rpm package

suse/kernel-livepatch-MICRO-6-0_Update_6&distro=SUSE Linux Micro 6.1

pkg:rpm/suse/kernel-livepatch-MICRO-6-0_Update_6&distro=SUSE%20Linux%20Micro%206.1

Vulnerabilities (409)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2025-21669	Med	5.5	< 1-3.1	1-3.1	Jan 31, 2025	In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: discard packets if the transport changes If the socket has been de-assigned or assigned to another transport, we must discard any packets received because they are not expected and would cause iss
CVE-2025-21666	Med	5.5	< 1-3.1	1-3.1	Jan 31, 2025	In the Linux kernel, the following vulnerability has been resolved: vsock: prevent null-ptr-deref in vsock_[has_data\|has_space] Recent reports have shown how we sometimes call vsock__has_data() when a vsock socket has been de-assigned from a transport (see attached links), bu
CVE-2024-57948	Med	5.5	< 1-3.1	1-3.1	Jan 31, 2025	In the Linux kernel, the following vulnerability has been resolved: mac802154: check local interfaces before deleting sdata list syzkaller reported a corrupted list in ieee802154_if_remove. [1] Remove an IEEE 802.15.4 network interface after unregister an IEEE 802.15.4 hardwar
CVE-2025-21681		—	< 1-3.1	1-3.1	Jan 31, 2025	In the Linux kernel, the following vulnerability has been resolved: openvswitch: fix lockup on tx to unregistering netdev with carrier Commit in a fixes tag attempted to fix the issue in the following sequence of calls: do_output -> ovs_vport_send -> dev_queue_x
CVE-2025-21680		—	< 1-3.1	1-3.1	Jan 31, 2025	In the Linux kernel, the following vulnerability has been resolved: pktgen: Avoid out-of-bounds access in get_imix_entries Passing a sufficient amount of imix entries leads to invalid access to the pkt_dev->imix_entries array because of the incorrect boundary check. UBSAN: arr
CVE-2025-21675		—	< 1-3.1	1-3.1	Jan 31, 2025	In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Clear port select structure when fail to create Clear the port select structure on error so no stale values left after definers are destroyed. That's because the mlx5_lag_destroy_definers() always try
CVE-2025-21673		—	< 1-3.1	1-3.1	Jan 31, 2025	In the Linux kernel, the following vulnerability has been resolved: smb: client: fix double free of TCP_Server_Info::hostname When shutting down the server in cifs_put_tcp_session(), cifsd thread might be reconnecting to multiple DFS targets before it realizes it should exit th
CVE-2025-21671		—	< 1-3.1	1-3.1	Jan 31, 2025	In the Linux kernel, the following vulnerability has been resolved: zram: fix potential UAF of zram table If zram_meta_alloc failed early, it frees allocated zram->table without setting it NULL. Which will potentially cause zram_meta_free to access the table if user reset an f
CVE-2025-21670		—	< 1-3.1	1-3.1	Jan 31, 2025	In the Linux kernel, the following vulnerability has been resolved: vsock/bpf: return early if transport is not assigned Some of the core functions can only be called if the transport has been assigned. As Michal reported, a socket might have the transport at NULL, for example
CVE-2025-21668		—	< 1-3.1	1-3.1	Jan 31, 2025	In the Linux kernel, the following vulnerability has been resolved: pmdomain: imx8mp-blk-ctrl: add missing loop break condition Currently imx8mp_blk_ctrl_remove() will continue the for loop until an out-of-bounds exception occurs. pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DI
CVE-2025-21667		—	< 1-3.1	1-3.1	Jan 31, 2025	In the Linux kernel, the following vulnerability has been resolved: iomap: avoid avoid truncating 64-bit offset to 32 bits on 32-bit kernels, iomap_write_delalloc_scan() was inadvertently using a 32-bit position due to folio_next_index() returning an unsigned long. This could l
CVE-2025-21665		—	< 1-3.1	1-3.1	Jan 31, 2025	In the Linux kernel, the following vulnerability has been resolved: filemap: avoid truncating 64-bit offset to 32 bits On 32-bit kernels, folio_seek_hole_data() was inadvertently truncating a 64-bit value to 32 bits, leading to a possible infinite loop when writing to an xfs fi
CVE-2024-57947		—	< 1-3.1	1-3.1	Jan 23, 2025	In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_set_pipapo: fix initial map fill The initial buffer has to be inited to all-ones, but it must restrict it to the size of the first field, not the total field size. After each round in the map sea
CVE-2025-21659		—	< 1-3.1	1-3.1	Jan 21, 2025	In the Linux kernel, the following vulnerability has been resolved: netdev: prevent accessing NAPI instances from another namespace The NAPI IDs were not fully exposed to user space prior to the netlink API, so they were never namespaced. The netlink API must ensure that at the
CVE-2025-21647	Hig	7.1	< 1-3.1	1-3.1	Jan 19, 2025	In the Linux kernel, the following vulnerability has been resolved: sched: sch_cake: add bounds checks to host bulk flow fairness counts Even though we fixed a logic error in the commit cited below, syzbot still managed to trigger an underflow of the per-host bulk flow counters
CVE-2025-21640	Med	5.5	< 1-3.1	1-3.1	Jan 19, 2025	In the Linux kernel, the following vulnerability has been resolved: sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy As mentioned in a previous commit of this series, using the 'net' structure via 'current' is not recommended for different reasons: - Inconsistency:
CVE-2025-21639	Med	5.5	< 1-3.1	1-3.1	Jan 19, 2025	In the Linux kernel, the following vulnerability has been resolved: sctp: sysctl: rto_min/max: avoid using current->nsproxy As mentioned in a previous commit of this series, using the 'net' structure via 'current' is not recommended for different reasons: - Inconsistency: gett
CVE-2025-21638	Med	5.5	< 1-3.1	1-3.1	Jan 19, 2025	In the Linux kernel, the following vulnerability has been resolved: sctp: sysctl: auth_enable: avoid using current->nsproxy As mentioned in a previous commit of this series, using the 'net' structure via 'current' is not recommended for different reasons: - Inconsistency: gett
CVE-2025-21637		—	< 1-3.1	1-3.1	Jan 19, 2025	In the Linux kernel, the following vulnerability has been resolved: sctp: sysctl: udp_port: avoid using current->nsproxy As mentioned in a previous commit of this series, using the 'net' structure via 'current' is not recommended for different reasons: - Inconsistency: getting
CVE-2025-21636		—	< 1-3.1	1-3.1	Jan 19, 2025	In the Linux kernel, the following vulnerability has been resolved: sctp: sysctl: plpmtud_probe_interval: avoid using current->nsproxy As mentioned in a previous commit of this series, using the 'net' structure via 'current' is not recommended for different reasons: - Inconsis

CVE-2025-21669MedJan 31, 2025
affected < 1-3.1fixed 1-3.1
In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: discard packets if the transport changes If the socket has been de-assigned or assigned to another transport, we must discard any packets received because they are not expected and would cause iss
CVE-2025-21666MedJan 31, 2025
affected < 1-3.1fixed 1-3.1
In the Linux kernel, the following vulnerability has been resolved: vsock: prevent null-ptr-deref in vsock_*[has_data|has_space] Recent reports have shown how we sometimes call vsock_*_has_data() when a vsock socket has been de-assigned from a transport (see attached links), bu
CVE-2024-57948MedJan 31, 2025
affected < 1-3.1fixed 1-3.1
In the Linux kernel, the following vulnerability has been resolved: mac802154: check local interfaces before deleting sdata list syzkaller reported a corrupted list in ieee802154_if_remove. [1] Remove an IEEE 802.15.4 network interface after unregister an IEEE 802.15.4 hardwar
CVE-2025-21681Jan 31, 2025
affected < 1-3.1fixed 1-3.1
In the Linux kernel, the following vulnerability has been resolved: openvswitch: fix lockup on tx to unregistering netdev with carrier Commit in a fixes tag attempted to fix the issue in the following sequence of calls: do_output -> ovs_vport_send -> dev_queue_x
CVE-2025-21680Jan 31, 2025
affected < 1-3.1fixed 1-3.1
In the Linux kernel, the following vulnerability has been resolved: pktgen: Avoid out-of-bounds access in get_imix_entries Passing a sufficient amount of imix entries leads to invalid access to the pkt_dev->imix_entries array because of the incorrect boundary check. UBSAN: arr
CVE-2025-21675Jan 31, 2025
affected < 1-3.1fixed 1-3.1
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Clear port select structure when fail to create Clear the port select structure on error so no stale values left after definers are destroyed. That's because the mlx5_lag_destroy_definers() always try
CVE-2025-21673Jan 31, 2025
affected < 1-3.1fixed 1-3.1
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix double free of TCP_Server_Info::hostname When shutting down the server in cifs_put_tcp_session(), cifsd thread might be reconnecting to multiple DFS targets before it realizes it should exit th
CVE-2025-21671Jan 31, 2025
affected < 1-3.1fixed 1-3.1
In the Linux kernel, the following vulnerability has been resolved: zram: fix potential UAF of zram table If zram_meta_alloc failed early, it frees allocated zram->table without setting it NULL. Which will potentially cause zram_meta_free to access the table if user reset an f
CVE-2025-21670Jan 31, 2025
affected < 1-3.1fixed 1-3.1
In the Linux kernel, the following vulnerability has been resolved: vsock/bpf: return early if transport is not assigned Some of the core functions can only be called if the transport has been assigned. As Michal reported, a socket might have the transport at NULL, for example
CVE-2025-21668Jan 31, 2025
affected < 1-3.1fixed 1-3.1
In the Linux kernel, the following vulnerability has been resolved: pmdomain: imx8mp-blk-ctrl: add missing loop break condition Currently imx8mp_blk_ctrl_remove() will continue the for loop until an out-of-bounds exception occurs. pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DI
CVE-2025-21667Jan 31, 2025
affected < 1-3.1fixed 1-3.1
In the Linux kernel, the following vulnerability has been resolved: iomap: avoid avoid truncating 64-bit offset to 32 bits on 32-bit kernels, iomap_write_delalloc_scan() was inadvertently using a 32-bit position due to folio_next_index() returning an unsigned long. This could l
CVE-2025-21665Jan 31, 2025
affected < 1-3.1fixed 1-3.1
In the Linux kernel, the following vulnerability has been resolved: filemap: avoid truncating 64-bit offset to 32 bits On 32-bit kernels, folio_seek_hole_data() was inadvertently truncating a 64-bit value to 32 bits, leading to a possible infinite loop when writing to an xfs fi
CVE-2024-57947Jan 23, 2025
affected < 1-3.1fixed 1-3.1
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_set_pipapo: fix initial map fill The initial buffer has to be inited to all-ones, but it must restrict it to the size of the first field, not the total field size. After each round in the map sea
CVE-2025-21659Jan 21, 2025
affected < 1-3.1fixed 1-3.1
In the Linux kernel, the following vulnerability has been resolved: netdev: prevent accessing NAPI instances from another namespace The NAPI IDs were not fully exposed to user space prior to the netlink API, so they were never namespaced. The netlink API must ensure that at the
CVE-2025-21647HigJan 19, 2025
affected < 1-3.1fixed 1-3.1
In the Linux kernel, the following vulnerability has been resolved: sched: sch_cake: add bounds checks to host bulk flow fairness counts Even though we fixed a logic error in the commit cited below, syzbot still managed to trigger an underflow of the per-host bulk flow counters
CVE-2025-21640MedJan 19, 2025
affected < 1-3.1fixed 1-3.1
In the Linux kernel, the following vulnerability has been resolved: sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy As mentioned in a previous commit of this series, using the 'net' structure via 'current' is not recommended for different reasons: - Inconsistency:
CVE-2025-21639MedJan 19, 2025
affected < 1-3.1fixed 1-3.1
In the Linux kernel, the following vulnerability has been resolved: sctp: sysctl: rto_min/max: avoid using current->nsproxy As mentioned in a previous commit of this series, using the 'net' structure via 'current' is not recommended for different reasons: - Inconsistency: gett
CVE-2025-21638MedJan 19, 2025
affected < 1-3.1fixed 1-3.1
In the Linux kernel, the following vulnerability has been resolved: sctp: sysctl: auth_enable: avoid using current->nsproxy As mentioned in a previous commit of this series, using the 'net' structure via 'current' is not recommended for different reasons: - Inconsistency: gett
CVE-2025-21637Jan 19, 2025
affected < 1-3.1fixed 1-3.1
In the Linux kernel, the following vulnerability has been resolved: sctp: sysctl: udp_port: avoid using current->nsproxy As mentioned in a previous commit of this series, using the 'net' structure via 'current' is not recommended for different reasons: - Inconsistency: getting
CVE-2025-21636Jan 19, 2025
affected < 1-3.1fixed 1-3.1
In the Linux kernel, the following vulnerability has been resolved: sctp: sysctl: plpmtud_probe_interval: avoid using current->nsproxy As mentioned in a previous commit of this series, using the 'net' structure via 'current' is not recommended for different reasons: - Inconsis

Page 16 of 21