been resolved: ipv6: mcast: extend RCU protection in igmp6_send() igmp6_send() can be called without RTNL or RCU being held. Extend RCU protection so that we can safely fetch the net pointer and avoid a potential UAF. Note | |
| CVE-2025-21758 | Med | 5.5 | < 6.4.0-150600.23.50.1 | 6.4.0-150600.23.50.1 | Feb 27, 2025 | In the Linux kernel, the following vulnerability has been resolved: ipv6: mcast: add RCU protection to mld_newpack() mld_newpack() can be called without RTNL or RCU being held. Note that we no longer can use sock_alloc_send_skb() because ipv6.igmp_sk uses GFP_KERNEL allocation | |
| CVE-2025-21756 | Hig | 7.8 | < 6.4.0-150600.23.47.2 | 6.4.0-150600.23.47.2 | Feb 27, 2025 | In the Linux kernel, the following vulnerability has been resolved: vsock: Keep the binding until socket destruction Preserve sockets bindings; this includes both resulting from an explicit bind() and those implicitly bound through autobind during connect(). Prevents socket un | |
| CVE-2025-21754 | Med | 5.5 | < 6.4.0-150600.23.47.2 | 6.4.0-150600.23.47.2 | Feb 27, 2025 | In the Linux kernel, the following vulnerability has been resolved: btrfs: fix assertion failure when splitting ordered extent after transaction abort If while we are doing a direct IO write a transaction abort happens, we mark all existing ordered extents with the BTRFS_ORDERE | |
| CVE-2025-21753 | Hig | 7.8 | < 6.4.0-150600.23.47.2 | 6.4.0-150600.23.47.2 | Feb 27, 2025 | In the Linux kernel, the following vulnerability has been resolved: btrfs: fix use-after-free when attempting to join an aborted transaction When we are trying to join the current transaction and if it's aborted, we read its 'aborted' field after unlocking fs_info->trans_lock a | |
| CVE-2025-21750 | Med | 5.5 | < 6.4.0-150600.23.47.2 | 6.4.0-150600.23.47.2 | Feb 27, 2025 | In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: Check the return value of of_property_read_string_index() Somewhen between 6.10 and 6.11 the driver started to crash on my MacBookPro14,3. The property doesn't exist and 'tmp' remains uninitiali | |
| CVE-2025-21749 | Med | 5.5 | < 6.4.0-150600.23.47.2 | 6.4.0-150600.23.47.2 | Feb 27, 2025 | In the Linux kernel, the following vulnerability has been resolved: net: rose: lock the socket in rose_bind() syzbot reported a soft lockup in rose_loopback_timer(), with a repro calling bind() from multiple threads. rose_bind() must lock the socket to avoid this issue. | |
| CVE-2025-21745 | Med | 5.5 | < 6.4.0-150600.23.47.2 | 6.4.0-150600.23.47.2 | Feb 27, 2025 | In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: Fix class @block_class's subsystem refcount leakage blkcg_fill_root_iostats() iterates over @block_class's devices by class_dev_iter_(init|next)(), but does not end iterating with class_dev_iter_exi | |
| CVE-2025-21744 | Med | 5.5 | < 6.4.0-150600.23.47.2 | 6.4.0-150600.23.47.2 | Feb 27, 2025 | In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize() On removal of the device or unloading of the kernel module a potential NULL pointer dereference occurs. The following sequence deletes the int | |
| CVE-2025-21743 | Hig | 7.1 | < 6.4.0-150600.23.47.2 | 6.4.0-150600.23.47.2 | Feb 27, 2025 | In the Linux kernel, the following vulnerability has been resolved: usbnet: ipheth: fix possible overflow in DPE length check Originally, it was possible for the DPE length check to overflow if wDatagramIndex + wDatagramLength > U16_MAX. This could lead to an OoB read. Move th |
- affected < 6.4.0-150600.23.47.2fixed 6.4.0-150600.23.47.2
In the Linux kernel, the following vulnerability has been resolved: partitions: mac: fix handling of bogus partition table Fix several issues in partition probing: - The bailout for a bad partoffset must use put_dev_sector(), since the preceding read_part_sector() succeede
- affected < 6.4.0-150600.23.50.1fixed 6.4.0-150600.23.50.1
In the Linux kernel, the following vulnerability has been resolved: net: ipv6: fix dst ref loops in rpl, seg6 and ioam6 lwtunnels Some lwtunnels have a dst cache for post-transformation dst. If the packet destination did not change we may end up recording a reference to the lwt
- affected < 6.4.0-150600.23.42.2fixed 6.4.0-150600.23.42.2
In the Linux kernel, the following vulnerability has been resolved: clocksource: Use migrate_disable() to avoid calling get_random_u32() in atomic context The following bug report happened with a PREEMPT_RT kernel: BUG: sleeping function called from invalid context at kernel
- affected < 6.4.0-150600.23.47.2fixed 6.4.0-150600.23.47.2
In the Linux kernel, the following vulnerability has been resolved: ipv4: use RCU protection in __ip_rt_update_pmtu() __ip_rt_update_pmtu() must use RCU protection to make sure the net structure it reads does not disappear.
- affected < 6.4.0-150600.23.47.2fixed 6.4.0-150600.23.47.2
In the Linux kernel, the following vulnerability has been resolved: ipv6: use RCU protection in ip6_default_advmss() ip6_default_advmss() needs rcu protection to make sure the net structure it reads does not disappear.
- affected < 6.4.0-150600.23.47.2fixed 6.4.0-150600.23.47.2
In the Linux kernel, the following vulnerability has been resolved: ndisc: use RCU protection in ndisc_alloc_skb() ndisc_alloc_skb() can be called without RTNL or RCU being held. Add RCU protection to avoid possible UAF.
- affected < 6.4.0-150600.23.47.2fixed 6.4.0-150600.23.47.2
In the Linux kernel, the following vulnerability has been resolved: neighbour: use RCU protection in __neigh_notify() __neigh_notify() can be called without RTNL or RCU protection. Use RCU protection to avoid potential UAF.
- affected < 6.4.0-150600.23.47.2fixed 6.4.0-150600.23.47.2
In the Linux kernel, the following vulnerability has been resolved: arp: use RCU protection in arp_xmit() arp_xmit() can be called without RTNL or RCU protection. Use RCU protection to avoid potential UAF.
- affected < 6.4.0-150600.23.47.2fixed 6.4.0-150600.23.47.2
In the Linux kernel, the following vulnerability has been resolved: openvswitch: use RCU protection in ovs_vport_cmd_fill_info() ovs_vport_cmd_fill_info() can be called without RTNL or RCU. Use RCU protection and dev_net_rcu() to avoid potential UAF.
- affected < 6.4.0-150600.23.47.2fixed 6.4.0-150600.23.47.2
In the Linux kernel, the following vulnerability has been resolved: ndisc: extend RCU protection in ndisc_send_skb() ndisc_send_skb() can be called without RTNL or RCU held. Acquire rcu_read_lock() earlier, so that we can use dev_net_rcu() and avoid a potential UAF.
- affected < 6.4.0-150600.23.47.2fixed 6.4.0-150600.23.47.2
In the Linux kernel, the following vulnerability has been resolved: ipv6: mcast: extend RCU protection in igmp6_send() igmp6_send() can be called without RTNL or RCU being held. Extend RCU protection so that we can safely fetch the net pointer and avoid a potential UAF. Note
- affected < 6.4.0-150600.23.50.1fixed 6.4.0-150600.23.50.1
In the Linux kernel, the following vulnerability has been resolved: ipv6: mcast: add RCU protection to mld_newpack() mld_newpack() can be called without RTNL or RCU being held. Note that we no longer can use sock_alloc_send_skb() because ipv6.igmp_sk uses GFP_KERNEL allocation
- affected < 6.4.0-150600.23.47.2fixed 6.4.0-150600.23.47.2
In the Linux kernel, the following vulnerability has been resolved: vsock: Keep the binding until socket destruction Preserve sockets bindings; this includes both resulting from an explicit bind() and those implicitly bound through autobind during connect(). Prevents socket un
- affected < 6.4.0-150600.23.47.2fixed 6.4.0-150600.23.47.2
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix assertion failure when splitting ordered extent after transaction abort If while we are doing a direct IO write a transaction abort happens, we mark all existing ordered extents with the BTRFS_ORDERE
- affected < 6.4.0-150600.23.47.2fixed 6.4.0-150600.23.47.2
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix use-after-free when attempting to join an aborted transaction When we are trying to join the current transaction and if it's aborted, we read its 'aborted' field after unlocking fs_info->trans_lock a
- affected < 6.4.0-150600.23.47.2fixed 6.4.0-150600.23.47.2
In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: Check the return value of of_property_read_string_index() Somewhen between 6.10 and 6.11 the driver started to crash on my MacBookPro14,3. The property doesn't exist and 'tmp' remains uninitiali
- affected < 6.4.0-150600.23.47.2fixed 6.4.0-150600.23.47.2
In the Linux kernel, the following vulnerability has been resolved: net: rose: lock the socket in rose_bind() syzbot reported a soft lockup in rose_loopback_timer(), with a repro calling bind() from multiple threads. rose_bind() must lock the socket to avoid this issue.
- affected < 6.4.0-150600.23.47.2fixed 6.4.0-150600.23.47.2
In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: Fix class @block_class's subsystem refcount leakage blkcg_fill_root_iostats() iterates over @block_class's devices by class_dev_iter_(init|next)(), but does not end iterating with class_dev_iter_exi
- affected < 6.4.0-150600.23.47.2fixed 6.4.0-150600.23.47.2
In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: fix NULL pointer dereference in brcmf_txfinalize() On removal of the device or unloading of the kernel module a potential NULL pointer dereference occurs. The following sequence deletes the int
- affected < 6.4.0-150600.23.47.2fixed 6.4.0-150600.23.47.2
In the Linux kernel, the following vulnerability has been resolved: usbnet: ipheth: fix possible overflow in DPE length check Originally, it was possible for the DPE length check to overflow if wDatagramIndex + wDatagramLength > U16_MAX. This could lead to an OoB read. Move th
Page 70 of 188