rpm package

suse/kernel-default-base&distro=SUSE Linux Enterprise Micro 5.2

pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Micro%205.2

Vulnerabilities (1,696)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2026-23398	Med	5.5	< 5.3.18-150300.59.241.1.150300.18.144.1	5.3.18-150300.59.241.1.150300.18.144.1	Mar 26, 2026	In the Linux kernel, the following vulnerability has been resolved: icmp: fix NULL pointer dereference in icmp_tag_validation() icmp_tag_validation() unconditionally dereferences the result of rcu_dereference(inet_protos[proto]) without checking for NULL. The inet_protos[] arra
CVE-2026-23293		—	< 5.3.18-150300.59.241.1.150300.18.144.1	5.3.18-150300.59.241.1.150300.18.144.1	Mar 25, 2026	In the Linux kernel, the following vulnerability has been resolved: net: vxlan: fix nd_tbl NULL dereference when IPv6 is disabled When booting with the 'ipv6.disable=1' parameter, the nd_tbl is never initialized because inet6_init() exits before ndisc_init() is called which ini
CVE-2026-23274	Hig	7.8	< 5.3.18-150300.59.241.1.150300.18.144.1	5.3.18-150300.59.241.1.150300.18.144.1	Mar 20, 2026	In the Linux kernel, the following vulnerability has been resolved: netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels IDLETIMER revision 0 rules reuse existing timers by label and always call mod_timer() on timer->timer. If the label was created first by revisio
CVE-2026-23272	Hig	7.8	< 5.3.18-150300.59.241.1.150300.18.144.1	5.3.18-150300.59.241.1.150300.18.144.1	Mar 20, 2026	In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: unconditionally bump set->nelems before insertion In case that the set is full, a new element gets published then removed without waiting for the RCU grace period, while RCU reader can be
CVE-2026-23243	Hig	7.8	< 5.3.18-150300.59.241.1.150300.18.144.1	5.3.18-150300.59.241.1.150300.18.144.1	Mar 18, 2026	In the Linux kernel, the following vulnerability has been resolved: RDMA/umad: Reject negative data_len in ib_umad_write ib_umad_write computes data_len from user-controlled count and the MAD header sizes. With a mismatched user MAD header size and RMPP header length, data_len
CVE-2026-23204	Hig	7.1	< 5.3.18-150300.59.238.1.150300.18.142.1	5.3.18-150300.59.238.1.150300.18.142.1	Feb 14, 2026	In the Linux kernel, the following vulnerability has been resolved: net/sched: cls_u32: use skb_header_pointer_careful() skb_header_pointer() does not fully validate negative @offset values. Use skb_header_pointer_careful() instead. GangMin Kim provided a report and a repro f
CVE-2026-23191	Hig	7.8	< 5.3.18-150300.59.238.1.150300.18.142.1	5.3.18-150300.59.238.1.150300.18.142.1	Feb 14, 2026	In the Linux kernel, the following vulnerability has been resolved: ALSA: aloop: Fix racy access at PCM trigger The PCM trigger callback of aloop driver tries to check the PCM state and stop the stream of the tied substream in the corresponding cable. Since both check and stop
CVE-2026-23103	Hig	7.8	< 5.3.18-150300.59.241.1.150300.18.144.1	5.3.18-150300.59.241.1.150300.18.144.1	Feb 4, 2026	In the Linux kernel, the following vulnerability has been resolved: ipvlan: Make the addrs_lock be per port Make the addrs_lock be per port, not per ipvlan dev. Initial code seems to be written in the assumption, that any address change must occur under RTNL. But it is not so
CVE-2026-23074	Hig	7.8	< 5.3.18-150300.59.238.1.150300.18.142.1	5.3.18-150300.59.238.1.150300.18.142.1	Feb 4, 2026	In the Linux kernel, the following vulnerability has been resolved: net/sched: Enforce that teql can only be used as root qdisc Design intent of teql is that it is only supposed to be used as root qdisc. We need to check for that constraint. Although not important, I will desc
CVE-2026-23089		—	< 5.3.18-150300.59.238.1.150300.18.142.1	5.3.18-150300.59.238.1.150300.18.142.1	Feb 4, 2026	In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free() When snd_usb_create_mixer() fails, snd_usb_mixer_free() frees mixer->id_elems but the controls already added to the card still reference the freed mem
CVE-2026-23060		—	< 5.3.18-150300.59.238.1.150300.18.142.1	5.3.18-150300.59.238.1.150300.18.142.1	Feb 4, 2026	In the Linux kernel, the following vulnerability has been resolved: crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec authencesn assumes an ESP/ESN-formatted AAD. When assoclen is shorter than the minimum expected length, crypto_authenc_esn_decrypt()
CVE-2026-23004	Hig	7.8	< 5.3.18-150300.59.238.1.150300.18.142.1	5.3.18-150300.59.238.1.150300.18.142.1	Jan 25, 2026	In the Linux kernel, the following vulnerability has been resolved: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() syzbot was able to crash the kernel in rt6_uncached_list_flush_dev() in an interesting way [1] Crash happens in list_del_init()/INIT_LIST_HE
CVE-2026-23001	Hig	7.8	< 5.3.18-150300.59.235.1.150300.18.140.1	5.3.18-150300.59.235.1.150300.18.140.1	Jan 25, 2026	In the Linux kernel, the following vulnerability has been resolved: macvlan: fix possible UAF in macvlan_forward_source() Add RCU protection on (struct macvlan_source_entry)->vlan. Whenever macvlan_hash_del_source() is called, we must clear entry->vlan pointer before RCU grace
CVE-2026-22999	Hig	7.8	< 5.3.18-150300.59.235.1.150300.18.140.1	5.3.18-150300.59.235.1.150300.18.140.1	Jan 25, 2026	In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_qfq: do not free existing class in qfq_change_class() Fixes qfq_change_class() error case. cl->qdisc and cl should only be freed if a new class and qdisc were allocated, or we risk various UAF.
CVE-2025-71120		—	< 5.3.18-150300.59.232.1.150300.18.138.1	5.3.18-150300.59.232.1.150300.18.138.1	Jan 14, 2026	In the Linux kernel, the following vulnerability has been resolved: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf A zero length gss_token results in pages == 0 and in_token->pages[0] is NULL. The code unconditionally evaluates page_addres
CVE-2025-71112		—	< 5.3.18-150300.59.235.1.150300.18.140.1	5.3.18-150300.59.235.1.150300.18.140.1	Jan 14, 2026	In the Linux kernel, the following vulnerability has been resolved: net: hns3: add VLAN id validation before using Currently, the VLAN id may be used without validation when receive a VLAN configuration mailbox from VF. The length of vlan_del_fail_bmap is BITS_TO_LONGS(VLAN_N_V
CVE-2025-71089	Hig	7.8	< 5.3.18-150300.59.235.1.150300.18.140.1	5.3.18-150300.59.235.1.150300.18.140.1	Jan 13, 2026	In the Linux kernel, the following vulnerability has been resolved: iommu: disable SVA when CONFIG_X86 is set Patch series "Fix stale IOTLB entries for kernel address space", v7. This proposes a fix for a security vulnerability related to IOMMU Shared Virtual Addressing (SVA).
CVE-2025-71066		—	< 5.3.18-150300.59.238.1.150300.18.142.1	5.3.18-150300.59.238.1.150300.18.142.1	Jan 13, 2026	In the Linux kernel, the following vulnerability has been resolved: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change zdi-disclosures@trendmicro.com says: The vulnerability is a race condition between `ets_qdisc_dequeue` and `ets_qdisc_ch
CVE-2025-68813		—	< 5.3.18-150300.59.232.1.150300.18.138.1	5.3.18-150300.59.232.1.150300.18.138.1	Jan 13, 2026	In the Linux kernel, the following vulnerability has been resolved: ipvs: fix ipv4 null-ptr-deref in route error path The IPv4 code path in __ip_vs_get_out_rt() calls dst_link_failure() without ensuring skb->dev is set, leading to a NULL pointer dereference in fib_compute_spec_
CVE-2025-71085		—	< 5.3.18-150300.59.235.1.150300.18.140.1	5.3.18-150300.59.235.1.150300.18.140.1	Jan 13, 2026	In the Linux kernel, the following vulnerability has been resolved: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() There exists a kernel oops caused by a BUG_ON(nhead < 0) at net/core/skbuff.c:2232 in pskb_expand_head(). This bug is triggered as part of t

CVE-2026-23398MedMar 26, 2026
affected < 5.3.18-150300.59.241.1.150300.18.144.1fixed 5.3.18-150300.59.241.1.150300.18.144.1
In the Linux kernel, the following vulnerability has been resolved: icmp: fix NULL pointer dereference in icmp_tag_validation() icmp_tag_validation() unconditionally dereferences the result of rcu_dereference(inet_protos[proto]) without checking for NULL. The inet_protos[] arra
CVE-2026-23293Mar 25, 2026
affected < 5.3.18-150300.59.241.1.150300.18.144.1fixed 5.3.18-150300.59.241.1.150300.18.144.1
In the Linux kernel, the following vulnerability has been resolved: net: vxlan: fix nd_tbl NULL dereference when IPv6 is disabled When booting with the 'ipv6.disable=1' parameter, the nd_tbl is never initialized because inet6_init() exits before ndisc_init() is called which ini
CVE-2026-23274HigMar 20, 2026
affected < 5.3.18-150300.59.241.1.150300.18.144.1fixed 5.3.18-150300.59.241.1.150300.18.144.1
In the Linux kernel, the following vulnerability has been resolved: netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels IDLETIMER revision 0 rules reuse existing timers by label and always call mod_timer() on timer->timer. If the label was created first by revisio
CVE-2026-23272HigMar 20, 2026
affected < 5.3.18-150300.59.241.1.150300.18.144.1fixed 5.3.18-150300.59.241.1.150300.18.144.1
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: unconditionally bump set->nelems before insertion In case that the set is full, a new element gets published then removed without waiting for the RCU grace period, while RCU reader can be
CVE-2026-23243HigMar 18, 2026
affected < 5.3.18-150300.59.241.1.150300.18.144.1fixed 5.3.18-150300.59.241.1.150300.18.144.1
In the Linux kernel, the following vulnerability has been resolved: RDMA/umad: Reject negative data_len in ib_umad_write ib_umad_write computes data_len from user-controlled count and the MAD header sizes. With a mismatched user MAD header size and RMPP header length, data_len
CVE-2026-23204HigFeb 14, 2026
affected < 5.3.18-150300.59.238.1.150300.18.142.1fixed 5.3.18-150300.59.238.1.150300.18.142.1
In the Linux kernel, the following vulnerability has been resolved: net/sched: cls_u32: use skb_header_pointer_careful() skb_header_pointer() does not fully validate negative @offset values. Use skb_header_pointer_careful() instead. GangMin Kim provided a report and a repro f
CVE-2026-23191HigFeb 14, 2026
affected < 5.3.18-150300.59.238.1.150300.18.142.1fixed 5.3.18-150300.59.238.1.150300.18.142.1
In the Linux kernel, the following vulnerability has been resolved: ALSA: aloop: Fix racy access at PCM trigger The PCM trigger callback of aloop driver tries to check the PCM state and stop the stream of the tied substream in the corresponding cable. Since both check and stop
CVE-2026-23103HigFeb 4, 2026
affected < 5.3.18-150300.59.241.1.150300.18.144.1fixed 5.3.18-150300.59.241.1.150300.18.144.1
In the Linux kernel, the following vulnerability has been resolved: ipvlan: Make the addrs_lock be per port Make the addrs_lock be per port, not per ipvlan dev. Initial code seems to be written in the assumption, that any address change must occur under RTNL. But it is not so
CVE-2026-23074HigFeb 4, 2026
affected < 5.3.18-150300.59.238.1.150300.18.142.1fixed 5.3.18-150300.59.238.1.150300.18.142.1
In the Linux kernel, the following vulnerability has been resolved: net/sched: Enforce that teql can only be used as root qdisc Design intent of teql is that it is only supposed to be used as root qdisc. We need to check for that constraint. Although not important, I will desc
CVE-2026-23089Feb 4, 2026
affected < 5.3.18-150300.59.238.1.150300.18.142.1fixed 5.3.18-150300.59.238.1.150300.18.142.1
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free() When snd_usb_create_mixer() fails, snd_usb_mixer_free() frees mixer->id_elems but the controls already added to the card still reference the freed mem
CVE-2026-23060Feb 4, 2026
affected < 5.3.18-150300.59.238.1.150300.18.142.1fixed 5.3.18-150300.59.238.1.150300.18.142.1
In the Linux kernel, the following vulnerability has been resolved: crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec authencesn assumes an ESP/ESN-formatted AAD. When assoclen is shorter than the minimum expected length, crypto_authenc_esn_decrypt()
CVE-2026-23004HigJan 25, 2026
affected < 5.3.18-150300.59.238.1.150300.18.142.1fixed 5.3.18-150300.59.238.1.150300.18.142.1
In the Linux kernel, the following vulnerability has been resolved: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list() syzbot was able to crash the kernel in rt6_uncached_list_flush_dev() in an interesting way [1] Crash happens in list_del_init()/INIT_LIST_HE
CVE-2026-23001HigJan 25, 2026
affected < 5.3.18-150300.59.235.1.150300.18.140.1fixed 5.3.18-150300.59.235.1.150300.18.140.1
In the Linux kernel, the following vulnerability has been resolved: macvlan: fix possible UAF in macvlan_forward_source() Add RCU protection on (struct macvlan_source_entry)->vlan. Whenever macvlan_hash_del_source() is called, we must clear entry->vlan pointer before RCU grace
CVE-2026-22999HigJan 25, 2026
affected < 5.3.18-150300.59.235.1.150300.18.140.1fixed 5.3.18-150300.59.235.1.150300.18.140.1
In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_qfq: do not free existing class in qfq_change_class() Fixes qfq_change_class() error case. cl->qdisc and cl should only be freed if a new class and qdisc were allocated, or we risk various UAF.
CVE-2025-71120Jan 14, 2026
affected < 5.3.18-150300.59.232.1.150300.18.138.1fixed 5.3.18-150300.59.232.1.150300.18.138.1
In the Linux kernel, the following vulnerability has been resolved: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf A zero length gss_token results in pages == 0 and in_token->pages[0] is NULL. The code unconditionally evaluates page_addres
CVE-2025-71112Jan 14, 2026
affected < 5.3.18-150300.59.235.1.150300.18.140.1fixed 5.3.18-150300.59.235.1.150300.18.140.1
In the Linux kernel, the following vulnerability has been resolved: net: hns3: add VLAN id validation before using Currently, the VLAN id may be used without validation when receive a VLAN configuration mailbox from VF. The length of vlan_del_fail_bmap is BITS_TO_LONGS(VLAN_N_V
CVE-2025-71089HigJan 13, 2026
affected < 5.3.18-150300.59.235.1.150300.18.140.1fixed 5.3.18-150300.59.235.1.150300.18.140.1
In the Linux kernel, the following vulnerability has been resolved: iommu: disable SVA when CONFIG_X86 is set Patch series "Fix stale IOTLB entries for kernel address space", v7. This proposes a fix for a security vulnerability related to IOMMU Shared Virtual Addressing (SVA).
CVE-2025-71066Jan 13, 2026
affected < 5.3.18-150300.59.238.1.150300.18.142.1fixed 5.3.18-150300.59.238.1.150300.18.142.1
In the Linux kernel, the following vulnerability has been resolved: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change zdi-disclosures@trendmicro.com says: The vulnerability is a race condition between `ets_qdisc_dequeue` and `ets_qdisc_ch
CVE-2025-68813Jan 13, 2026
affected < 5.3.18-150300.59.232.1.150300.18.138.1fixed 5.3.18-150300.59.232.1.150300.18.138.1
In the Linux kernel, the following vulnerability has been resolved: ipvs: fix ipv4 null-ptr-deref in route error path The IPv4 code path in __ip_vs_get_out_rt() calls dst_link_failure() without ensuring skb->dev is set, leading to a NULL pointer dereference in fib_compute_spec_
CVE-2025-71085Jan 13, 2026
affected < 5.3.18-150300.59.235.1.150300.18.140.1fixed 5.3.18-150300.59.235.1.150300.18.140.1
In the Linux kernel, the following vulnerability has been resolved: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() There exists a kernel oops caused by a BUG_ON(nhead < 0) at net/core/skbuff.c:2232 in pskb_expand_head(). This bug is triggered as part of t

Page 1 of 85