suse/kernel-default-base&distro=SUSE Linux Enterprise Module for Basesystem 15 SP7

Vulnerabilities (2,262)

• CVE-2025-38152Apr 18, 2025
  affected < 6.4.0-150700.53.3.1.150700.17.2.1fixed 6.4.0-150700.53.3.1.150700.17.2.1

  In the Linux kernel, the following vulnerability has been resolved: remoteproc: core: Clear table_sz when rproc_shutdown There is case as below could trigger kernel dump: Use U-Boot to start remote processor(rproc) with resource table published to a fixed address by rproc. Afte

• CVE-2025-38104Apr 18, 2025
  affected < 6.4.0-150700.53.6.1.150700.17.6.1fixed 6.4.0-150700.53.6.1.150700.17.6.1

  In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion in SRIOV RLCG Register Access is a way for virtual functions to safely access GPU registers in a virtualized environm

• CVE-2025-37925Apr 18, 2025
  affected < 6.4.0-150700.53.6.1.150700.17.6.1fixed 6.4.0-150700.53.6.1.150700.17.6.1

  In the Linux kernel, the following vulnerability has been resolved: jfs: reject on-disk inodes of an unsupported type Syzbot has reported the following BUG: kernel BUG at fs/inode.c:668! Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI CPU: 3 UID: 0 PID: 139 Comm: jfsComm

• CVE-2025-37860Apr 18, 2025
  affected < 6.4.0-150700.53.3.1.150700.17.2.1fixed 6.4.0-150700.53.3.1.150700.17.2.1

  In the Linux kernel, the following vulnerability has been resolved: sfc: fix NULL dereferences in ef100_process_design_param() Since cited commit, ef100_probe_main() and hence also ef100_check_design_params() run before efx->net_dev is created; consequently, we cannot netif_s

• CVE-2025-37785Apr 18, 2025
  affected < 6.4.0-150700.53.3.1.150700.17.2.1fixed 6.4.0-150700.53.3.1.150700.17.2.1

  In the Linux kernel, the following vulnerability has been resolved: ext4: fix OOB read when checking dotdot dir Mounting a corrupted filesystem with directory which contains '.' dir entry with rec_len == block size results in out-of-bounds read (later on, when the corrupted dir

• CVE-2025-22125MedApr 16, 2025
  affected < 6.4.0-150700.53.3.1.150700.17.2.1fixed 6.4.0-150700.53.3.1.150700.17.2.1

  In the Linux kernel, the following vulnerability has been resolved: md/raid1,raid10: don't ignore IO flags If blk-wbt is enabled by default, it's found that raid write performance is quite bad because all IO are throttled by wbt of underlying disks, due to flag REQ_IDLE is igno

• CVE-2025-22116MedApr 16, 2025
  affected < 6.4.0-150700.53.3.1.150700.17.2.1fixed 6.4.0-150700.53.3.1.150700.17.2.1

  In the Linux kernel, the following vulnerability has been resolved: idpf: check error for register_netdev() on init Current init logic ignores the error code from register_netdev(), which will cause WARN_ON() on attempt to unregister it, if there was one, and there is no info f

• CVE-2025-22083HigApr 16, 2025
  affected < 6.4.0-150700.53.6.1.150700.17.6.1fixed 6.4.0-150700.53.6.1.150700.17.6.1

  In the Linux kernel, the following vulnerability has been resolved: vhost-scsi: Fix handling of multiple calls to vhost_scsi_set_endpoint If vhost_scsi_set_endpoint is called multiple times without a vhost_scsi_clear_endpoint between them, we can hit multiple bugs found by Haor

• CVE-2024-58097MedApr 16, 2025
  affected < 6.4.0-150700.53.3.1.150700.17.2.1fixed 6.4.0-150700.53.3.1.150700.17.2.1

  In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix RCU stall while reaping monitor destination ring While processing the monitor destination ring, MSDUs are reaped from the link descriptor based on the corresponding buf_id. However, sometimes

• CVE-2024-58096MedApr 16, 2025
  affected < 6.4.0-150700.53.3.1.150700.17.2.1fixed 6.4.0-150700.53.3.1.150700.17.2.1

  In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: add srng->lock for ath11k_hal_srng_* in monitor mode ath11k_hal_srng_* should be used with srng->lock to protect srng data. For ath11k_dp_rx_mon_dest_process() and ath11k_dp_full_mon_process_rx()

• CVE-2025-23138Apr 16, 2025
  affected < 6.4.0-150700.53.3.1.150700.17.2.1fixed 6.4.0-150700.53.3.1.150700.17.2.1

  In the Linux kernel, the following vulnerability has been resolved: watch_queue: fix pipe accounting mismatch Currently, watch_queue_set_size() modifies the pipe buffers charged to user->pipe_bufs without updating the pipe->nr_accounted on the pipe itself, due to the if (!pipe_

• CVE-2025-23136Apr 16, 2025
  affected < 6.4.0-150700.53.3.1.150700.17.2.1fixed 6.4.0-150700.53.3.1.150700.17.2.1

  In the Linux kernel, the following vulnerability has been resolved: thermal: int340x: Add NULL check for adev Not all devices have an ACPI companion fwnode, so adev might be NULL. This is similar to the commit cd2fd6eab480 ("platform/x86: int3472: Check for adev == NULL"). Add

• CVE-2025-23134Apr 16, 2025
  affected < 6.4.0-150700.53.3.1.150700.17.2.1fixed 6.4.0-150700.53.3.1.150700.17.2.1

  In the Linux kernel, the following vulnerability has been resolved: ALSA: timer: Don't take register_mutex with copy_from/to_user() The infamous mmap_lock taken in copy_from/to_user() can be often problematic when it's called inside another mutex, as they might lead to deadlock

• CVE-2025-23133Apr 16, 2025
  affected < 6.4.0-150700.53.3.1.150700.17.2.1fixed 6.4.0-150700.53.3.1.150700.17.2.1

  In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: update channel list in reg notifier instead reg worker Currently when ath11k gets a new channel list, it will be processed according to the following steps: 1. update new channel list to cfg80211

• CVE-2025-23131Apr 16, 2025
  affected < 6.4.0-150700.53.3.1.150700.17.2.1fixed 6.4.0-150700.53.3.1.150700.17.2.1

  In the Linux kernel, the following vulnerability has been resolved: dlm: prevent NPD when writing a positive value to event_done do_uevent returns the value written to event_done. In case it is a positive value, new_lockspace would undo all the work, and lockspace would not be

• CVE-2025-23129Apr 16, 2025
  affected < 6.4.0-150700.53.3.1.150700.17.2.1fixed 6.4.0-150700.53.3.1.150700.17.2.1

  In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: Clear affinity hint before calling ath11k_pcic_free_irq() in error path If a shared IRQ is used by the driver due to platform limitation, then the IRQ affinity hint is set right after the allocati

• CVE-2025-22128Apr 16, 2025
  affected < 6.4.0-150700.53.3.1.150700.17.2.1fixed 6.4.0-150700.53.3.1.150700.17.2.1

  In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Clear affinity hint before calling ath12k_pci_free_irq() in error path If a shared IRQ is used by the driver due to platform limitation, then the IRQ affinity hint is set right after the allocatio

• CVE-2025-22126Apr 16, 2025
  affected < 6.4.0-150700.53.3.1.150700.17.2.1fixed 6.4.0-150700.53.3.1.150700.17.2.1

  In the Linux kernel, the following vulnerability has been resolved: md: fix mddev uaf while iterating all_mddevs list While iterating all_mddevs list from md_notify_reboot() and md_exit(), list_for_each_entry_safe is used, and this can race with deletint the next mddev, causing

• CVE-2025-22124Apr 16, 2025
  affected < 6.4.0-150700.53.6.1.150700.17.6.1fixed 6.4.0-150700.53.6.1.150700.17.6.1

  In the Linux kernel, the following vulnerability has been resolved: md/md-bitmap: fix wrong bitmap_limit for clustermd when write sb In clustermd, separate write-intent-bitmaps are used for each cluster node: 0 4k 8k 12

• CVE-2025-22121Apr 16, 2025
  affected < 6.4.0-150700.53.3.1.150700.17.2.1fixed 6.4.0-150700.53.3.1.150700.17.2.1

  In the Linux kernel, the following vulnerability has been resolved: ext4: fix out-of-bound read in ext4_xattr_inode_dec_ref_all() There's issue as follows: BUG: KASAN: use-after-free in ext4_xattr_inode_dec_ref_all+0x6ff/0x790 Read of size 4 at addr ffff88807b003000 by task syz