VYPR

rpm package

suse/kernel-livepatch-SLE15-SP5_Update_30&distro=SUSE Linux Enterprise Live Patching 15 SP5

pkg:rpm/suse/kernel-livepatch-SLE15-SP5_Update_30&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP5

Vulnerabilities (59)

  • CVE-2026-46323HigJun 9, 2026
    affected < 14-150500.2.1fixed 14-150500.2.1

    In the Linux kernel, the following vulnerability has been resolved: net: gro: don't merge zcopy skbs skb_gro_receive() can currently copy frags between the source and GRO skb, without checking the zerocopy status, and in particular the SKBFL_MANAGED_FRAG_REFS flag. When SKBFL_

  • CVE-2026-43503HigMay 23, 2026
    affected < 14-150500.2.1fixed 14-150500.2.1

    In the Linux kernel, the following vulnerability has been resolved: net: skbuff: propagate shared-frag marker through frag-transfer helpers Two frag-transfer helpers (__pskb_copy_fclone() and skb_shift()) fail to propagate the SKBFL_SHARED_FRAG bit in skb_shinfo()->flags when m

  • CVE-2026-31694HigMay 1, 2026
    affected < 14-150500.2.1fixed 14-150500.2.1

    In the Linux kernel, the following vulnerability has been resolved: fuse: reject oversized dirents in page cache fuse_add_dirent_to_cache() computes a serialized dirent size from the server-controlled namelen field and copies the dirent into a single page-cache page. The existi

  • CVE-2026-31504HigApr 22, 2026
    affected < 14-150500.2.1fixed 14-150500.2.1

    In the Linux kernel, the following vulnerability has been resolved: net: fix fanout UAF in packet_release() via NETDEV_UP race `packet_release()` has a race window where `NETDEV_UP` can re-register a socket into a fanout group's `arr[]` array. The re-registration is not cleaned

  • CVE-2026-31402CriApr 3, 2026
    affected < 14-150500.2.1fixed 14-150500.2.1

    In the Linux kernel, the following vulnerability has been resolved: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache The NFSv4.0 replay cache uses a fixed 112-byte inline buffer (rp_ibuf[NFSD4_REPLAY_ISIZE]) to store encoded operation responses. This size was calculated bas

  • CVE-2026-23209HigFeb 14, 2026
    affected < 9-150500.2.1fixed 9-150500.2.1

    In the Linux kernel, the following vulnerability has been resolved: macvlan: fix error recovery in macvlan_common_newlink() valis provided a nice repro to crash the kernel: ip link add p1 type veth peer p2 ip link set address 00:00:00:00:00:20 dev p1 ip link set up dev p1 ip l

  • CVE-2026-23074HigFeb 4, 2026
    affected < 9-150500.2.1fixed 9-150500.2.1

    In the Linux kernel, the following vulnerability has been resolved: net/sched: Enforce that teql can only be used as root qdisc Design intent of teql is that it is only supposed to be used as root qdisc. We need to check for that constraint. Although not important, I will desc

  • CVE-2026-22999HigJan 25, 2026
    affected < 9-150500.2.1fixed 9-150500.2.1

    In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_qfq: do not free existing class in qfq_change_class() Fixes qfq_change_class() error case. cl->qdisc and cl should only be freed if a new class and qdisc were allocated, or we risk various UAF.

  • CVE-2025-71120Jan 14, 2026
    affected < 9-150500.2.1fixed 9-150500.2.1

    In the Linux kernel, the following vulnerability has been resolved: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf A zero length gss_token results in pages == 0 and in_token->pages[0] is NULL. The code unconditionally evaluates page_addres

  • CVE-2025-40204Nov 12, 2025
    affected < 5-150500.2.1fixed 5-150500.2.1

    In the Linux kernel, the following vulnerability has been resolved: sctp: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this.

  • CVE-2025-40018Oct 24, 2025
    affected < 9-150500.2.1fixed 9-150500.2.1

    In the Linux kernel, the following vulnerability has been resolved: ipvs: Defer ip_vs_ftp unregister during netns cleanup On the netns cleanup path, __ip_vs_ftp_exit() may unregister ip_vs_ftp before connections with valid cp->app pointers are flushed, leading to a use-after-fr

  • CVE-2025-39973Oct 15, 2025
    affected < 9-150500.2.1fixed 9-150500.2.1

    In the Linux kernel, the following vulnerability has been resolved: i40e: add validation for ring_len param The `ring_len` parameter provided by the virtual function (VF) is assigned directly to the hardware memory context (HMC) without any validation. To address this, introdu

  • CVE-2023-53676HigOct 7, 2025
    affected < 5-150500.2.1fixed 5-150500.2.1

    In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show() The function lio_target_nacl_info_show() uses sprintf() in a loop to print details for every iSCSI connection in a session without checkin

  • CVE-2022-50490HigOct 4, 2025
    affected < 5-150500.2.1fixed 5-150500.2.1

    In the Linux kernel, the following vulnerability has been resolved: bpf: Propagate error from htab_lock_bucket() to userspace In __htab_map_lookup_and_delete_batch() if htab_lock_bucket() returns -EBUSY, it will go to next bucket. Going to next bucket may not only skip the elem

  • CVE-2022-50409MedSep 18, 2025
    affected < 5-150500.2.1fixed 5-150500.2.1

    In the Linux kernel, the following vulnerability has been resolved: net: If sock is dead don't access sock's sk_wq in sk_stream_wait_memory Fixes the below NULL pointer dereference: [...] [ 14.471200] Call Trace: [ 14.471562] [ 14.471882] lock_acquire+0x

  • CVE-2023-53321HigSep 16, 2025
    affected < 6-150500.2.1fixed 6-150500.2.1

    In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211_hwsim: drop short frames While technically some control frames like ACK are shorter and end after Address 1, such frames shouldn't be forwarded through wmediumd or similar userspace, so require t

  • CVE-2022-50327MedSep 15, 2025
    affected < 5-150500.2.1fixed 5-150500.2.1

    In the Linux kernel, the following vulnerability has been resolved: ACPI: processor: idle: Check acpi_fetch_acpi_dev() return value The return value of acpi_fetch_acpi_dev() could be NULL, which would cause a NULL pointer dereference to occur in acpi_device_hid(). [ rjw: Subje

  • CVE-2022-50252HigSep 15, 2025
    affected < 3-150500.4.1fixed 3-150500.4.1

    In the Linux kernel, the following vulnerability has been resolved: igb: Do not free q_vector unless new one was allocated Avoid potential use-after-free condition under memory pressure. If the kzalloc() fails, q_vector will be freed but left in the original adapter->q_vector[v

  • CVE-2025-39742MedSep 11, 2025
    affected < 6-150500.2.1fixed 6-150500.2.1

    In the Linux kernel, the following vulnerability has been resolved: RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask() The function divides number of online CPUs by num_core_siblings, and later checks the divider by zero. This implies a possibility to get and divi

  • CVE-2025-38678MedSep 3, 2025
    affected < 2-150500.2.1fixed 2-150500.2.1

    In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: reject duplicate device on updates A chain/flowtable update with duplicated devices in the same batch is possible. Unfortunately, netdev event path only removes the first device that is fo

Page 1 of 3