suse/kernel-default-base&distro=SUSE Linux Enterprise Module for Basesystem 15 SP7

Vulnerabilities (2,262)

• CVE-2025-68746Dec 24, 2025
  affected < 6.4.0-150700.53.28.1.150700.17.19.1fixed 6.4.0-150700.53.28.1.150700.17.19.1

  In the Linux kernel, the following vulnerability has been resolved: spi: tegra210-quad: Fix timeout handling When the CPU that the QSPI interrupt handler runs on (typically CPU 0) is excessively busy, it can lead to rare cases of the IRQ thread not running before the transfer t

• CVE-2025-68744Dec 24, 2025
  affected < 6.4.0-150700.53.28.1.150700.17.19.1fixed 6.4.0-150700.53.28.1.150700.17.19.1

  In the Linux kernel, the following vulnerability has been resolved: bpf: Free special fields when update [lru_,]percpu_hash maps As [lru_,]percpu_hash maps support BPF_KPTR_{REF,PERCPU}, missing calls to 'bpf_obj_free_fields()' in 'pcpu_copy_value()' could cause the memory refe

• CVE-2025-68742Dec 24, 2025
  affected < 6.4.0-150700.53.28.1.150700.17.19.1fixed 6.4.0-150700.53.28.1.150700.17.19.1

  In the Linux kernel, the following vulnerability has been resolved: bpf: Fix invalid prog->stats access when update_effective_progs fails Syzkaller triggers an invalid memory access issue following fault injection in update_effective_progs. The issue can be described as follows

• CVE-2025-68740Dec 24, 2025
  affected < 6.4.0-150700.53.28.1.150700.17.19.1fixed 6.4.0-150700.53.28.1.150700.17.19.1

  In the Linux kernel, the following vulnerability has been resolved: ima: Handle error code returned by ima_filter_rule_match() In ima_match_rules(), if ima_filter_rule_match() returns -ENOENT due to the rule being NULL, the function incorrectly skips the 'if (!rc)' check and se

• CVE-2025-68736Dec 24, 2025
  affected < 6.4.0-150700.53.34.1.150700.17.23.1fixed 6.4.0-150700.53.34.1.150700.17.23.1

  In the Linux kernel, the following vulnerability has been resolved: landlock: Fix handling of disconnected directories Disconnected files or directories can appear when they are visible and opened from a bind mount, but have been renamed or moved from the source of the bind mou

• CVE-2025-68735Dec 24, 2025
  affected < 6.4.0-150700.53.34.1.150700.17.23.1fixed 6.4.0-150700.53.34.1.150700.17.23.1

  In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Prevent potential UAF in group creation This commit prevents the possibility of a use after free issue in the GROUP_CREATE ioctl function, which arose as pointer to the group is accessed in that io

• CVE-2023-54156Dec 24, 2025
  affected < 6.4.0-150700.53.28.1.150700.17.19.1fixed 6.4.0-150700.53.28.1.150700.17.19.1

  In the Linux kernel, the following vulnerability has been resolved: sfc: fix crash when reading stats while NIC is resetting efx_net_stats() (.ndo_get_stats64) can be called during an ethtool selftest, during which time nic_data->mc_stats is NULL as the NIC has been fini'd.

• CVE-2023-54155Dec 24, 2025
  affected < 6.4.0-150700.53.28.1.150700.17.19.1fixed 6.4.0-150700.53.28.1.150700.17.19.1

  In the Linux kernel, the following vulnerability has been resolved: net: core: remove unnecessary frame_sz check in bpf_xdp_adjust_tail() Syzkaller reported the following issue: ======================================= Too BIG xdp->frame_sz = 131072 WARNING: CPU: 0 PID: 5020 at

• CVE-2023-54154Dec 24, 2025
  affected < 6.4.0-150700.53.28.1.150700.17.19.1fixed 6.4.0-150700.53.28.1.150700.17.19.1

  In the Linux kernel, the following vulnerability has been resolved: scsi: target: core: Fix target_cmd_counter leak The target_cmd_counter struct allocated via target_alloc_cmd_counter() is never freed, resulting in leaks across various transport types, e.g.: unreferenced obj

• CVE-2023-54153Dec 24, 2025
  affected < 6.4.0-150700.53.28.1.150700.17.19.1fixed 6.4.0-150700.53.28.1.150700.17.19.1

  In the Linux kernel, the following vulnerability has been resolved: ext4: turn quotas off if mount failed after enabling quotas Yi found during a review of the patch "ext4: don't BUG on inconsistent journal feature" that when ext4_mark_recovery_complete() returns an error value

• CVE-2023-54149Dec 24, 2025
  affected < 6.4.0-150700.53.28.1.150700.17.19.1fixed 6.4.0-150700.53.28.1.150700.17.19.1

  In the Linux kernel, the following vulnerability has been resolved: net: dsa: avoid suspicious RCU usage for synced VLAN-aware MAC addresses When using the felix driver (the only one which supports UC filtering and MC filtering) as a DSA master for a random other DSA switch, on

• CVE-2023-54148Dec 24, 2025
  affected < 6.4.0-150700.53.28.1.150700.17.19.1fixed 6.4.0-150700.53.28.1.150700.17.19.1

  In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Move representor neigh cleanup to profile cleanup_tx For IP tunnel encapsulation in ECMP (Equal-Cost Multipath) mode, as the flow is duplicated to the peer eswitch, the related neighbour information

• CVE-2023-54145Dec 24, 2025
  affected < 6.4.0-150700.53.28.1.150700.17.19.1fixed 6.4.0-150700.53.28.1.150700.17.19.1

  In the Linux kernel, the following vulnerability has been resolved: bpf: drop unnecessary user-triggerable WARN_ONCE in verifierl log It's trivial for user to trigger "verifier log line truncated" warning, as verifier has a fixed-sized buffer of 1024 bytes (as of now), and ther

• CVE-2023-54143Dec 24, 2025
  affected < 6.4.0-150700.53.28.1.150700.17.19.1fixed 6.4.0-150700.53.28.1.150700.17.19.1

  In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: fix resource leaks in vdec_msg_queue_init() If we encounter any error in the vdec_msg_queue_init() then we need to set "msg_queue->wdma_addr.size = 0;". Normally, this is done inside t

• CVE-2023-54142Dec 24, 2025
  affected < 6.4.0-150700.53.28.1.150700.17.19.1fixed 6.4.0-150700.53.28.1.150700.17.19.1

  In the Linux kernel, the following vulnerability has been resolved: gtp: Fix use-after-free in __gtp_encap_destroy(). syzkaller reported use-after-free in __gtp_encap_destroy(). [0] It shows the same process freed sk and touched it illegally. Commit e198987e7dd7 ("gtp: fix su

• CVE-2023-54141Dec 24, 2025
  affected < 6.4.0-150700.53.28.1.150700.17.19.1fixed 6.4.0-150700.53.28.1.150700.17.19.1

  In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: Add missing hw_ops->get_ring_selector() for IPQ5018 During sending data after clients connected, hw_ops->get_ring_selector() will be called. But for IPQ5018, this member isn't set, and the followi

• CVE-2023-54140Dec 24, 2025
  affected < 6.4.0-150700.53.28.1.150700.17.19.1fixed 6.4.0-150700.53.28.1.150700.17.19.1

  In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix WARNING in mark_buffer_dirty due to discarded buffer reuse A syzbot stress test using a corrupted disk image reported that mark_buffer_dirty() called from __nilfs_mark_inode_dirty() or nilfs_palloc_

• CVE-2023-54137Dec 24, 2025
  affected < 6.4.0-150700.53.28.1.150700.17.19.1fixed 6.4.0-150700.53.28.1.150700.17.19.1

  In the Linux kernel, the following vulnerability has been resolved: vfio/type1: fix cap_migration information leak Fix an information leak where an uninitialized hole in struct vfio_iommu_type1_info_cap_migration on the stack is exposed to userspace. The definition of struct v

• CVE-2023-54136Dec 24, 2025
  affected < 6.4.0-150700.53.28.1.150700.17.19.1fixed 6.4.0-150700.53.28.1.150700.17.19.1

  In the Linux kernel, the following vulnerability has been resolved: serial: sprd: Fix DMA buffer leak issue Release DMA buffer when _probe() returns failure to avoid memory leak.

• CVE-2023-54135Dec 24, 2025
  affected < 6.4.0-150700.53.28.1.150700.17.19.1fixed 6.4.0-150700.53.28.1.150700.17.19.1

  In the Linux kernel, the following vulnerability has been resolved: maple_tree: fix potential out-of-bounds access in mas_wr_end_piv() Check the write offset end bounds before using it as the offset into the pivot array. This avoids a possible out-of-bounds access on the pivot