rpm package
suse/kernel-default&distro=SUSE Linux Enterprise Workstation Extension 15 SP7
pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP7
Vulnerabilities (2,262)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-68230 | — | < 6.4.0-150700.53.28.1 | 6.4.0-150700.53.28.1 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix gpu page fault after hibernation on PF passthrough On PF passthrough environment, after hibernate and then resume, coralgemm will cause gpu page fault. Mode1 reset happens during hibernate, but | ||
| CVE-2025-68227 | — | < 6.4.0-150700.53.31.1 | 6.4.0-150700.53.31.1 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: mptcp: Fix proto fallback detection with BPF The sockmap feature allows bpf syscall from userspace, or based on bpf sockops, replacing the sk_prot of sockets during protocol stack processing with sockmap's cust | ||
| CVE-2025-68222 | — | < 6.4.0-150700.53.28.1 | 6.4.0-150700.53.28.1 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: pinctrl: s32cc: fix uninitialized memory in s32_pinctrl_desc s32_pinctrl_desc is allocated with devm_kmalloc(), but not all of its fields are initialized. Notably, num_custom_params is used in pinconf_generic_p | ||
| CVE-2025-68218 | — | < 6.4.0-150700.53.28.1 | 6.4.0-150700.53.28.1 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: nvme-multipath: fix lockdep WARN due to partition scan work Blktests test cases nvme/014, 057 and 058 fail occasionally due to a lockdep WARN. As reported in the Closes tag URL, the WARN indicates that a deadlo | ||
| CVE-2025-68217 | — | < 6.4.0-150700.53.28.1 | 6.4.0-150700.53.28.1 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: Input: pegasus-notetaker - fix potential out-of-bounds access In the pegasus_notetaker driver, the pegasus_probe() function allocates the URB transfer buffer using the wMaxPacketSize value from the endpoint des | ||
| CVE-2025-68215 | — | < 6.4.0-150700.53.31.1 | 6.4.0-150700.53.31.1 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: ice: fix PTP cleanup on driver removal in error path Improve the cleanup on releasing PTP resources in error path. The error case might happen either at the driver probe and PTP feature initialization or on PTP | ||
| CVE-2025-68209 | — | < 6.4.0-150700.53.28.1 | 6.4.0-150700.53.28.1 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: mlx5: Fix default values in create CQ Currently, CQs without a completion function are assigned the mlx5_add_cq_to_tasklet function by default. This is problematic since only user CQs created through the mlx5_i | ||
| CVE-2025-68208 | — | < 6.4.0-150700.53.28.1 | 6.4.0-150700.53.28.1 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: bpf: account for current allocated stack depth in widen_imprecise_scalars() The usage pattern for widen_imprecise_scalars() looks as follows: prev_st = find_prev_entry(env, ...); queued_st = push_stack | ||
| CVE-2025-68207 | — | < 6.4.0-150700.53.28.1 | 6.4.0-150700.53.28.1 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: drm/xe/guc: Synchronize Dead CT worker with unbind Cancel and wait for any Dead CT worker to complete before continuing with device unbinding. Else the worker will end up using resources freed by the undind ope | ||
| CVE-2025-68206 | — | < 6.4.0-150700.53.28.1 | 6.4.0-150700.53.28.1 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_ct: add seqadj extension for natted connections Sequence adjustment may be required for FTP traffic with PASV/EPSV modes. due to need to re-write packet payload (IP, port) on the ftp control conn | ||
| CVE-2025-68204 | — | < 6.4.0-150700.53.28.1 | 6.4.0-150700.53.28.1 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: pmdomain: arm: scmi: Fix genpd leak on provider registration failure If of_genpd_add_provider_onecell() fails during probe, the previously created generic power domains are not removed, leading to a memory leak | ||
| CVE-2025-68201 | — | < 6.4.0-150700.53.28.1 | 6.4.0-150700.53.28.1 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: remove two invalid BUG_ON()s Those can be triggered trivially by userspace. | ||
| CVE-2025-68200 | — | < 6.4.0-150700.53.31.1 | 6.4.0-150700.53.31.1 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: bpf: Add bpf_prog_run_data_pointers() syzbot found that cls_bpf_classify() is able to change tc_skb_cb(skb)->drop_reason triggering a warning in sk_skb_reason_drop(). WARNING: CPU: 0 PID: 5965 at net/core/skbu | ||
| CVE-2025-68197 | — | < 6.4.0-150700.53.28.1 | 6.4.0-150700.53.28.1 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix null pointer dereference in bnxt_bs_trace_check_wrap() With older FW, we may get the ASYNC_EVENT_CMPL_EVENT_ID_DBG_BUF_PRODUCER for FW trace data type that has not been initialized. This will resu | ||
| CVE-2025-68195 | — | < 6.4.0-150700.53.28.1 | 6.4.0-150700.53.28.1 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: x86/CPU/AMD: Add missing terminator for zen5_rdseed_microcode Running x86_match_min_microcode_rev() on a Zen5 CPU trips up KASAN for an out of bounds access. | ||
| CVE-2025-68194 | — | < 6.4.0-150700.53.28.1 | 6.4.0-150700.53.28.1 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: media: imon: make send_packet() more robust syzbot is reporting that imon has three problems which result in hung tasks due to forever holding device lock [1]. First problem is that when usb_rx_callback_intf0( | ||
| CVE-2025-68192 | — | < 6.4.0-150700.53.28.1 | 6.4.0-150700.53.28.1 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: net: usb: qmi_wwan: initialize MAC header offset in qmimux_rx_fixup Raw IP packets have no MAC header, leaving skb->mac_header uninitialized. This can trigger kernel panics on ARM64 when xfrm or other subsystem | ||
| CVE-2025-68190 | — | < 6.4.0-150700.53.28.1 | 6.4.0-150700.53.28.1 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/atom: Check kcalloc() for WS buffer in amdgpu_atom_execute_table_locked() kcalloc() may fail. When WS is non-zero and allocation fails, ectx.ws remains NULL while ectx.ws_size is set, leading to a po | ||
| CVE-2025-68188 | — | < 6.4.0-150700.53.31.1 | 6.4.0-150700.53.31.1 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: tcp: use dst_dev_rcu() in tcp_fastopen_active_disable_ofo_check() Use RCU to avoid a pair of atomic operations and a potential UAF on dst_dev()->flags. | ||
| CVE-2025-68185 | — | < 6.4.0-150700.53.28.1 | 6.4.0-150700.53.28.1 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: nfs4_setup_readdir(): insufficient locking for ->d_parent->d_inode dereferencing Theoretically it's an oopsable race, but I don't believe one can manage to hit it on real hardware; might become doable on a KVM, |
- CVE-2025-68230Dec 16, 2025affected < 6.4.0-150700.53.28.1fixed 6.4.0-150700.53.28.1
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix gpu page fault after hibernation on PF passthrough On PF passthrough environment, after hibernate and then resume, coralgemm will cause gpu page fault. Mode1 reset happens during hibernate, but
- CVE-2025-68227Dec 16, 2025affected < 6.4.0-150700.53.31.1fixed 6.4.0-150700.53.31.1
In the Linux kernel, the following vulnerability has been resolved: mptcp: Fix proto fallback detection with BPF The sockmap feature allows bpf syscall from userspace, or based on bpf sockops, replacing the sk_prot of sockets during protocol stack processing with sockmap's cust
- CVE-2025-68222Dec 16, 2025affected < 6.4.0-150700.53.28.1fixed 6.4.0-150700.53.28.1
In the Linux kernel, the following vulnerability has been resolved: pinctrl: s32cc: fix uninitialized memory in s32_pinctrl_desc s32_pinctrl_desc is allocated with devm_kmalloc(), but not all of its fields are initialized. Notably, num_custom_params is used in pinconf_generic_p
- CVE-2025-68218Dec 16, 2025affected < 6.4.0-150700.53.28.1fixed 6.4.0-150700.53.28.1
In the Linux kernel, the following vulnerability has been resolved: nvme-multipath: fix lockdep WARN due to partition scan work Blktests test cases nvme/014, 057 and 058 fail occasionally due to a lockdep WARN. As reported in the Closes tag URL, the WARN indicates that a deadlo
- CVE-2025-68217Dec 16, 2025affected < 6.4.0-150700.53.28.1fixed 6.4.0-150700.53.28.1
In the Linux kernel, the following vulnerability has been resolved: Input: pegasus-notetaker - fix potential out-of-bounds access In the pegasus_notetaker driver, the pegasus_probe() function allocates the URB transfer buffer using the wMaxPacketSize value from the endpoint des
- CVE-2025-68215Dec 16, 2025affected < 6.4.0-150700.53.31.1fixed 6.4.0-150700.53.31.1
In the Linux kernel, the following vulnerability has been resolved: ice: fix PTP cleanup on driver removal in error path Improve the cleanup on releasing PTP resources in error path. The error case might happen either at the driver probe and PTP feature initialization or on PTP
- CVE-2025-68209Dec 16, 2025affected < 6.4.0-150700.53.28.1fixed 6.4.0-150700.53.28.1
In the Linux kernel, the following vulnerability has been resolved: mlx5: Fix default values in create CQ Currently, CQs without a completion function are assigned the mlx5_add_cq_to_tasklet function by default. This is problematic since only user CQs created through the mlx5_i
- CVE-2025-68208Dec 16, 2025affected < 6.4.0-150700.53.28.1fixed 6.4.0-150700.53.28.1
In the Linux kernel, the following vulnerability has been resolved: bpf: account for current allocated stack depth in widen_imprecise_scalars() The usage pattern for widen_imprecise_scalars() looks as follows: prev_st = find_prev_entry(env, ...); queued_st = push_stack
- CVE-2025-68207Dec 16, 2025affected < 6.4.0-150700.53.28.1fixed 6.4.0-150700.53.28.1
In the Linux kernel, the following vulnerability has been resolved: drm/xe/guc: Synchronize Dead CT worker with unbind Cancel and wait for any Dead CT worker to complete before continuing with device unbinding. Else the worker will end up using resources freed by the undind ope
- CVE-2025-68206Dec 16, 2025affected < 6.4.0-150700.53.28.1fixed 6.4.0-150700.53.28.1
In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_ct: add seqadj extension for natted connections Sequence adjustment may be required for FTP traffic with PASV/EPSV modes. due to need to re-write packet payload (IP, port) on the ftp control conn
- CVE-2025-68204Dec 16, 2025affected < 6.4.0-150700.53.28.1fixed 6.4.0-150700.53.28.1
In the Linux kernel, the following vulnerability has been resolved: pmdomain: arm: scmi: Fix genpd leak on provider registration failure If of_genpd_add_provider_onecell() fails during probe, the previously created generic power domains are not removed, leading to a memory leak
- CVE-2025-68201Dec 16, 2025affected < 6.4.0-150700.53.28.1fixed 6.4.0-150700.53.28.1
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: remove two invalid BUG_ON()s Those can be triggered trivially by userspace.
- CVE-2025-68200Dec 16, 2025affected < 6.4.0-150700.53.31.1fixed 6.4.0-150700.53.31.1
In the Linux kernel, the following vulnerability has been resolved: bpf: Add bpf_prog_run_data_pointers() syzbot found that cls_bpf_classify() is able to change tc_skb_cb(skb)->drop_reason triggering a warning in sk_skb_reason_drop(). WARNING: CPU: 0 PID: 5965 at net/core/skbu
- CVE-2025-68197Dec 16, 2025affected < 6.4.0-150700.53.28.1fixed 6.4.0-150700.53.28.1
In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix null pointer dereference in bnxt_bs_trace_check_wrap() With older FW, we may get the ASYNC_EVENT_CMPL_EVENT_ID_DBG_BUF_PRODUCER for FW trace data type that has not been initialized. This will resu
- CVE-2025-68195Dec 16, 2025affected < 6.4.0-150700.53.28.1fixed 6.4.0-150700.53.28.1
In the Linux kernel, the following vulnerability has been resolved: x86/CPU/AMD: Add missing terminator for zen5_rdseed_microcode Running x86_match_min_microcode_rev() on a Zen5 CPU trips up KASAN for an out of bounds access.
- CVE-2025-68194Dec 16, 2025affected < 6.4.0-150700.53.28.1fixed 6.4.0-150700.53.28.1
In the Linux kernel, the following vulnerability has been resolved: media: imon: make send_packet() more robust syzbot is reporting that imon has three problems which result in hung tasks due to forever holding device lock [1]. First problem is that when usb_rx_callback_intf0(
- CVE-2025-68192Dec 16, 2025affected < 6.4.0-150700.53.28.1fixed 6.4.0-150700.53.28.1
In the Linux kernel, the following vulnerability has been resolved: net: usb: qmi_wwan: initialize MAC header offset in qmimux_rx_fixup Raw IP packets have no MAC header, leaving skb->mac_header uninitialized. This can trigger kernel panics on ARM64 when xfrm or other subsystem
- CVE-2025-68190Dec 16, 2025affected < 6.4.0-150700.53.28.1fixed 6.4.0-150700.53.28.1
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/atom: Check kcalloc() for WS buffer in amdgpu_atom_execute_table_locked() kcalloc() may fail. When WS is non-zero and allocation fails, ectx.ws remains NULL while ectx.ws_size is set, leading to a po
- CVE-2025-68188Dec 16, 2025affected < 6.4.0-150700.53.31.1fixed 6.4.0-150700.53.31.1
In the Linux kernel, the following vulnerability has been resolved: tcp: use dst_dev_rcu() in tcp_fastopen_active_disable_ofo_check() Use RCU to avoid a pair of atomic operations and a potential UAF on dst_dev()->flags.
- CVE-2025-68185Dec 16, 2025affected < 6.4.0-150700.53.28.1fixed 6.4.0-150700.53.28.1
In the Linux kernel, the following vulnerability has been resolved: nfs4_setup_readdir(): insufficient locking for ->d_parent->d_inode dereferencing Theoretically it's an oopsable race, but I don't believe one can manage to hit it on real hardware; might become doable on a KVM,
Page 25 of 114