suse/kernel-default-base&distro=SUSE Linux Enterprise Module for Basesystem 15 SP7

Vulnerabilities (2,262)

• CVE-2025-21729Feb 27, 2025
  affected < 6.4.0-150700.53.3.1.150700.17.2.1fixed 6.4.0-150700.53.3.1.150700.17.2.1

  In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: fix race between cancel_hw_scan and hw_scan completion The rtwdev->scanning flag isn't protected by mutex originally, so cancel_hw_scan can pass the condition, but suddenly hw_scan completion unset

• CVE-2025-21720Feb 27, 2025
  affected < 6.4.0-150700.53.6.1.150700.17.6.1fixed 6.4.0-150700.53.6.1.150700.17.6.1

  In the Linux kernel, the following vulnerability has been resolved: xfrm: delete intermediate secpath entry in packet offload mode Packets handled by hardware have added secpath as a way to inform XFRM core code that this path was already handled. That secpath is not needed at

• CVE-2025-21717Feb 27, 2025
  affected < 6.4.0-150700.53.3.1.150700.17.2.1fixed 6.4.0-150700.53.3.1.150700.17.2.1

  In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: add missing cpu_to_node to kvzalloc_node in mlx5e_open_xdpredirect_sq kvzalloc_node is not doing a runtime check on the node argument (__alloc_pages_node_noprof does have a VM_BUG_ON, but it expands

• CVE-2025-21713Feb 27, 2025
  affected < 6.4.0-150700.53.6.1.150700.17.6.1fixed 6.4.0-150700.53.6.1.150700.17.6.1

  In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries/iommu: Don't unset window if it was never set On pSeries, when user attempts to use the same vfio container used by different iommu group, the spapr_tce_set_window() returns -EPERM and the subse

• CVE-2025-21710Feb 27, 2025
  affected < 6.4.0-150700.53.25.1.150700.17.17.1fixed 6.4.0-150700.53.25.1.150700.17.17.1

  In the Linux kernel, the following vulnerability has been resolved: tcp: correct handling of extreme memory squeeze Testing with iperf3 using the "pasta" protocol splicer has revealed a problem in the way tcp handles window advertising in extreme memory squeeze situations. Und

• CVE-2025-21707Feb 27, 2025
  affected < 6.4.0-150700.53.3.1.150700.17.2.1fixed 6.4.0-150700.53.3.1.150700.17.2.1

  In the Linux kernel, the following vulnerability has been resolved: mptcp: consolidate suboption status MPTCP maintains the received sub-options status is the bitmask carrying the received suboptions and in several bitfields carrying per suboption additional info. Zeroing the

• CVE-2025-21706Feb 27, 2025
  affected < 6.4.0-150700.53.3.1.150700.17.2.1fixed 6.4.0-150700.53.3.1.150700.17.2.1

  In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: only set fullmesh for subflow endp With the in-kernel path-manager, it is possible to change the 'fullmesh' flag. The code in mptcp_pm_nl_fullmesh() expects to change it only on 'subflow' endpoints,

• CVE-2024-57998Feb 27, 2025
  affected < 6.4.0-150700.53.3.1.150700.17.2.1fixed 6.4.0-150700.53.3.1.150700.17.2.1

  In the Linux kernel, the following vulnerability has been resolved: OPP: add index check to assert to avoid buffer overflow in _read_freq() Pass the freq index to the assert function to make sure we do not read a freq out of the opp->rates[] table when called from the indexed v

• CVE-2024-57995Feb 27, 2025
  affected < 6.4.0-150700.53.6.1.150700.17.6.1fixed 6.4.0-150700.53.6.1.150700.17.6.1

  In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix read pointer after free in ath12k_mac_assign_vif_to_vdev() In ath12k_mac_assign_vif_to_vdev(), if arvif is created on a different radio, it gets deleted from that radio through a call to ath12

• CVE-2024-57988Feb 27, 2025
  affected < 6.4.0-150700.53.6.1.150700.17.6.1fixed 6.4.0-150700.53.6.1.150700.17.6.1

  In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btbcm: Fix NULL deref in btbcm_get_board_name() devm_kstrdup() can return a NULL pointer on failure,but this returned value in btbcm_get_board_name() is not checked. Add NULL check in btbcm_get_board

• CVE-2024-57987Feb 27, 2025
  affected < 6.4.0-150700.53.6.1.150700.17.6.1fixed 6.4.0-150700.53.6.1.150700.17.6.1

  In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btrtl: check for NULL in btrtl_setup_realtek() If insert an USB dongle which chip is not maintained in ic_id_table, it will hit the NULL point accessed. Add a null point check to avoid the Kernel Oop

• CVE-2024-57982Feb 27, 2025
  affected < 6.4.0-150700.53.6.1.150700.17.6.1fixed 6.4.0-150700.53.6.1.150700.17.6.1

  In the Linux kernel, the following vulnerability has been resolved: xfrm: state: fix out-of-bounds read during lookup lookup and resize can run in parallel. The xfrm_state_hash_generation seqlock ensures a retry, but the hash functions can observe a hmask value that is too lar

• CVE-2024-57974Feb 27, 2025
  affected < 6.4.0-150700.53.3.1.150700.17.2.1fixed 6.4.0-150700.53.3.1.150700.17.2.1

  In the Linux kernel, the following vulnerability has been resolved: udp: Deal with race between UDP socket address change and rehash If a UDP socket changes its local address while it's receiving datagrams, as a result of connect(), there is a period during which a lookup opera

• CVE-2025-21702HigFeb 18, 2025
  affected < 6.4.0-150700.53.3.1.150700.17.2.1fixed 6.4.0-150700.53.3.1.150700.17.2.1

  In the Linux kernel, the following vulnerability has been resolved: pfifo_tail_enqueue: Drop new packet when sch->limit == 0 Expected behaviour: In case we reach scheduler's limit, pfifo_tail_enqueue() will drop a packet in scheduler's queue and decrease scheduler's qlen by one

• CVE-2025-21703Feb 18, 2025
  affected < 6.4.0-150700.53.3.1.150700.17.2.1fixed 6.4.0-150700.53.3.1.150700.17.2.1

  In the Linux kernel, the following vulnerability has been resolved: netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() qdisc_tree_reduce_backlog() notifies parent qdisc only if child qdisc becomes empty, therefore we need to reduce the backlog of the child qdisc befor

• CVE-2025-21701MedFeb 13, 2025
  affected < 6.4.0-150700.53.3.1.150700.17.2.1fixed 6.4.0-150700.53.3.1.150700.17.2.1

  In the Linux kernel, the following vulnerability has been resolved: net: avoid race between device unregistration and ethnl ops The following trace can be seen if a device is being unregistered while its number of channels are being modified. DEBUG_LOCKS_WARN_ON(lock->magic

• CVE-2025-21696Feb 12, 2025
  affected < 6.4.0-150700.53.3.1.150700.17.2.1fixed 6.4.0-150700.53.3.1.150700.17.2.1

  In the Linux kernel, the following vulnerability has been resolved: mm: clear uffd-wp PTE/PMD state on mremap() When mremap()ing a memory region previously registered with userfaultfd as write-protected but without UFFD_FEATURE_EVENT_REMAP, an inconsistency in flag clearing lea

• CVE-2025-21683MedJan 31, 2025
  affected < 6.4.0-150700.53.3.1.150700.17.2.1fixed 6.4.0-150700.53.3.1.150700.17.2.1

  In the Linux kernel, the following vulnerability has been resolved: bpf: Fix bpf_sk_select_reuseport() memory leak As pointed out in the original comment, lookup in sockmap can return a TCP ESTABLISHED socket. Such TCP socket may have had SO_ATTACH_REUSEPORT_EBPF set before it

• CVE-2024-57947Jan 23, 2025
  affected < 6.4.0-150700.53.3.1.150700.17.2.1fixed 6.4.0-150700.53.3.1.150700.17.2.1

  In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_set_pipapo: fix initial map fill The initial buffer has to be inited to all-ones, but it must restrict it to the size of the first field, not the total field size. After each round in the map sea

• CVE-2025-21659Jan 21, 2025
  affected < 6.4.0-150700.53.3.1.150700.17.2.1fixed 6.4.0-150700.53.3.1.150700.17.2.1

  In the Linux kernel, the following vulnerability has been resolved: netdev: prevent accessing NAPI instances from another namespace The NAPI IDs were not fully exposed to user space prior to the netlink API, so they were never namespaced. The netlink API must ensure that at the