suse/kernel-default&distro=SUSE Manager Proxy 4.3

Vulnerabilities (1,907)

• CVE-2025-21888Mar 27, 2025
  affected < 5.14.21-150400.24.167.1fixed 5.14.21-150400.24.167.1

  In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix a WARN during dereg_mr for DM type Memory regions (MR) of type DM (device memory) do not have an associated umem. In the __mlx5_ib_dereg_mr() -> mlx5_free_priv_descs() flow, the code incorrectly

• CVE-2025-21886Mar 27, 2025
  affected < 5.14.21-150400.24.164.1fixed 5.14.21-150400.24.164.1

  In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix implicit ODP hang on parent deregistration Fix the destroy_unused_implicit_child_mr() to prevent hanging during parent deregistration as of below [1]. Upon entering destroy_unused_implicit_child

• CVE-2025-21839Mar 7, 2025
  affected < 5.14.21-150400.24.161.1fixed 5.14.21-150400.24.161.1

  In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop Move the conditional loading of hardware DR6 with the guest's DR6 value out of the core .vcpu_run() loop to fix a bug where KVM can load

• CVE-2024-58083Mar 6, 2025
  affected < 5.14.21-150400.24.161.1fixed 5.14.21-150400.24.161.1

  In the Linux kernel, the following vulnerability has been resolved: KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() Explicitly verify the target vCPU is fully online _prior_ to clamping the index in kvm_get_vcpu(). If the index is "bad", the nospec clamping will

• CVE-2022-49733Mar 2, 2025
  affected < 5.14.21-150400.24.158.1fixed 5.14.21-150400.24.158.1

  In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC There is a small race window at snd_pcm_oss_sync() that is called from OSS PCM SNDCTL_DSP_SYNC ioctl; namely the function calls snd_pcm_oss_make_ready() at first, the

• CVE-2025-21812Feb 27, 2025
  affected < 5.14.21-150400.24.164.1fixed 5.14.21-150400.24.164.1

  In the Linux kernel, the following vulnerability has been resolved: ax25: rcu protect dev->ax25_ptr syzbot found a lockdep issue [1]. We should remove ax25 RTNL dependency in ax25_setsockopt() This should also fix a variety of possible UAF in ax25. [1] WARNING: possible cir

• CVE-2025-21772HigFeb 27, 2025
  affected < 5.14.21-150400.24.161.1fixed 5.14.21-150400.24.161.1

  In the Linux kernel, the following vulnerability has been resolved: partitions: mac: fix handling of bogus partition table Fix several issues in partition probing: - The bailout for a bad partoffset must use put_dev_sector(), since the preceding read_part_sector() succeede

• CVE-2025-21756HigFeb 27, 2025
  affected < 5.14.21-150400.24.170.2fixed 5.14.21-150400.24.170.2

  In the Linux kernel, the following vulnerability has been resolved: vsock: Keep the binding until socket destruction Preserve sockets bindings; this includes both resulting from an explicit bind() and those implicitly bound through autobind during connect(). Prevents socket un

• CVE-2025-21753HigFeb 27, 2025
  affected < 5.14.21-150400.24.161.1fixed 5.14.21-150400.24.161.1

  In the Linux kernel, the following vulnerability has been resolved: btrfs: fix use-after-free when attempting to join an aborted transaction When we are trying to join the current transaction and if it's aborted, we read its 'aborted' field after unlocking fs_info->trans_lock a

• CVE-2024-58014HigFeb 27, 2025
  affected < 5.14.21-150400.24.158.1fixed 5.14.21-150400.24.158.1

  In the Linux kernel, the following vulnerability has been resolved: wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() In 'wlc_phy_iqcal_gainparams_nphy()', add gain range check to WARN() instead of possible out-of-bounds 'tbl_iqcal_gainparams_nphy' access.

• CVE-2025-21791Feb 27, 2025
  affected < 5.14.21-150400.24.164.1fixed 5.14.21-150400.24.164.1

  In the Linux kernel, the following vulnerability has been resolved: vrf: use RCU protection in l3mdev_l3_out() l3mdev_l3_out() can be called without RCU being held: raw_sendmsg() ip_push_pending_frames() ip_send_skb() ip_local_out() __ip_local_out() l3mdev_ip_ou

• CVE-2025-21785Feb 27, 2025
  affected < 5.14.21-150400.24.164.1fixed 5.14.21-150400.24.164.1

  In the Linux kernel, the following vulnerability has been resolved: arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array The loop that detects/populates cache information already has a bounds check on the array size but does not account for cache levels with separate

• CVE-2025-21780Feb 27, 2025
  affected < 5.14.21-150400.24.158.1fixed 5.14.21-150400.24.158.1

  In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() It malicious user provides a small pptable through sysfs and then a bigger pptable, it may cause buffer overflow attack in function smu_sys_set

• CVE-2025-21726HigFeb 27, 2025
  affected < 5.14.21-150400.24.164.1fixed 5.14.21-150400.24.164.1

  In the Linux kernel, the following vulnerability has been resolved: padata: avoid UAF for reorder_work Although the previous patch can avoid ps and ps UAF for _do_serial, it can not avoid potential UAF issue for reorder_work. This issue can happen just as below: crypto_request

• CVE-2024-57996MedFeb 27, 2025
  affected < 5.14.21-150400.24.158.1fixed 5.14.21-150400.24.158.1

  In the Linux kernel, the following vulnerability has been resolved: net_sched: sch_sfq: don't allow 1 packet limit The current implementation does not work correctly with a limit of 1. iproute2 actually checks for this and this patch adds the check in kernel as well. This fixe

• CVE-2025-21732Feb 27, 2025
  affected < 5.14.21-150400.24.161.1fixed 5.14.21-150400.24.161.1

  In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix a race for an ODP MR which leads to CQE with error This patch addresses a race condition for an ODP MR that can result in a CQE with an error on the UMR QP. During the __mlx5_ib_dereg_mr() flow,

• CVE-2025-21718Feb 27, 2025
  affected < 5.14.21-150400.24.158.1fixed 5.14.21-150400.24.158.1

  In the Linux kernel, the following vulnerability has been resolved: net: rose: fix timer races against user threads Rose timers only acquire the socket spinlock, without checking if the socket is owned by one user thread. Add a check and rearm the timers if needed. BUG: KASAN

• CVE-2025-21714Feb 27, 2025
  affected < 5.14.21-150400.24.161.1fixed 5.14.21-150400.24.161.1

  In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix implicit ODP use after free Prevent double queueing of implicit ODP mr destroy work by using __xa_cmpxchg() to make sure this is the only time we are destroying this specific mr. Without this ch

• CVE-2024-57999Feb 27, 2025
  affected < 5.14.21-150400.24.170.2fixed 5.14.21-150400.24.170.2

  In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries/iommu: IOMMU incorrectly marks MMIO range in DDW Power Hypervisor can possibily allocate MMIO window intersecting with Dynamic DMA Window (DDW) range, which is over 32-bit addressing. These MMI

• CVE-2022-49731Feb 26, 2025
  affected < 5.14.21-150400.24.158.1fixed 5.14.21-150400.24.158.1

  In the Linux kernel, the following vulnerability has been resolved: ata: libata-core: fix NULL pointer deref in ata_host_alloc_pinfo() In an unlikely (and probably wrong?) case that the 'ppi' parameter of ata_host_alloc_pinfo() points to an array starting with a NULL pointer, t