rpm package
suse/kernel-livepatch-SLE15-SP3_Update_61&distro=SUSE Linux Enterprise Live Patching 15 SP3
pkg:rpm/suse/kernel-livepatch-SLE15-SP3_Update_61&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP3
Vulnerabilities (28)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-50252 | — | < 2-150300.2.1 | 2-150300.2.1 | Sep 15, 2025 | In the Linux kernel, the following vulnerability has been resolved: igb: Do not free q_vector unless new one was allocated Avoid potential use-after-free condition under memory pressure. If the kzalloc() fails, q_vector will be freed but left in the original adapter->q_vector[v | ||
| CVE-2022-50248 | — | < 2-150300.2.1 | 2-150300.2.1 | Sep 15, 2025 | In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: fix double free on tx path. We see kernel crashes and lockups and KASAN errors related to ax210 firmware crashes. One of the KASAN dumps pointed at the tx path, and it appears there is inde | ||
| CVE-2025-38664 | — | < 2-150300.2.1 | 2-150300.2.1 | Aug 22, 2025 | In the Linux kernel, the following vulnerability has been resolved: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() Add check for the return value of devm_kmemdup() to prevent potential null pointer dereference. | ||
| CVE-2025-38644 | — | < 1-150300.7.3.1 | 1-150300.7.3.1 | Aug 22, 2025 | In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: reject TDLS operations when station is not associated syzbot triggered a WARN in ieee80211_tdls_oper() by sending NL80211_TDLS_ENABLE_LINK immediately after NL80211_CMD_CONNECT, before associati | ||
| CVE-2025-38618 | — | < 1-150300.7.3.1 | 1-150300.7.3.1 | Aug 22, 2025 | In the Linux kernel, the following vulnerability has been resolved: vsock: Do not allow binding to VMADDR_PORT_ANY It is possible for a vsock to autobind to VMADDR_PORT_ANY. This can cause a use-after-free when a connection is made to the bound socket. The socket returned by ac | ||
| CVE-2025-38617 | — | < 1-150300.7.3.1 | 1-150300.7.3.1 | Aug 22, 2025 | In the Linux kernel, the following vulnerability has been resolved: net/packet: fix a race in packet_set_ring() and packet_notifier() When packet_set_ring() releases po->bind_lock, another thread can run packet_notifier() and process an NETDEV_UP event. This race and the fix a | ||
| CVE-2024-58239 | — | < 1-150300.7.3.1 | 1-150300.7.3.1 | Aug 22, 2025 | In the Linux kernel, the following vulnerability has been resolved: tls: stop recv() if initial process_rx_list gave us non-DATA If we have a non-DATA record on the rx_list and another record of the same type still on the queue, we will end up merging them: - process_rx_list c | ||
| CVE-2025-38608 | — | < 1-150300.7.3.1 | 1-150300.7.3.1 | Aug 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls When sending plaintext data, we initially calculated the corresponding ciphertext length. However, if we later reduced the plaintext data len | ||
| CVE-2025-38563 | — | < 1-150300.7.3.1 | 1-150300.7.3.1 | Aug 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: perf/core: Prevent VMA split of buffer mappings The perf mmap code is careful about mmap()'ing the user page with the ringbuffer and additionally the auxiliary buffer, when the event supports it. Once the first | ||
| CVE-2025-38546 | — | < 1-150300.7.3.1 | 1-150300.7.3.1 | Aug 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: atm: clip: Fix memory leak of struct clip_vcc. ioctl(ATMARP_MKIP) allocates struct clip_vcc and set it to vcc->user_back. The code assumes that vcc_destroy_socket() passes NULL skb to vcc->push() when the sock | ||
| CVE-2025-38499 | Med | 5.5 | < 1-150300.7.3.1 | 1-150300.7.3.1 | Aug 11, 2025 | In the Linux kernel, the following vulnerability has been resolved: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns What we want is to verify there is that clone won't expose something hidden by a mount we wouldn't be able to undo. "Wouldn't be | |
| CVE-2025-38498 | Med | 5.5 | < 1-150300.7.3.1 | 1-150300.7.3.1 | Jul 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: do_change_type(): refuse to operate on unmounted/not ours mounts Ensure that propagation settings can only be changed for mounts located in the caller's mount namespace. This change aligns permission checking w | |
| CVE-2025-38477 | Med | 4.7 | < 1-150300.7.3.1 | 1-150300.7.3.1 | Jul 28, 2025 | In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_qfq: Fix race condition on qfq_aggregate A race condition can occur when 'agg' is modified in qfq_change_agg (called during qfq_enqueue) while other threads access it concurrently. For example, q | |
| CVE-2025-38468 | Med | 5.5 | < 1-150300.7.3.1 | 1-150300.7.3.1 | Jul 28, 2025 | In the Linux kernel, the following vulnerability has been resolved: net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree htb_lookup_leaf has a BUG_ON that can trigger with the following: tc qdisc del dev lo root tc qdisc add dev lo root handle 1: htb default | |
| CVE-2025-38460 | — | < 1-150300.7.3.1 | 1-150300.7.3.1 | Jul 25, 2025 | In the Linux kernel, the following vulnerability has been resolved: atm: clip: Fix potential null-ptr-deref in to_atmarpd(). atmarpd is protected by RTNL since commit f3a0592b37b8 ("[ATM]: clip causes unregister hang"). However, it is not enough because to_atmarpd() is called | ||
| CVE-2025-38352 | — | KEV | < 1-150300.7.3.1 | 1-150300.7.3.1 | Jul 22, 2025 | In the Linux kernel, the following vulnerability has been resolved: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() If an exiting non-autoreaping task has already passed exit_notify() and calls handle_posix_cpu_timers() from IRQ, it can be | |
| CVE-2025-38350 | Hig | 7.8 | < 1-150300.7.3.1 | 1-150300.7.3.1 | Jul 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: net/sched: Always pass notifications when child class becomes empty Certain classful qdiscs may invoke their classes' dequeue handler on an enqueue operation. This may unexpectedly empty the child qdisc and thu | |
| CVE-2025-38323 | — | < 1-150300.7.3.1 | 1-150300.7.3.1 | Jul 10, 2025 | In the Linux kernel, the following vulnerability has been resolved: net: atm: add lec_mutex syzbot found its way in net/atm/lec.c, and found an error path in lecd_attach() could leave a dangling pointer in dev_lec[]. Add a mutex to protect dev_lecp[] uses from lecd_attach(), l | ||
| CVE-2025-38206 | — | < 1-150300.7.3.1 | 1-150300.7.3.1 | Jul 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: exfat: fix double free in delayed_free The double free could happen in the following path. exfat_create_upcase_table() exfat_create_upcase_table() : return error exfat_free_upcase_table() : fre | ||
| CVE-2025-38180 | — | < 1-150300.7.3.1 | 1-150300.7.3.1 | Jul 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: net: atm: fix /proc/net/atm/lec handling /proc/net/atm/lec must ensure safety against dev_lec[] changes. It appears it had dev_put() calls without prior dev_hold(), leading to imbalance and UAF. |
- CVE-2022-50252Sep 15, 2025affected < 2-150300.2.1fixed 2-150300.2.1
In the Linux kernel, the following vulnerability has been resolved: igb: Do not free q_vector unless new one was allocated Avoid potential use-after-free condition under memory pressure. If the kzalloc() fails, q_vector will be freed but left in the original adapter->q_vector[v
- CVE-2022-50248Sep 15, 2025affected < 2-150300.2.1fixed 2-150300.2.1
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: fix double free on tx path. We see kernel crashes and lockups and KASAN errors related to ax210 firmware crashes. One of the KASAN dumps pointed at the tx path, and it appears there is inde
- CVE-2025-38664Aug 22, 2025affected < 2-150300.2.1fixed 2-150300.2.1
In the Linux kernel, the following vulnerability has been resolved: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() Add check for the return value of devm_kmemdup() to prevent potential null pointer dereference.
- CVE-2025-38644Aug 22, 2025affected < 1-150300.7.3.1fixed 1-150300.7.3.1
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: reject TDLS operations when station is not associated syzbot triggered a WARN in ieee80211_tdls_oper() by sending NL80211_TDLS_ENABLE_LINK immediately after NL80211_CMD_CONNECT, before associati
- CVE-2025-38618Aug 22, 2025affected < 1-150300.7.3.1fixed 1-150300.7.3.1
In the Linux kernel, the following vulnerability has been resolved: vsock: Do not allow binding to VMADDR_PORT_ANY It is possible for a vsock to autobind to VMADDR_PORT_ANY. This can cause a use-after-free when a connection is made to the bound socket. The socket returned by ac
- CVE-2025-38617Aug 22, 2025affected < 1-150300.7.3.1fixed 1-150300.7.3.1
In the Linux kernel, the following vulnerability has been resolved: net/packet: fix a race in packet_set_ring() and packet_notifier() When packet_set_ring() releases po->bind_lock, another thread can run packet_notifier() and process an NETDEV_UP event. This race and the fix a
- CVE-2024-58239Aug 22, 2025affected < 1-150300.7.3.1fixed 1-150300.7.3.1
In the Linux kernel, the following vulnerability has been resolved: tls: stop recv() if initial process_rx_list gave us non-DATA If we have a non-DATA record on the rx_list and another record of the same type still on the queue, we will end up merging them: - process_rx_list c
- CVE-2025-38608Aug 19, 2025affected < 1-150300.7.3.1fixed 1-150300.7.3.1
In the Linux kernel, the following vulnerability has been resolved: bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls When sending plaintext data, we initially calculated the corresponding ciphertext length. However, if we later reduced the plaintext data len
- CVE-2025-38563Aug 19, 2025affected < 1-150300.7.3.1fixed 1-150300.7.3.1
In the Linux kernel, the following vulnerability has been resolved: perf/core: Prevent VMA split of buffer mappings The perf mmap code is careful about mmap()'ing the user page with the ringbuffer and additionally the auxiliary buffer, when the event supports it. Once the first
- CVE-2025-38546Aug 16, 2025affected < 1-150300.7.3.1fixed 1-150300.7.3.1
In the Linux kernel, the following vulnerability has been resolved: atm: clip: Fix memory leak of struct clip_vcc. ioctl(ATMARP_MKIP) allocates struct clip_vcc and set it to vcc->user_back. The code assumes that vcc_destroy_socket() passes NULL skb to vcc->push() when the sock
- affected < 1-150300.7.3.1fixed 1-150300.7.3.1
In the Linux kernel, the following vulnerability has been resolved: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns What we want is to verify there is that clone won't expose something hidden by a mount we wouldn't be able to undo. "Wouldn't be
- affected < 1-150300.7.3.1fixed 1-150300.7.3.1
In the Linux kernel, the following vulnerability has been resolved: do_change_type(): refuse to operate on unmounted/not ours mounts Ensure that propagation settings can only be changed for mounts located in the caller's mount namespace. This change aligns permission checking w
- affected < 1-150300.7.3.1fixed 1-150300.7.3.1
In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_qfq: Fix race condition on qfq_aggregate A race condition can occur when 'agg' is modified in qfq_change_agg (called during qfq_enqueue) while other threads access it concurrently. For example, q
- affected < 1-150300.7.3.1fixed 1-150300.7.3.1
In the Linux kernel, the following vulnerability has been resolved: net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree htb_lookup_leaf has a BUG_ON that can trigger with the following: tc qdisc del dev lo root tc qdisc add dev lo root handle 1: htb default
- CVE-2025-38460Jul 25, 2025affected < 1-150300.7.3.1fixed 1-150300.7.3.1
In the Linux kernel, the following vulnerability has been resolved: atm: clip: Fix potential null-ptr-deref in to_atmarpd(). atmarpd is protected by RTNL since commit f3a0592b37b8 ("[ATM]: clip causes unregister hang"). However, it is not enough because to_atmarpd() is called
- affected < 1-150300.7.3.1fixed 1-150300.7.3.1
In the Linux kernel, the following vulnerability has been resolved: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() If an exiting non-autoreaping task has already passed exit_notify() and calls handle_posix_cpu_timers() from IRQ, it can be
- affected < 1-150300.7.3.1fixed 1-150300.7.3.1
In the Linux kernel, the following vulnerability has been resolved: net/sched: Always pass notifications when child class becomes empty Certain classful qdiscs may invoke their classes' dequeue handler on an enqueue operation. This may unexpectedly empty the child qdisc and thu
- CVE-2025-38323Jul 10, 2025affected < 1-150300.7.3.1fixed 1-150300.7.3.1
In the Linux kernel, the following vulnerability has been resolved: net: atm: add lec_mutex syzbot found its way in net/atm/lec.c, and found an error path in lecd_attach() could leave a dangling pointer in dev_lec[]. Add a mutex to protect dev_lecp[] uses from lecd_attach(), l
- CVE-2025-38206Jul 4, 2025affected < 1-150300.7.3.1fixed 1-150300.7.3.1
In the Linux kernel, the following vulnerability has been resolved: exfat: fix double free in delayed_free The double free could happen in the following path. exfat_create_upcase_table() exfat_create_upcase_table() : return error exfat_free_upcase_table() : fre
- CVE-2025-38180Jul 4, 2025affected < 1-150300.7.3.1fixed 1-150300.7.3.1
In the Linux kernel, the following vulnerability has been resolved: net: atm: fix /proc/net/atm/lec handling /proc/net/atm/lec must ensure safety against dev_lec[] changes. It appears it had dev_put() calls without prior dev_hold(), leading to imbalance and UAF.
Page 1 of 2