rpm package

suse/kernel-livepatch-SLE15-SP6-RT_Update_10&distro=SUSE Linux Enterprise Live Patching 15 SP6

pkg:rpm/suse/kernel-livepatch-SLE15-SP6-RT_Update_10&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP6

Vulnerabilities (212)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2025-21704	Hig	7.8	< 1-150600.1.5.1	1-150600.1.5.1	Feb 22, 2025	In the Linux kernel, the following vulnerability has been resolved: usb: cdc-acm: Check control transfer buffer size before access If the first fragment is shorter than struct usb_cdc_notification, we can't calculate an expected_size. Log an error and discard the notification i
CVE-2025-21702	Hig	7.8	< 3-150600.2.1	3-150600.2.1	Feb 18, 2025	In the Linux kernel, the following vulnerability has been resolved: pfifo_tail_enqueue: Drop new packet when sch->limit == 0 Expected behaviour: In case we reach scheduler's limit, pfifo_tail_enqueue() will drop a packet in scheduler's queue and decrease scheduler's qlen by one
CVE-2025-21703		—	< 1-150600.1.5.1	1-150600.1.5.1	Feb 18, 2025	In the Linux kernel, the following vulnerability has been resolved: netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() qdisc_tree_reduce_backlog() notifies parent qdisc only if child qdisc becomes empty, therefore we need to reduce the backlog of the child qdisc befor
CVE-2025-21701	Med	4.7	< 1-150600.1.5.1	1-150600.1.5.1	Feb 13, 2025	In the Linux kernel, the following vulnerability has been resolved: net: avoid race between device unregistration and ethnl ops The following trace can be seen if a device is being unregistered while its number of channels are being modified. DEBUG_LOCKS_WARN_ON(lock->magic
CVE-2025-21693		—	< 1-150600.1.5.1	1-150600.1.5.1	Feb 10, 2025	In the Linux kernel, the following vulnerability has been resolved: mm: zswap: properly synchronize freeing resources during CPU hotunplug In zswap_compress() and zswap_decompress(), the per-CPU acomp_ctx of the current CPU at the beginning of the operation is retrieved and use
CVE-2025-21671		—	< 1-150600.1.5.1	1-150600.1.5.1	Jan 31, 2025	In the Linux kernel, the following vulnerability has been resolved: zram: fix potential UAF of zram table If zram_meta_alloc failed early, it frees allocated zram->table without setting it NULL. Which will potentially cause zram_meta_free to access the table if user reset an f
CVE-2024-57947		—	< 1-150600.1.5.1	1-150600.1.5.1	Jan 23, 2025	In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_set_pipapo: fix initial map fill The initial buffer has to be inited to all-ones, but it must restrict it to the size of the first field, not the total field size. After each round in the map sea
CVE-2025-21659		—	< 1-150600.1.5.1	1-150600.1.5.1	Jan 21, 2025	In the Linux kernel, the following vulnerability has been resolved: netdev: prevent accessing NAPI instances from another namespace The NAPI IDs were not fully exposed to user space prior to the netlink API, so they were never namespaced. The netlink API must ensure that at the
CVE-2025-21635		—	< 1-150600.1.5.1	1-150600.1.5.1	Jan 19, 2025	In the Linux kernel, the following vulnerability has been resolved: rds: sysctl: rds_tcp_{rcv,snd}buf: avoid using current->nsproxy As mentioned in a previous commit of this series, using the 'net' structure via 'current' is not recommended for different reasons: - Inconsisten
CVE-2025-21631		—	< 1-150600.1.5.1	1-150600.1.5.1	Jan 19, 2025	In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix waker_bfqq UAF after bfq_split_bfqq() Our syzkaller report a following UAF for v6.6: BUG: KASAN: slab-use-after-free in bfq_init_rq+0x175d/0x17a0 block/bfq-iosched.c:6958 Read of size 8 at addr
CVE-2024-57900		—	< 1-150600.1.5.1	1-150600.1.5.1	Jan 15, 2025	In the Linux kernel, the following vulnerability has been resolved: ila: serialize calls to nf_register_net_hooks() syzbot found a race in ila_add_mapping() [1] commit 031ae72825ce ("ila: call nf_unregister_net_hooks() sooner") attempted to fix a similar issue. Looking at the
CVE-2024-57807		—	< 1-150600.1.5.1	1-150600.1.5.1	Jan 11, 2025	In the Linux kernel, the following vulnerability has been resolved: scsi: megaraid_sas: Fix for a potential deadlock This fixes a 'possible circular locking dependency detected' warning CPU0 CPU1 ---- ---- lock(&instance->reset
CVE-2024-49571		—	< 1-150600.1.5.1	1-150600.1.5.1	Jan 11, 2025	In the Linux kernel, the following vulnerability has been resolved: net/smc: check iparea_offset and ipv6_prefixes_cnt when receiving proposal msg When receiving proposal msg in server, the field iparea_offset and the field ipv6_prefixes_cnt in proposal msg are from the remote
CVE-2024-47408		—	< 1-150600.1.5.1	1-150600.1.5.1	Jan 11, 2025	In the Linux kernel, the following vulnerability has been resolved: net/smc: check smcd_v2_ext_offset when receiving proposal msg When receiving proposal msg in server, the field smcd_v2_ext_offset in proposal msg is from the remote client and can not be fully trusted. Once the
CVE-2024-41149		—	< 1-150600.1.5.1	1-150600.1.5.1	Jan 11, 2025	In the Linux kernel, the following vulnerability has been resolved: block: avoid to reuse `hctx` not removed from cpuhp callback list If the 'hctx' isn't removed from cpuhp callback list, we can't reuse it, otherwise use-after-free may be triggered.
CVE-2024-54683		—	< 1-150600.1.5.1	1-150600.1.5.1	Jan 11, 2025	In the Linux kernel, the following vulnerability has been resolved: netfilter: IDLETIMER: Fix for possible ABBA deadlock Deletion of the last rule referencing a given idletimer may happen at the same time as a read of its file in sysfs: \| ======================================
CVE-2024-53680		—	< 1-150600.1.5.1	1-150600.1.5.1	Jan 11, 2025	In the Linux kernel, the following vulnerability has been resolved: ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init() Under certain kernel configurations when building with Clang/LLVM, the compiler does not generate a return or jump as the terminator instr
CVE-2024-47794		—	< 1-150600.1.5.1	1-150600.1.5.1	Jan 11, 2025	In the Linux kernel, the following vulnerability has been resolved: bpf: Prevent tailcall infinite loop caused by freplace There is a potential infinite loop issue that can occur when using a combination of tail calls and freplace. In an upcoming selftest, the attach target fo
CVE-2024-56770		—	< 1-150600.1.5.1	1-150600.1.5.1	Jan 8, 2025	In the Linux kernel, the following vulnerability has been resolved: net/sched: netem: account for backlog updates from child qdisc In general, 'qlen' of any classful qdisc should keep track of the number of packets that the qdisc itself and all of its children holds. In case of
CVE-2024-56758		—	< 1-150600.1.5.1	1-150600.1.5.1	Jan 6, 2025	In the Linux kernel, the following vulnerability has been resolved: btrfs: check folio mapping after unlock in relocate_one_folio() When we call btrfs_read_folio() to bring a folio uptodate, we unlock the folio. The result of that is that a different thread can modify the mappi

CVE-2025-21704HigFeb 22, 2025
affected < 1-150600.1.5.1fixed 1-150600.1.5.1
In the Linux kernel, the following vulnerability has been resolved: usb: cdc-acm: Check control transfer buffer size before access If the first fragment is shorter than struct usb_cdc_notification, we can't calculate an expected_size. Log an error and discard the notification i
CVE-2025-21702HigFeb 18, 2025
affected < 3-150600.2.1fixed 3-150600.2.1
In the Linux kernel, the following vulnerability has been resolved: pfifo_tail_enqueue: Drop new packet when sch->limit == 0 Expected behaviour: In case we reach scheduler's limit, pfifo_tail_enqueue() will drop a packet in scheduler's queue and decrease scheduler's qlen by one
CVE-2025-21703Feb 18, 2025
affected < 1-150600.1.5.1fixed 1-150600.1.5.1
In the Linux kernel, the following vulnerability has been resolved: netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() qdisc_tree_reduce_backlog() notifies parent qdisc only if child qdisc becomes empty, therefore we need to reduce the backlog of the child qdisc befor
CVE-2025-21701MedFeb 13, 2025
affected < 1-150600.1.5.1fixed 1-150600.1.5.1
In the Linux kernel, the following vulnerability has been resolved: net: avoid race between device unregistration and ethnl ops The following trace can be seen if a device is being unregistered while its number of channels are being modified. DEBUG_LOCKS_WARN_ON(lock->magic
CVE-2025-21693Feb 10, 2025
affected < 1-150600.1.5.1fixed 1-150600.1.5.1
In the Linux kernel, the following vulnerability has been resolved: mm: zswap: properly synchronize freeing resources during CPU hotunplug In zswap_compress() and zswap_decompress(), the per-CPU acomp_ctx of the current CPU at the beginning of the operation is retrieved and use
CVE-2025-21671Jan 31, 2025
affected < 1-150600.1.5.1fixed 1-150600.1.5.1
In the Linux kernel, the following vulnerability has been resolved: zram: fix potential UAF of zram table If zram_meta_alloc failed early, it frees allocated zram->table without setting it NULL. Which will potentially cause zram_meta_free to access the table if user reset an f
CVE-2024-57947Jan 23, 2025
affected < 1-150600.1.5.1fixed 1-150600.1.5.1
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_set_pipapo: fix initial map fill The initial buffer has to be inited to all-ones, but it must restrict it to the size of the first field, not the total field size. After each round in the map sea
CVE-2025-21659Jan 21, 2025
affected < 1-150600.1.5.1fixed 1-150600.1.5.1
In the Linux kernel, the following vulnerability has been resolved: netdev: prevent accessing NAPI instances from another namespace The NAPI IDs were not fully exposed to user space prior to the netlink API, so they were never namespaced. The netlink API must ensure that at the
CVE-2025-21635Jan 19, 2025
affected < 1-150600.1.5.1fixed 1-150600.1.5.1
In the Linux kernel, the following vulnerability has been resolved: rds: sysctl: rds_tcp_{rcv,snd}buf: avoid using current->nsproxy As mentioned in a previous commit of this series, using the 'net' structure via 'current' is not recommended for different reasons: - Inconsisten
CVE-2025-21631Jan 19, 2025
affected < 1-150600.1.5.1fixed 1-150600.1.5.1
In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix waker_bfqq UAF after bfq_split_bfqq() Our syzkaller report a following UAF for v6.6: BUG: KASAN: slab-use-after-free in bfq_init_rq+0x175d/0x17a0 block/bfq-iosched.c:6958 Read of size 8 at addr
CVE-2024-57900Jan 15, 2025
affected < 1-150600.1.5.1fixed 1-150600.1.5.1
In the Linux kernel, the following vulnerability has been resolved: ila: serialize calls to nf_register_net_hooks() syzbot found a race in ila_add_mapping() [1] commit 031ae72825ce ("ila: call nf_unregister_net_hooks() sooner") attempted to fix a similar issue. Looking at the
CVE-2024-57807Jan 11, 2025
affected < 1-150600.1.5.1fixed 1-150600.1.5.1
In the Linux kernel, the following vulnerability has been resolved: scsi: megaraid_sas: Fix for a potential deadlock This fixes a 'possible circular locking dependency detected' warning CPU0 CPU1 ---- ---- lock(&instance->reset
CVE-2024-49571Jan 11, 2025
affected < 1-150600.1.5.1fixed 1-150600.1.5.1
In the Linux kernel, the following vulnerability has been resolved: net/smc: check iparea_offset and ipv6_prefixes_cnt when receiving proposal msg When receiving proposal msg in server, the field iparea_offset and the field ipv6_prefixes_cnt in proposal msg are from the remote
CVE-2024-47408Jan 11, 2025
affected < 1-150600.1.5.1fixed 1-150600.1.5.1
In the Linux kernel, the following vulnerability has been resolved: net/smc: check smcd_v2_ext_offset when receiving proposal msg When receiving proposal msg in server, the field smcd_v2_ext_offset in proposal msg is from the remote client and can not be fully trusted. Once the
CVE-2024-41149Jan 11, 2025
affected < 1-150600.1.5.1fixed 1-150600.1.5.1
In the Linux kernel, the following vulnerability has been resolved: block: avoid to reuse `hctx` not removed from cpuhp callback list If the 'hctx' isn't removed from cpuhp callback list, we can't reuse it, otherwise use-after-free may be triggered.
CVE-2024-54683Jan 11, 2025
affected < 1-150600.1.5.1fixed 1-150600.1.5.1
In the Linux kernel, the following vulnerability has been resolved: netfilter: IDLETIMER: Fix for possible ABBA deadlock Deletion of the last rule referencing a given idletimer may happen at the same time as a read of its file in sysfs: | ======================================
CVE-2024-53680Jan 11, 2025
affected < 1-150600.1.5.1fixed 1-150600.1.5.1
In the Linux kernel, the following vulnerability has been resolved: ipvs: fix UB due to uninitialized stack access in ip_vs_protocol_init() Under certain kernel configurations when building with Clang/LLVM, the compiler does not generate a return or jump as the terminator instr
CVE-2024-47794Jan 11, 2025
affected < 1-150600.1.5.1fixed 1-150600.1.5.1
In the Linux kernel, the following vulnerability has been resolved: bpf: Prevent tailcall infinite loop caused by freplace There is a potential infinite loop issue that can occur when using a combination of tail calls and freplace. In an upcoming selftest, the attach target fo
CVE-2024-56770Jan 8, 2025
affected < 1-150600.1.5.1fixed 1-150600.1.5.1
In the Linux kernel, the following vulnerability has been resolved: net/sched: netem: account for backlog updates from child qdisc In general, 'qlen' of any classful qdisc should keep track of the number of packets that the qdisc itself and all of its children holds. In case of
CVE-2024-56758Jan 6, 2025
affected < 1-150600.1.5.1fixed 1-150600.1.5.1
In the Linux kernel, the following vulnerability has been resolved: btrfs: check folio mapping after unlock in relocate_one_folio() When we call btrfs_read_folio() to bring a folio uptodate, we unlock the folio. The result of that is that a different thread can modify the mappi

Page 9 of 11