rpm package
suse/kernel-default&distro=SUSE Linux Enterprise Workstation Extension 15 SP7
pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP7
Vulnerabilities (2,262)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-68184 | — | < 6.4.0-150700.53.28.1 | 6.4.0-150700.53.28.1 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Disable AFBC support on Mediatek DRM driver Commit c410fa9b07c3 ("drm/mediatek: Add AFBC support to Mediatek DRM driver") added AFBC support to Mediatek DRM and enabled the 32x8/split/sparse modif | ||
| CVE-2025-68183 | — | < 6.4.0-150700.53.28.1 | 6.4.0-150700.53.28.1 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr Currently when both IMA and EVM are in fix mode, the IMA signature will be reset to IMA hash if a program first stores IMA signature in se | ||
| CVE-2025-68181 | — | < 6.4.0-150700.53.28.1 | 6.4.0-150700.53.28.1 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: drm/radeon: Remove calls to drm_put_dev() Since the allocation of the drivers main structure was changed to devm_drm_dev_alloc() drm_put_dev()'ing to trigger it to be free'd should be done by devres. However, | ||
| CVE-2025-68180 | — | < 6.4.0-150700.53.28.1 | 6.4.0-150700.53.28.1 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix NULL deref in debugfs odm_combine_segments When a connector is connected but inactive (e.g., disabled by desktop environments), pipe_ctx->stream_res.tg will be destroyed. Then, reading odm_ | ||
| CVE-2025-68178 | — | < 6.4.0-150700.53.31.1 | 6.4.0-150700.53.31.1 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: fix possible deadlock while configuring policy Following deadlock can be triggered easily by lockdep: WARNING: possible circular locking dependency detected 6.17.0-rc3-00124-ga12c2658ced0 #1665 Not | ||
| CVE-2025-68176 | — | < 6.4.0-150700.53.28.1 | 6.4.0-150700.53.28.1 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: PCI: cadence: Check for the existence of cdns_pcie::ops before using it cdns_pcie::ops might not be populated by all the Cadence glue drivers. This is going to be true for the upcoming Sophgo platform which doe | ||
| CVE-2025-68174 | — | < 6.4.0-150700.53.31.1 | 6.4.0-150700.53.31.1 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: amd/amdkfd: enhance kfd process check in switch partition current switch partition only check if kfd_processes_table is empty. kfd_prcesses_table entry is deleted in kfd_process_notifier_release, but kfd_proces | ||
| CVE-2025-68172 | — | < 6.4.0-150700.53.28.1 | 6.4.0-150700.53.28.1 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: crypto: aspeed - fix double free caused by devm The clock obtained via devm_clk_get_enabled() is automatically managed by devres and will be disabled and freed on driver detach. Manually calling clk_disable_unp | ||
| CVE-2025-68171 | — | < 6.4.0-150700.53.31.1 | 6.4.0-150700.53.31.1 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Ensure XFD state on signal delivery Sean reported [1] the following splat when running KVM tests: WARNING: CPU: 232 PID: 15391 at xfd_validate_state+0x65/0x70 Call Trace: fpu__cle | ||
| CVE-2025-68170 | — | < 6.4.0-150700.53.28.1 | 6.4.0-150700.53.28.1 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: drm/radeon: Do not kfree() devres managed rdev Since the allocation of the drivers main structure was changed to devm_drm_dev_alloc() rdev is managed by devres and we shouldn't be calling kfree() on it. This f | ||
| CVE-2025-68168 | — | < 6.4.0-150700.53.28.1 | 6.4.0-150700.53.28.1 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: jfs: fix uninitialized waitqueue in transaction manager The transaction manager initialization in txInit() was not properly initializing TxBlock[0].waitor waitqueue, causing a crash when txEnd(0) is called on r | ||
| CVE-2025-40363 | — | < 6.4.0-150700.53.31.1 | 6.4.0-150700.53.31.1 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: net: ipv6: fix field-spanning memcpy warning in AH output Fix field-spanning memcpy warnings in ah6_output() and ah6_output_done() where extension headers are copied to/from IPv6 address fields, triggering fort | ||
| CVE-2025-40360 | — | < 6.4.0-150700.53.28.1 | 6.4.0-150700.53.28.1 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: drm/sysfb: Do not dereference NULL pointer in plane reset The plane state in __drm_gem_reset_shadow_plane() can be NULL. Do not deref that pointer, but forward NULL to the other plane-reset helpers. Clears plan | ||
| CVE-2025-40359 | — | < 6.4.0-150700.53.28.1 | 6.4.0-150700.53.28.1 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel: Fix KASAN global-out-of-bounds warning When running "perf mem record" command on CWF, the below KASAN global-out-of-bounds warning is seen. =================================================== | ||
| CVE-2025-40357 | — | < 6.4.0-150700.53.28.1 | 6.4.0-150700.53.28.1 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: net/smc: fix general protection fault in __smc_diag_dump The syzbot report a crash: Oops: general protection fault, probably for non-canonical address 0xfbd5a5d5a0000003: 0000 [#1] SMP KASAN NOPTI KASAN: m | ||
| CVE-2025-40355 | — | < 6.4.0-150700.53.31.1 | 6.4.0-150700.53.31.1 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: sysfs: check visibility before changing group attribute ownership Since commit 0c17270f9b92 ("net: sysfs: Implement is_visible for phys_(port_id, port_name, switch_id)"), __dev_change_net_namespace() can hit WA | ||
| CVE-2025-40354 | — | < 6.4.0-150700.53.28.1 | 6.4.0-150700.53.28.1 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: increase max link count and fix link->enc NULL pointer access [why] 1.) dc->links[MAX_LINKS] array size smaller than actual requested. max_connector + max_dpia + 4 virtual = 14. increase from 1 | ||
| CVE-2025-40351 | — | < 6.4.0-150700.53.28.1 | 6.4.0-150700.53.28.1 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat() The syzbot reported issue in hfsplus_delete_cat(): [ 70.682285][ T9333] ===================================================== [ 70.682943][ T93 | ||
| CVE-2025-40350 | — | < 6.4.0-150700.53.31.1 | 6.4.0-150700.53.31.1 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: RX, Fix generating skb from non-linear xdp_buff for striding RQ XDP programs can change the layout of an xdp_buff through bpf_xdp_adjust_tail() and bpf_xdp_adjust_head(). Therefore, the driver cannot | ||
| CVE-2025-40349 | — | < 6.4.0-150700.53.28.1 | 6.4.0-150700.53.28.1 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: hfs: validate record offset in hfsplus_bmap_alloc hfsplus_bmap_alloc can trigger a crash if a record offset or length is larger than node_size [ 15.264282] BUG: KASAN: slab-out-of-bounds in hfsplus_bmap_allo |
- CVE-2025-68184Dec 16, 2025affected < 6.4.0-150700.53.28.1fixed 6.4.0-150700.53.28.1
In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Disable AFBC support on Mediatek DRM driver Commit c410fa9b07c3 ("drm/mediatek: Add AFBC support to Mediatek DRM driver") added AFBC support to Mediatek DRM and enabled the 32x8/split/sparse modif
- CVE-2025-68183Dec 16, 2025affected < 6.4.0-150700.53.28.1fixed 6.4.0-150700.53.28.1
In the Linux kernel, the following vulnerability has been resolved: ima: don't clear IMA_DIGSIG flag when setting or removing non-IMA xattr Currently when both IMA and EVM are in fix mode, the IMA signature will be reset to IMA hash if a program first stores IMA signature in se
- CVE-2025-68181Dec 16, 2025affected < 6.4.0-150700.53.28.1fixed 6.4.0-150700.53.28.1
In the Linux kernel, the following vulnerability has been resolved: drm/radeon: Remove calls to drm_put_dev() Since the allocation of the drivers main structure was changed to devm_drm_dev_alloc() drm_put_dev()'ing to trigger it to be free'd should be done by devres. However,
- CVE-2025-68180Dec 16, 2025affected < 6.4.0-150700.53.28.1fixed 6.4.0-150700.53.28.1
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix NULL deref in debugfs odm_combine_segments When a connector is connected but inactive (e.g., disabled by desktop environments), pipe_ctx->stream_res.tg will be destroyed. Then, reading odm_
- CVE-2025-68178Dec 16, 2025affected < 6.4.0-150700.53.31.1fixed 6.4.0-150700.53.31.1
In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: fix possible deadlock while configuring policy Following deadlock can be triggered easily by lockdep: WARNING: possible circular locking dependency detected 6.17.0-rc3-00124-ga12c2658ced0 #1665 Not
- CVE-2025-68176Dec 16, 2025affected < 6.4.0-150700.53.28.1fixed 6.4.0-150700.53.28.1
In the Linux kernel, the following vulnerability has been resolved: PCI: cadence: Check for the existence of cdns_pcie::ops before using it cdns_pcie::ops might not be populated by all the Cadence glue drivers. This is going to be true for the upcoming Sophgo platform which doe
- CVE-2025-68174Dec 16, 2025affected < 6.4.0-150700.53.31.1fixed 6.4.0-150700.53.31.1
In the Linux kernel, the following vulnerability has been resolved: amd/amdkfd: enhance kfd process check in switch partition current switch partition only check if kfd_processes_table is empty. kfd_prcesses_table entry is deleted in kfd_process_notifier_release, but kfd_proces
- CVE-2025-68172Dec 16, 2025affected < 6.4.0-150700.53.28.1fixed 6.4.0-150700.53.28.1
In the Linux kernel, the following vulnerability has been resolved: crypto: aspeed - fix double free caused by devm The clock obtained via devm_clk_get_enabled() is automatically managed by devres and will be disabled and freed on driver detach. Manually calling clk_disable_unp
- CVE-2025-68171Dec 16, 2025affected < 6.4.0-150700.53.31.1fixed 6.4.0-150700.53.31.1
In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Ensure XFD state on signal delivery Sean reported [1] the following splat when running KVM tests: WARNING: CPU: 232 PID: 15391 at xfd_validate_state+0x65/0x70 Call Trace: fpu__cle
- CVE-2025-68170Dec 16, 2025affected < 6.4.0-150700.53.28.1fixed 6.4.0-150700.53.28.1
In the Linux kernel, the following vulnerability has been resolved: drm/radeon: Do not kfree() devres managed rdev Since the allocation of the drivers main structure was changed to devm_drm_dev_alloc() rdev is managed by devres and we shouldn't be calling kfree() on it. This f
- CVE-2025-68168Dec 16, 2025affected < 6.4.0-150700.53.28.1fixed 6.4.0-150700.53.28.1
In the Linux kernel, the following vulnerability has been resolved: jfs: fix uninitialized waitqueue in transaction manager The transaction manager initialization in txInit() was not properly initializing TxBlock[0].waitor waitqueue, causing a crash when txEnd(0) is called on r
- CVE-2025-40363Dec 16, 2025affected < 6.4.0-150700.53.31.1fixed 6.4.0-150700.53.31.1
In the Linux kernel, the following vulnerability has been resolved: net: ipv6: fix field-spanning memcpy warning in AH output Fix field-spanning memcpy warnings in ah6_output() and ah6_output_done() where extension headers are copied to/from IPv6 address fields, triggering fort
- CVE-2025-40360Dec 16, 2025affected < 6.4.0-150700.53.28.1fixed 6.4.0-150700.53.28.1
In the Linux kernel, the following vulnerability has been resolved: drm/sysfb: Do not dereference NULL pointer in plane reset The plane state in __drm_gem_reset_shadow_plane() can be NULL. Do not deref that pointer, but forward NULL to the other plane-reset helpers. Clears plan
- CVE-2025-40359Dec 16, 2025affected < 6.4.0-150700.53.28.1fixed 6.4.0-150700.53.28.1
In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel: Fix KASAN global-out-of-bounds warning When running "perf mem record" command on CWF, the below KASAN global-out-of-bounds warning is seen. ===================================================
- CVE-2025-40357Dec 16, 2025affected < 6.4.0-150700.53.28.1fixed 6.4.0-150700.53.28.1
In the Linux kernel, the following vulnerability has been resolved: net/smc: fix general protection fault in __smc_diag_dump The syzbot report a crash: Oops: general protection fault, probably for non-canonical address 0xfbd5a5d5a0000003: 0000 [#1] SMP KASAN NOPTI KASAN: m
- CVE-2025-40355Dec 16, 2025affected < 6.4.0-150700.53.31.1fixed 6.4.0-150700.53.31.1
In the Linux kernel, the following vulnerability has been resolved: sysfs: check visibility before changing group attribute ownership Since commit 0c17270f9b92 ("net: sysfs: Implement is_visible for phys_(port_id, port_name, switch_id)"), __dev_change_net_namespace() can hit WA
- CVE-2025-40354Dec 16, 2025affected < 6.4.0-150700.53.28.1fixed 6.4.0-150700.53.28.1
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: increase max link count and fix link->enc NULL pointer access [why] 1.) dc->links[MAX_LINKS] array size smaller than actual requested. max_connector + max_dpia + 4 virtual = 14. increase from 1
- CVE-2025-40351Dec 16, 2025affected < 6.4.0-150700.53.28.1fixed 6.4.0-150700.53.28.1
In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix KMSAN uninit-value issue in hfsplus_delete_cat() The syzbot reported issue in hfsplus_delete_cat(): [ 70.682285][ T9333] ===================================================== [ 70.682943][ T93
- CVE-2025-40350Dec 16, 2025affected < 6.4.0-150700.53.31.1fixed 6.4.0-150700.53.31.1
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: RX, Fix generating skb from non-linear xdp_buff for striding RQ XDP programs can change the layout of an xdp_buff through bpf_xdp_adjust_tail() and bpf_xdp_adjust_head(). Therefore, the driver cannot
- CVE-2025-40349Dec 16, 2025affected < 6.4.0-150700.53.28.1fixed 6.4.0-150700.53.28.1
In the Linux kernel, the following vulnerability has been resolved: hfs: validate record offset in hfsplus_bmap_alloc hfsplus_bmap_alloc can trigger a crash if a record offset or length is larger than node_size [ 15.264282] BUG: KASAN: slab-out-of-bounds in hfsplus_bmap_allo
Page 26 of 114