suse/kernel-default-base&distro=SUSE Linux Enterprise Module for Basesystem 15 SP7

Vulnerabilities (2,262)

• CVE-2025-71108Jan 14, 2026
  affected < 6.4.0-150700.53.31.1.150700.17.21.1fixed 6.4.0-150700.53.31.1.150700.17.21.1

  In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: Handle incorrect num_connectors capability The UCSI spec states that the num_connectors field is 7 bits, and the 8th bit is reserved and should be set to zero. Some buggy FW has been known to

• CVE-2025-71104Jan 14, 2026
  affected < 6.4.0-150700.53.34.1.150700.17.23.1fixed 6.4.0-150700.53.34.1.150700.17.23.1

  In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Fix VM hard lockup after prolonged inactivity with periodic HV timer When advancing the target expiration for the guest's APIC timer in periodic mode, set the expiration to "now" if the target expirat

• CVE-2025-71089HigJan 13, 2026
  affected < 6.4.0-150700.53.31.1.150700.17.21.1fixed 6.4.0-150700.53.31.1.150700.17.21.1

  In the Linux kernel, the following vulnerability has been resolved: iommu: disable SVA when CONFIG_X86 is set Patch series "Fix stale IOTLB entries for kernel address space", v7. This proposes a fix for a security vulnerability related to IOMMU Shared Virtual Addressing (SVA).

• CVE-2025-71066Jan 13, 2026
  affected < 6.4.0-150700.53.31.1.150700.17.21.1fixed 6.4.0-150700.53.31.1.150700.17.21.1

  In the Linux kernel, the following vulnerability has been resolved: net/sched: ets: Always remove class from active list before deleting in ets_qdisc_change zdi-disclosures@trendmicro.com says: The vulnerability is a race condition between `ets_qdisc_dequeue` and `ets_qdisc_ch

• CVE-2025-71064Jan 13, 2026
  affected < 6.4.0-150700.53.31.1.150700.17.21.1fixed 6.4.0-150700.53.31.1.150700.17.21.1

  In the Linux kernel, the following vulnerability has been resolved: net: hns3: using the num_tqps in the vf driver to apply for resources Currently, hdev->htqp is allocated using hdev->num_tqps, and kinfo->tqp is allocated using kinfo->num_tqps. However, kinfo->num_tqps is set

• CVE-2025-68820Jan 13, 2026
  affected < 6.4.0-150700.53.31.1.150700.17.21.1fixed 6.4.0-150700.53.31.1.150700.17.21.1

  In the Linux kernel, the following vulnerability has been resolved: ext4: xattr: fix null pointer deref in ext4_raw_inode() If ext4_get_inode_loc() fails (e.g. if it returns -EFSCORRUPTED), iloc.bh will remain set to NULL. Since ext4_xattr_inode_dec_ref_all() lacks error checki

• CVE-2025-68819Jan 13, 2026
  affected < 6.4.0-150700.53.31.1.150700.17.21.1fixed 6.4.0-150700.53.31.1.150700.17.21.1

  In the Linux kernel, the following vulnerability has been resolved: media: dvb-usb: dtv5100: fix out-of-bounds in dtv5100_i2c_msg() rlen value is a user-controlled value, but dtv5100_i2c_msg() does not check the size of the rlen value. Therefore, if it is set to a value larger

• CVE-2025-68816Jan 13, 2026
  affected < 6.4.0-150700.53.31.1.150700.17.21.1fixed 6.4.0-150700.53.31.1.150700.17.21.1

  In the Linux kernel, the following vulnerability has been resolved: net/mlx5: fw_tracer, Validate format string parameters Add validation for format string parameters in the firmware tracer to prevent potential security vulnerabilities and crashes from malformed format strings

• CVE-2025-68815Jan 13, 2026
  affected < 6.4.0-150700.53.31.1.150700.17.21.1fixed 6.4.0-150700.53.31.1.150700.17.21.1

  In the Linux kernel, the following vulnerability has been resolved: net/sched: ets: Remove drr class from the active list if it changes to strict Whenever a user issues an ets qdisc change command, transforming a drr class into a strict one, the ets code isn't checking whether

• CVE-2025-68814Jan 13, 2026
  affected < 6.4.0-150700.53.31.1.150700.17.21.1fixed 6.4.0-150700.53.31.1.150700.17.21.1

  In the Linux kernel, the following vulnerability has been resolved: io_uring: fix filename leak in __io_openat_prep() __io_openat_prep() allocates a struct filename using getname(). However, for the condition of the file being installed in the fixed file table as well as havin

• CVE-2025-68813Jan 13, 2026
  affected < 6.4.0-150700.53.31.1.150700.17.21.1fixed 6.4.0-150700.53.31.1.150700.17.21.1

  In the Linux kernel, the following vulnerability has been resolved: ipvs: fix ipv4 null-ptr-deref in route error path The IPv4 code path in __ip_vs_get_out_rt() calls dst_link_failure() without ensuring skb->dev is set, leading to a NULL pointer dereference in fib_compute_spec_

• CVE-2025-68810Jan 13, 2026
  affected < 6.4.0-150700.53.34.1.150700.17.23.1fixed 6.4.0-150700.53.34.1.150700.17.23.1

  In the Linux kernel, the following vulnerability has been resolved: KVM: Disallow toggling KVM_MEM_GUEST_MEMFD on an existing memslot Reject attempts to disable KVM_MEM_GUEST_MEMFD on a memslot that was initially created with a guest_memfd binding, as KVM doesn't support toggli

• CVE-2025-68808Jan 13, 2026
  affected < 6.4.0-150700.53.31.1.150700.17.21.1fixed 6.4.0-150700.53.31.1.150700.17.21.1

  In the Linux kernel, the following vulnerability has been resolved: media: vidtv: initialize local pointers upon transfer of memory ownership vidtv_channel_si_init() creates a temporary list (program, service, event) and ownership of the memory itself is transferred to the PAT/

• CVE-2025-68804Jan 13, 2026
  affected < 6.4.0-150700.53.31.1.150700.17.21.1fixed 6.4.0-150700.53.31.1.150700.17.21.1

  In the Linux kernel, the following vulnerability has been resolved: platform/chrome: cros_ec_ishtp: Fix UAF after unbinding driver After unbinding the driver, another kthread `cros_ec_console_log_work` is still accessing the device, resulting an UAF and crash. The driver doesn

• CVE-2025-68803Jan 13, 2026
  affected < 6.4.0-150700.53.31.1.150700.17.21.1fixed 6.4.0-150700.53.31.1.150700.17.21.1

  In the Linux kernel, the following vulnerability has been resolved: NFSD: NFSv4 file creation neglects setting ACL An NFSv4 client that sets an ACL with a named principal during file creation retrieves the ACL afterwards, and finds that it is only a default ACL (based on the mo

• CVE-2025-68802Jan 13, 2026
  affected < 6.4.0-150700.53.31.1.150700.17.21.1fixed 6.4.0-150700.53.31.1.150700.17.21.1

  In the Linux kernel, the following vulnerability has been resolved: drm/xe: Limit num_syncs to prevent oversized allocations The exec and vm_bind ioctl allow userspace to specify an arbitrary num_syncs value. Without bounds checking, a very large num_syncs can force an excessiv

• CVE-2025-68801Jan 13, 2026
  affected < 6.4.0-150700.53.31.1.150700.17.21.1fixed 6.4.0-150700.53.31.1.150700.17.21.1

  In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_router: Fix neighbour use-after-free We sometimes observe use-after-free when dereferencing a neighbour [1]. The problem seems to be that the driver stores a pointer to the neighbour, but withou

• CVE-2025-68800Jan 13, 2026
  affected < 6.4.0-150700.53.31.1.150700.17.21.1fixed 6.4.0-150700.53.31.1.150700.17.21.1

  In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats Cited commit added a dedicated mutex (instead of RTNL) to protect the multicast route list, so that it will not change while the driver

• CVE-2025-68798Jan 13, 2026
  affected < 6.4.0-150700.53.31.1.150700.17.21.1fixed 6.4.0-150700.53.31.1.150700.17.21.1

  In the Linux kernel, the following vulnerability has been resolved: perf/x86/amd: Check event before enable to avoid GPF On AMD machines cpuc->events[idx] can become NULL in a subtle race condition with NMI->throttle->x86_pmu_stop(). Check event for NULL in amd_pmu_enable_all(

• CVE-2025-68797Jan 13, 2026
  affected < 6.4.0-150700.53.31.1.150700.17.21.1fixed 6.4.0-150700.53.31.1.150700.17.21.1

  In the Linux kernel, the following vulnerability has been resolved: char: applicom: fix NULL pointer dereference in ac_ioctl Discovered by Atuin - Automated Vulnerability Discovery Engine. In ac_ioctl, the validation of IndexCard and the check for a valid RamIO pointer are ski