rpm package
suse/kernel-livepatch-SLE15-SP5_Update_25&distro=SUSE Linux Enterprise Live Patching 15 SP5
pkg:rpm/suse/kernel-livepatch-SLE15-SP5_Update_25&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP5
Vulnerabilities (633)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-38159 | Hig | 7.1 | < 15-150500.2.2 | 15-150500.2.2 | Jul 3, 2025 | In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds Set the size to 6 instead of 2, since 'para' array is passed to 'rtw_fw_bt_wifi_control(rtwdev, para[0], ¶[1])', which reads 5 bytes: | |
| CVE-2025-38083 | Med | 4.7 | < 4-150500.2.1 | 4-150500.2.1 | Jun 20, 2025 | In the Linux kernel, the following vulnerability has been resolved: net_sched: prio: fix a race in prio_tune() Gerrard Tai reported a race condition in PRIO, whenever SFQ perturb timer fires at the wrong time. The race is as follows: CPU 0 CPU | |
| CVE-2025-38079 | Hig | 7.8 | < 4-150500.2.1 | 4-150500.2.1 | Jun 18, 2025 | In the Linux kernel, the following vulnerability has been resolved: crypto: algif_hash - fix double free in hash_accept If accept(2) is called on socket type algif_hash with MSG_MORE flag set and crypto_ahash_import fails, sk2 is freed. However, it is also freed in af_alg_relea | |
| CVE-2025-38001 | Med | 5.5 | < 5-150500.2.1 | 5-150500.2.1 | Jun 6, 2025 | In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice Savino says: "We are writing to report that this recent patch (141d34391abbb315d68556b7c67ad97885407547) [1] can be bypassed, | |
| CVE-2025-38000 | Hig | 7.8 | < 5-150500.2.1 | 5-150500.2.1 | Jun 6, 2025 | In the Linux kernel, the following vulnerability has been resolved: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() When enqueuing the first packet to an HFSC class, hfsc_enqueue() calls the child qdisc's peek() operation before incrementing sch->q.qlen and | |
| CVE-2025-37890 | Hig | 7.8 | < 5-150500.2.1 | 5-150500.2.1 | May 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc As described in Gerrard's report [1], we have a UAF case when an hfsc class has a netem child qdisc. The crux of the issue is that hfs | |
| CVE-2025-23145 | Med | 5.5 | < 10-150500.2.1 | 10-150500.2.1 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: mptcp: fix NULL pointer in can_accept_new_subflow When testing valkey benchmark tool with MPTCP, the kernel panics in 'mptcp_can_accept_new_subflow' because subflow_req->msk is NULL. Call trace: mptcp_can_a | |
| CVE-2025-21999 | Hig | 7.8 | < 5-150500.2.1 | 5-150500.2.1 | Apr 3, 2025 | In the Linux kernel, the following vulnerability has been resolved: proc: fix UAF in proc_get_inode() Fix race between rmmod and /proc/XXX's inode instantiation. The bug is that pde->proc_ops don't belong to /proc, it belongs to a module, therefore dereferencing it after /proc | |
| CVE-2025-21971 | Med | 5.5 | < 8-150500.2.1 | 8-150500.2.1 | Apr 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: net_sched: Prevent creation of classes with TC_H_ROOT The function qdisc_tree_reduce_backlog() uses TC_H_ROOT as a termination condition when traversing up the qdisc tree to update parent backlog counters. Howe | |
| CVE-2023-53033 | Med | 5.5 | < 1-150500.11.3.1 | 1-150500.11.3.1 | Mar 27, 2025 | In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_payload: incorrect arithmetics when fetching VLAN header bits If the offset + length goes over the ethernet + vlan header, then the length is adjusted to copy the bytes that are within the bounda | |
| CVE-2023-53030 | Med | 5.5 | < 1-150500.11.3.1 | 1-150500.11.3.1 | Mar 27, 2025 | In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: Avoid use of GFP_KERNEL in atomic context Using GFP_KERNEL in preemption disable context, causing below warning when CONFIG_DEBUG_ATOMIC_SLEEP is enabled. [ 32.542271] BUG: sleeping function ca | |
| CVE-2023-53029 | Med | 5.5 | < 1-150500.11.3.1 | 1-150500.11.3.1 | Mar 27, 2025 | In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: Fix the use of GFP_KERNEL in atomic context on rt The commit 4af1b64f80fb ("octeontx2-pf: Fix lmtst ID used in aura free") uses the get/put_cpu() to protect the usage of percpu pointer in ->aura_f | |
| CVE-2023-53028 | Med | 5.5 | < 1-150500.11.3.1 | 1-150500.11.3.1 | Mar 27, 2025 | In the Linux kernel, the following vulnerability has been resolved: Revert "wifi: mac80211: fix memory leak in ieee80211_if_add()" This reverts commit 13e5afd3d773c6fc6ca2b89027befaaaa1ea7293. ieee80211_if_free() is already called from free_netdev(ndev) because ndev->priv_dest | |
| CVE-2023-53026 | Med | 5.5 | < 1-150500.11.3.1 | 1-150500.11.3.1 | Mar 27, 2025 | In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Fix ib block iterator counter overflow When registering a new DMA MR after selecting the best aligned page size for it, we iterate over the given sglist to split each entry to smaller, aligned to the | |
| CVE-2023-53024 | Hig | 7.1 | < 1-150500.11.3.1 | 1-150500.11.3.1 | Mar 27, 2025 | In the Linux kernel, the following vulnerability has been resolved: bpf: Fix pointer-leak due to insufficient speculative store bypass mitigation To mitigate Spectre v4, 2039f26f3aca ("bpf: Fix leakage due to insufficient speculative store bypass mitigation") inserts lfence ins | |
| CVE-2023-53023 | Hig | 7.8 | < 1-150500.11.3.1 | 1-150500.11.3.1 | Mar 27, 2025 | In the Linux kernel, the following vulnerability has been resolved: net: nfc: Fix use-after-free in local_cleanup() Fix a use-after-free that occurs in kfree_skb() called from local_cleanup(). This could happen when killing nfc daemon (e.g. neard) after detaching an nfc device. | |
| CVE-2023-53019 | Hig | 7.8 | < 1-150500.11.3.1 | 1-150500.11.3.1 | Mar 27, 2025 | In the Linux kernel, the following vulnerability has been resolved: net: mdio: validate parameter addr in mdiobus_get_phy() The caller may pass any value as addr, what may result in an out-of-bounds access to array mdio_map. One existing case is stmmac_init_phy() that may pass | |
| CVE-2023-53016 | Med | 5.5 | < 1-150500.11.3.1 | 1-150500.11.3.1 | Mar 27, 2025 | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix possible deadlock in rfcomm_sk_state_change syzbot reports a possible deadlock in rfcomm_sk_state_change [1]. While rfcomm_sock_connect acquires the sk lock and waits for the rfcomm lock, rfcomm_ | |
| CVE-2023-53015 | Med | 5.5 | < 1-150500.11.3.1 | 1-150500.11.3.1 | Mar 27, 2025 | In the Linux kernel, the following vulnerability has been resolved: HID: betop: check shape of output reports betopff_init() only checks the total sum of the report counts for each report field to be at least 4, but hid_betopff_play() expects 4 report fields. A device advertisi | |
| CVE-2023-53010 | Med | 5.5 | < 1-150500.11.3.1 | 1-150500.11.3.1 | Mar 27, 2025 | In the Linux kernel, the following vulnerability has been resolved: bnxt: Do not read past the end of test names Test names were being concatenated based on a offset beyond the end of the first name, which tripped the buffer overflow detection logic: detected buffer overflow |
- affected < 15-150500.2.2fixed 15-150500.2.2
In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds Set the size to 6 instead of 2, since 'para' array is passed to 'rtw_fw_bt_wifi_control(rtwdev, para[0], ¶[1])', which reads 5 bytes:
- affected < 4-150500.2.1fixed 4-150500.2.1
In the Linux kernel, the following vulnerability has been resolved: net_sched: prio: fix a race in prio_tune() Gerrard Tai reported a race condition in PRIO, whenever SFQ perturb timer fires at the wrong time. The race is as follows: CPU 0 CPU
- affected < 4-150500.2.1fixed 4-150500.2.1
In the Linux kernel, the following vulnerability has been resolved: crypto: algif_hash - fix double free in hash_accept If accept(2) is called on socket type algif_hash with MSG_MORE flag set and crypto_ahash_import fails, sk2 is freed. However, it is also freed in af_alg_relea
- affected < 5-150500.2.1fixed 5-150500.2.1
In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice Savino says: "We are writing to report that this recent patch (141d34391abbb315d68556b7c67ad97885407547) [1] can be bypassed,
- affected < 5-150500.2.1fixed 5-150500.2.1
In the Linux kernel, the following vulnerability has been resolved: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() When enqueuing the first packet to an HFSC class, hfsc_enqueue() calls the child qdisc's peek() operation before incrementing sch->q.qlen and
- affected < 5-150500.2.1fixed 5-150500.2.1
In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc As described in Gerrard's report [1], we have a UAF case when an hfsc class has a netem child qdisc. The crux of the issue is that hfs
- affected < 10-150500.2.1fixed 10-150500.2.1
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix NULL pointer in can_accept_new_subflow When testing valkey benchmark tool with MPTCP, the kernel panics in 'mptcp_can_accept_new_subflow' because subflow_req->msk is NULL. Call trace: mptcp_can_a
- affected < 5-150500.2.1fixed 5-150500.2.1
In the Linux kernel, the following vulnerability has been resolved: proc: fix UAF in proc_get_inode() Fix race between rmmod and /proc/XXX's inode instantiation. The bug is that pde->proc_ops don't belong to /proc, it belongs to a module, therefore dereferencing it after /proc
- affected < 8-150500.2.1fixed 8-150500.2.1
In the Linux kernel, the following vulnerability has been resolved: net_sched: Prevent creation of classes with TC_H_ROOT The function qdisc_tree_reduce_backlog() uses TC_H_ROOT as a termination condition when traversing up the qdisc tree to update parent backlog counters. Howe
- affected < 1-150500.11.3.1fixed 1-150500.11.3.1
In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_payload: incorrect arithmetics when fetching VLAN header bits If the offset + length goes over the ethernet + vlan header, then the length is adjusted to copy the bytes that are within the bounda
- affected < 1-150500.11.3.1fixed 1-150500.11.3.1
In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: Avoid use of GFP_KERNEL in atomic context Using GFP_KERNEL in preemption disable context, causing below warning when CONFIG_DEBUG_ATOMIC_SLEEP is enabled. [ 32.542271] BUG: sleeping function ca
- affected < 1-150500.11.3.1fixed 1-150500.11.3.1
In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: Fix the use of GFP_KERNEL in atomic context on rt The commit 4af1b64f80fb ("octeontx2-pf: Fix lmtst ID used in aura free") uses the get/put_cpu() to protect the usage of percpu pointer in ->aura_f
- affected < 1-150500.11.3.1fixed 1-150500.11.3.1
In the Linux kernel, the following vulnerability has been resolved: Revert "wifi: mac80211: fix memory leak in ieee80211_if_add()" This reverts commit 13e5afd3d773c6fc6ca2b89027befaaaa1ea7293. ieee80211_if_free() is already called from free_netdev(ndev) because ndev->priv_dest
- affected < 1-150500.11.3.1fixed 1-150500.11.3.1
In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Fix ib block iterator counter overflow When registering a new DMA MR after selecting the best aligned page size for it, we iterate over the given sglist to split each entry to smaller, aligned to the
- affected < 1-150500.11.3.1fixed 1-150500.11.3.1
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix pointer-leak due to insufficient speculative store bypass mitigation To mitigate Spectre v4, 2039f26f3aca ("bpf: Fix leakage due to insufficient speculative store bypass mitigation") inserts lfence ins
- affected < 1-150500.11.3.1fixed 1-150500.11.3.1
In the Linux kernel, the following vulnerability has been resolved: net: nfc: Fix use-after-free in local_cleanup() Fix a use-after-free that occurs in kfree_skb() called from local_cleanup(). This could happen when killing nfc daemon (e.g. neard) after detaching an nfc device.
- affected < 1-150500.11.3.1fixed 1-150500.11.3.1
In the Linux kernel, the following vulnerability has been resolved: net: mdio: validate parameter addr in mdiobus_get_phy() The caller may pass any value as addr, what may result in an out-of-bounds access to array mdio_map. One existing case is stmmac_init_phy() that may pass
- affected < 1-150500.11.3.1fixed 1-150500.11.3.1
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix possible deadlock in rfcomm_sk_state_change syzbot reports a possible deadlock in rfcomm_sk_state_change [1]. While rfcomm_sock_connect acquires the sk lock and waits for the rfcomm lock, rfcomm_
- affected < 1-150500.11.3.1fixed 1-150500.11.3.1
In the Linux kernel, the following vulnerability has been resolved: HID: betop: check shape of output reports betopff_init() only checks the total sum of the report counts for each report field to be at least 4, but hid_betopff_play() expects 4 report fields. A device advertisi
- affected < 1-150500.11.3.1fixed 1-150500.11.3.1
In the Linux kernel, the following vulnerability has been resolved: bnxt: Do not read past the end of test names Test names were being concatenated based on a offset beyond the end of the first name, which tripped the buffer overflow detection logic: detected buffer overflow
Page 2 of 32