rpm package

suse/kernel-default-base&distro=SUSE Manager Server LTS 4.3

pkg:rpm/suse/kernel-default-base&distro=SUSE%20Manager%20Server%20LTS%204.3

Vulnerabilities (542)

CVE	Sev	CVSS	KEV	Affected versions	Fixed in	Published	Description
CVE-2025-38546		—		< 5.14.21-150400.24.176.1.150400.24.90.1	5.14.21-150400.24.176.1.150400.24.90.1	Aug 16, 2025	In the Linux kernel, the following vulnerability has been resolved: atm: clip: Fix memory leak of struct clip_vcc. ioctl(ATMARP_MKIP) allocates struct clip_vcc and set it to vcc->user_back. The code assumes that vcc_destroy_socket() passes NULL skb to vcc->push() when the sock
CVE-2025-38499	Med	5.5		< 5.14.21-150400.24.176.1.150400.24.90.1	5.14.21-150400.24.176.1.150400.24.90.1	Aug 11, 2025	In the Linux kernel, the following vulnerability has been resolved: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns What we want is to verify there is that clone won't expose something hidden by a mount we wouldn't be able to undo. "Wouldn't be
CVE-2022-50233		—		< 5.14.21-150400.24.179.1.150400.24.92.1	5.14.21-150400.24.179.1.150400.24.92.1	Aug 9, 2025	In the Linux kernel, the following vulnerability has been resolved: Bluetooth: eir: Fix using strlen with hdev->{dev_name,short_name} Both dev_name and short_name are not guaranteed to be NULL terminated so this instead use strnlen and then attempt to determine if the resulting
CVE-2025-38498	Med	5.5		< 5.14.21-150400.24.176.1.150400.24.90.1	5.14.21-150400.24.176.1.150400.24.90.1	Jul 30, 2025	In the Linux kernel, the following vulnerability has been resolved: do_change_type(): refuse to operate on unmounted/not ours mounts Ensure that propagation settings can only be changed for mounts located in the caller's mount namespace. This change aligns permission checking w
CVE-2025-38477	Med	4.7		< 5.14.21-150400.24.173.1.150400.24.88.1	5.14.21-150400.24.173.1.150400.24.88.1	Jul 28, 2025	In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_qfq: Fix race condition on qfq_aggregate A race condition can occur when 'agg' is modified in qfq_change_agg (called during qfq_enqueue) while other threads access it concurrently. For example, q
CVE-2025-38470	Med	5.5		< 5.14.21-150400.24.179.1.150400.24.92.1	5.14.21-150400.24.179.1.150400.24.92.1	Jul 28, 2025	In the Linux kernel, the following vulnerability has been resolved: net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime Assuming the "rx-vlan-filter" feature is enabled on a net device, the 8021q module will automatically add or remove VLAN 0 when the
CVE-2025-38468	Med	5.5		< 5.14.21-150400.24.173.1.150400.24.88.1	5.14.21-150400.24.173.1.150400.24.88.1	Jul 28, 2025	In the Linux kernel, the following vulnerability has been resolved: net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree htb_lookup_leaf has a BUG_ON that can trigger with the following: tc qdisc del dev lo root tc qdisc add dev lo root handle 1: htb default
CVE-2025-38497		—		< 5.14.21-150400.24.173.1.150400.24.88.1	5.14.21-150400.24.173.1.150400.24.88.1	Jul 28, 2025	In the Linux kernel, the following vulnerability has been resolved: usb: gadget: configfs: Fix OOB read on empty string write When writing an empty string to either 'qw_sign' or 'landingPage' sysfs attributes, the store functions attempt to access page[l - 1] before validating
CVE-2025-38495		—		< 5.14.21-150400.24.173.1.150400.24.88.1	5.14.21-150400.24.173.1.150400.24.88.1	Jul 28, 2025	In the Linux kernel, the following vulnerability has been resolved: HID: core: ensure the allocated report buffer can contain the reserved report ID When the report ID is not used, the low level transport drivers expect the first byte to be 0. However, currently the allocated b
CVE-2025-38494		—		< 5.14.21-150400.24.173.1.150400.24.88.1	5.14.21-150400.24.173.1.150400.24.88.1	Jul 28, 2025	In the Linux kernel, the following vulnerability has been resolved: HID: core: do not bypass hid_hw_raw_request hid_hw_raw_request() is actually useful to ensure the provided buffer and length are valid. Directly calling in the low level transport driver function bypassed those
CVE-2025-38488		—		< 5.14.21-150400.24.179.1.150400.24.92.1	5.14.21-150400.24.179.1.150400.24.92.1	Jul 28, 2025	In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free in crypt_message when using async crypto The CVE-2024-50047 fix removed asynchronous crypto handling from crypt_message(), assuming all crypto operations are synchronous. However
CVE-2025-38476		—		< 5.14.21-150400.24.179.1.150400.24.92.1	5.14.21-150400.24.179.1.150400.24.92.1	Jul 28, 2025	In the Linux kernel, the following vulnerability has been resolved: rpl: Fix use-after-free in rpl_do_srh_inline(). Running lwt_dst_cache_ref_loop.sh in selftest with KASAN triggers the splat below [0]. rpl_do_srh_inline() fetches ipv6_hdr(skb) and accesses it after skb_cow_he
CVE-2025-38460		—		< 5.14.21-150400.24.176.1.150400.24.90.1	5.14.21-150400.24.176.1.150400.24.90.1	Jul 25, 2025	In the Linux kernel, the following vulnerability has been resolved: atm: clip: Fix potential null-ptr-deref in to_atmarpd(). atmarpd is protected by RTNL since commit f3a0592b37b8 ("[ATM]: clip causes unregister hang"). However, it is not enough because to_atmarpd() is called
CVE-2025-38352		—	KEV	< 5.14.21-150400.24.176.1.150400.24.90.1	5.14.21-150400.24.176.1.150400.24.90.1	Jul 22, 2025	In the Linux kernel, the following vulnerability has been resolved: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() If an exiting non-autoreaping task has already passed exit_notify() and calls handle_posix_cpu_timers() from IRQ, it can be
CVE-2025-38350	Hig	7.8		< 5.14.21-150400.24.173.1.150400.24.88.1	5.14.21-150400.24.173.1.150400.24.88.1	Jul 19, 2025	In the Linux kernel, the following vulnerability has been resolved: net/sched: Always pass notifications when child class becomes empty Certain classful qdiscs may invoke their classes' dequeue handler on an enqueue operation. This may unexpectedly empty the child qdisc and thu
CVE-2025-38323		—		< 5.14.21-150400.24.176.1.150400.24.90.1	5.14.21-150400.24.176.1.150400.24.90.1	Jul 10, 2025	In the Linux kernel, the following vulnerability has been resolved: net: atm: add lec_mutex syzbot found its way in net/atm/lec.c, and found an error path in lecd_attach() could leave a dangling pointer in dev_lec[]. Add a mutex to protect dev_lecp[] uses from lecd_attach(), l
CVE-2025-38257		—		< 5.14.21-150400.24.173.1.150400.24.88.1	5.14.21-150400.24.173.1.150400.24.88.1	Jul 9, 2025	In the Linux kernel, the following vulnerability has been resolved: s390/pkey: Prevent overflow in size calculation for memdup_user() Number of apqn target list entries contained in 'nr_apqns' variable is determined by userspace via an ioctl call so the result of the product in
CVE-2025-38212	Hig	7.8		< 5.14.21-150400.24.173.1.150400.24.88.1	5.14.21-150400.24.173.1.150400.24.88.1	Jul 4, 2025	In the Linux kernel, the following vulnerability has been resolved: ipc: fix to protect IPCS lookups using RCU syzbot reported that it discovered a use-after-free vulnerability, [0] [0]: https://lore.kernel.org/all/67af13f8.050a0220.21dd3.0038.GAE@google.com/ idr_for_each() i
CVE-2025-38206		—		< 5.14.21-150400.24.173.1.150400.24.88.1	5.14.21-150400.24.173.1.150400.24.88.1	Jul 4, 2025	In the Linux kernel, the following vulnerability has been resolved: exfat: fix double free in delayed_free The double free could happen in the following path. exfat_create_upcase_table() exfat_create_upcase_table() : return error exfat_free_upcase_table() : fre
CVE-2025-38200		—		< 5.14.21-150400.24.173.1.150400.24.88.1	5.14.21-150400.24.173.1.150400.24.88.1	Jul 4, 2025	In the Linux kernel, the following vulnerability has been resolved: i40e: fix MMIO write access to an invalid page in i40e_clear_hw When the device sends a specific input, an integer underflow can occur, leading to MMIO write access to an invalid page. Prevent the integer unde

CVE-2025-38546Aug 16, 2025
affected < 5.14.21-150400.24.176.1.150400.24.90.1fixed 5.14.21-150400.24.176.1.150400.24.90.1
In the Linux kernel, the following vulnerability has been resolved: atm: clip: Fix memory leak of struct clip_vcc. ioctl(ATMARP_MKIP) allocates struct clip_vcc and set it to vcc->user_back. The code assumes that vcc_destroy_socket() passes NULL skb to vcc->push() when the sock
CVE-2025-38499MedAug 11, 2025
affected < 5.14.21-150400.24.176.1.150400.24.90.1fixed 5.14.21-150400.24.176.1.150400.24.90.1
In the Linux kernel, the following vulnerability has been resolved: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns What we want is to verify there is that clone won't expose something hidden by a mount we wouldn't be able to undo. "Wouldn't be
CVE-2022-50233Aug 9, 2025
affected < 5.14.21-150400.24.179.1.150400.24.92.1fixed 5.14.21-150400.24.179.1.150400.24.92.1
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: eir: Fix using strlen with hdev->{dev_name,short_name} Both dev_name and short_name are not guaranteed to be NULL terminated so this instead use strnlen and then attempt to determine if the resulting
CVE-2025-38498MedJul 30, 2025
affected < 5.14.21-150400.24.176.1.150400.24.90.1fixed 5.14.21-150400.24.176.1.150400.24.90.1
In the Linux kernel, the following vulnerability has been resolved: do_change_type(): refuse to operate on unmounted/not ours mounts Ensure that propagation settings can only be changed for mounts located in the caller's mount namespace. This change aligns permission checking w
CVE-2025-38477MedJul 28, 2025
affected < 5.14.21-150400.24.173.1.150400.24.88.1fixed 5.14.21-150400.24.173.1.150400.24.88.1
In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_qfq: Fix race condition on qfq_aggregate A race condition can occur when 'agg' is modified in qfq_change_agg (called during qfq_enqueue) while other threads access it concurrently. For example, q
CVE-2025-38470MedJul 28, 2025
affected < 5.14.21-150400.24.179.1.150400.24.92.1fixed 5.14.21-150400.24.179.1.150400.24.92.1
In the Linux kernel, the following vulnerability has been resolved: net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime Assuming the "rx-vlan-filter" feature is enabled on a net device, the 8021q module will automatically add or remove VLAN 0 when the
CVE-2025-38468MedJul 28, 2025
affected < 5.14.21-150400.24.173.1.150400.24.88.1fixed 5.14.21-150400.24.173.1.150400.24.88.1
In the Linux kernel, the following vulnerability has been resolved: net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree htb_lookup_leaf has a BUG_ON that can trigger with the following: tc qdisc del dev lo root tc qdisc add dev lo root handle 1: htb default
CVE-2025-38497Jul 28, 2025
affected < 5.14.21-150400.24.173.1.150400.24.88.1fixed 5.14.21-150400.24.173.1.150400.24.88.1
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: configfs: Fix OOB read on empty string write When writing an empty string to either 'qw_sign' or 'landingPage' sysfs attributes, the store functions attempt to access page[l - 1] before validating
CVE-2025-38495Jul 28, 2025
affected < 5.14.21-150400.24.173.1.150400.24.88.1fixed 5.14.21-150400.24.173.1.150400.24.88.1
In the Linux kernel, the following vulnerability has been resolved: HID: core: ensure the allocated report buffer can contain the reserved report ID When the report ID is not used, the low level transport drivers expect the first byte to be 0. However, currently the allocated b
CVE-2025-38494Jul 28, 2025
affected < 5.14.21-150400.24.173.1.150400.24.88.1fixed 5.14.21-150400.24.173.1.150400.24.88.1
In the Linux kernel, the following vulnerability has been resolved: HID: core: do not bypass hid_hw_raw_request hid_hw_raw_request() is actually useful to ensure the provided buffer and length are valid. Directly calling in the low level transport driver function bypassed those
CVE-2025-38488Jul 28, 2025
affected < 5.14.21-150400.24.179.1.150400.24.92.1fixed 5.14.21-150400.24.179.1.150400.24.92.1
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free in crypt_message when using async crypto The CVE-2024-50047 fix removed asynchronous crypto handling from crypt_message(), assuming all crypto operations are synchronous. However
CVE-2025-38476Jul 28, 2025
affected < 5.14.21-150400.24.179.1.150400.24.92.1fixed 5.14.21-150400.24.179.1.150400.24.92.1
In the Linux kernel, the following vulnerability has been resolved: rpl: Fix use-after-free in rpl_do_srh_inline(). Running lwt_dst_cache_ref_loop.sh in selftest with KASAN triggers the splat below [0]. rpl_do_srh_inline() fetches ipv6_hdr(skb) and accesses it after skb_cow_he
CVE-2025-38460Jul 25, 2025
affected < 5.14.21-150400.24.176.1.150400.24.90.1fixed 5.14.21-150400.24.176.1.150400.24.90.1
In the Linux kernel, the following vulnerability has been resolved: atm: clip: Fix potential null-ptr-deref in to_atmarpd(). atmarpd is protected by RTNL since commit f3a0592b37b8 ("[ATM]: clip causes unregister hang"). However, it is not enough because to_atmarpd() is called
CVE-2025-38352KEVJul 22, 2025
affected < 5.14.21-150400.24.176.1.150400.24.90.1fixed 5.14.21-150400.24.176.1.150400.24.90.1
In the Linux kernel, the following vulnerability has been resolved: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() If an exiting non-autoreaping task has already passed exit_notify() and calls handle_posix_cpu_timers() from IRQ, it can be
CVE-2025-38350HigJul 19, 2025
affected < 5.14.21-150400.24.173.1.150400.24.88.1fixed 5.14.21-150400.24.173.1.150400.24.88.1
In the Linux kernel, the following vulnerability has been resolved: net/sched: Always pass notifications when child class becomes empty Certain classful qdiscs may invoke their classes' dequeue handler on an enqueue operation. This may unexpectedly empty the child qdisc and thu
CVE-2025-38323Jul 10, 2025
affected < 5.14.21-150400.24.176.1.150400.24.90.1fixed 5.14.21-150400.24.176.1.150400.24.90.1
In the Linux kernel, the following vulnerability has been resolved: net: atm: add lec_mutex syzbot found its way in net/atm/lec.c, and found an error path in lecd_attach() could leave a dangling pointer in dev_lec[]. Add a mutex to protect dev_lecp[] uses from lecd_attach(), l
CVE-2025-38257Jul 9, 2025
affected < 5.14.21-150400.24.173.1.150400.24.88.1fixed 5.14.21-150400.24.173.1.150400.24.88.1
In the Linux kernel, the following vulnerability has been resolved: s390/pkey: Prevent overflow in size calculation for memdup_user() Number of apqn target list entries contained in 'nr_apqns' variable is determined by userspace via an ioctl call so the result of the product in
CVE-2025-38212HigJul 4, 2025
affected < 5.14.21-150400.24.173.1.150400.24.88.1fixed 5.14.21-150400.24.173.1.150400.24.88.1
In the Linux kernel, the following vulnerability has been resolved: ipc: fix to protect IPCS lookups using RCU syzbot reported that it discovered a use-after-free vulnerability, [0] [0]: https://lore.kernel.org/all/67af13f8.050a0220.21dd3.0038.GAE@google.com/ idr_for_each() i
CVE-2025-38206Jul 4, 2025
affected < 5.14.21-150400.24.173.1.150400.24.88.1fixed 5.14.21-150400.24.173.1.150400.24.88.1
In the Linux kernel, the following vulnerability has been resolved: exfat: fix double free in delayed_free The double free could happen in the following path. exfat_create_upcase_table() exfat_create_upcase_table() : return error exfat_free_upcase_table() : fre
CVE-2025-38200Jul 4, 2025
affected < 5.14.21-150400.24.173.1.150400.24.88.1fixed 5.14.21-150400.24.173.1.150400.24.88.1
In the Linux kernel, the following vulnerability has been resolved: i40e: fix MMIO write access to an invalid page in i40e_clear_hw When the device sends a specific input, an integer underflow can occur, leading to MMIO write access to an invalid page. Prevent the integer unde

Page 25 of 28