VYPR

rpm package

suse/kernel-livepatch-SLE15-SP6-RT_Update_14&distro=SUSE Linux Enterprise Live Patching 15 SP6

pkg:rpm/suse/kernel-livepatch-SLE15-SP6-RT_Update_14&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP6

Vulnerabilities (240)

  • CVE-2025-38226Jul 4, 2025
    affected < 1-150600.1.5.1fixed 1-150600.1.5.1

    In the Linux kernel, the following vulnerability has been resolved: media: vivid: Change the siize of the composing syzkaller found a bug: BUG: KASAN: vmalloc-out-of-bounds in tpg_fill_plane_pattern drivers/media/common/v4l2-tpg/v4l2-tpg-core.c:2608 [inline] BUG: KASAN: vmallo

  • CVE-2025-38225Jul 4, 2025
    affected < 1-150600.1.5.1fixed 1-150600.1.5.1

    In the Linux kernel, the following vulnerability has been resolved: media: imx-jpeg: Cleanup after an allocation error When allocation failures are not cleaned up by the driver, further allocation errors will be false-positives, which will cause buffers to remain uninitialized

  • CVE-2025-38220Jul 4, 2025
    affected < 1-150600.1.5.1fixed 1-150600.1.5.1

    In the Linux kernel, the following vulnerability has been resolved: ext4: only dirty folios when data journaling regular files fstest generic/388 occasionally reproduces a crash that looks as follows: BUG: kernel NULL pointer dereference, address: 0000000000000000 ... Call Tra

  • CVE-2025-38217Jul 4, 2025
    affected < 1-150600.1.5.1fixed 1-150600.1.5.1

    In the Linux kernel, the following vulnerability has been resolved: hwmon: (ftsteutates) Fix TOCTOU race in fts_read() In the fts_read() function, when handling hwmon_pwm_auto_channels_temp, the code accesses the shared variable data->fan_source[channel] twice without holding a

  • CVE-2025-38211Jul 4, 2025
    affected < 1-150600.1.5.1fixed 1-150600.1.5.1

    In the Linux kernel, the following vulnerability has been resolved: RDMA/iwcm: Fix use-after-free of work objects after cm_id destruction The commit 59c68ac31e15 ("iw_cm: free cm_id resources on the last deref") simplified cm_id resource management by freeing cm_id once all ref

  • CVE-2025-38210Jul 4, 2025
    affected < 1-150600.1.5.1fixed 1-150600.1.5.1

    In the Linux kernel, the following vulnerability has been resolved: configfs-tsm-report: Fix NULL dereference of tsm_ops Unlike sysfs, the lifetime of configfs objects is controlled by userspace. There is no mechanism for the kernel to find and delete all created config-items.

  • CVE-2025-38206Jul 4, 2025
    affected < 1-150600.1.5.1fixed 1-150600.1.5.1

    In the Linux kernel, the following vulnerability has been resolved: exfat: fix double free in delayed_free The double free could happen in the following path. exfat_create_upcase_table() exfat_create_upcase_table() : return error exfat_free_upcase_table() : fre

  • CVE-2025-38204Jul 4, 2025
    affected < 1-150600.1.5.1fixed 1-150600.1.5.1

    In the Linux kernel, the following vulnerability has been resolved: jfs: fix array-index-out-of-bounds read in add_missing_indices stbl is s8 but it must contain offsets into slot which can go from 0 to 127. Added a bound check for that error and return -EIO if the check fails

  • CVE-2025-38203Jul 4, 2025
    affected < 1-150600.1.5.1fixed 1-150600.1.5.1

    In the Linux kernel, the following vulnerability has been resolved: jfs: Fix null-ptr-deref in jfs_ioc_trim [ Syzkaller Report ] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000087: 0000 [#1 KASAN: null-ptr-deref in range [0x0000000000000438-0

  • CVE-2025-38202Jul 4, 2025
    affected < 1-150600.1.5.1fixed 1-150600.1.5.1

    In the Linux kernel, the following vulnerability has been resolved: bpf: Check rcu_read_lock_trace_held() in bpf_map_lookup_percpu_elem() bpf_map_lookup_percpu_elem() helper is also available for sleepable bpf program. When BPF JIT is disabled or under 32-bit host, bpf_map_look

  • CVE-2025-38200Jul 4, 2025
    affected < 1-150600.1.5.1fixed 1-150600.1.5.1

    In the Linux kernel, the following vulnerability has been resolved: i40e: fix MMIO write access to an invalid page in i40e_clear_hw When the device sends a specific input, an integer underflow can occur, leading to MMIO write access to an invalid page. Prevent the integer unde

  • CVE-2025-38197Jul 4, 2025
    affected < 1-150600.1.5.1fixed 1-150600.1.5.1

    In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell_rbu: Fix list usage Pass the correct list head to list_for_each_entry*() when looping through the packet list. Without this patch, reading the packet data via sysfs will show the data incorr

  • CVE-2025-38194Jul 4, 2025
    affected < 1-150600.1.5.1fixed 1-150600.1.5.1

    In the Linux kernel, the following vulnerability has been resolved: jffs2: check that raw node were preallocated before writing summary Syzkaller detected a kernel bug in jffs2_link_node_ref, caused by fault injection in jffs2_prealloc_raw_node_refs. jffs2_sum_write_sumnode doe

  • CVE-2025-38193Jul 4, 2025
    affected < 1-150600.1.5.1fixed 1-150600.1.5.1

    In the Linux kernel, the following vulnerability has been resolved: net_sched: sch_sfq: reject invalid perturb period Gerrard Tai reported that SFQ perturb_period has no range check yet, and this can be used to trigger a race condition fixed in a separate patch. We want to mak

  • CVE-2025-38188Jul 4, 2025
    affected < 1-150600.1.5.1fixed 1-150600.1.5.1

    In the Linux kernel, the following vulnerability has been resolved: drm/msm/a7xx: Call CP_RESET_CONTEXT_STATE Calling this packet is necessary when we switch contexts because there are various pieces of state used by userspace to synchronize between BR and BV that are persisten

  • CVE-2025-38187Jul 4, 2025
    affected < 1-150600.1.5.1fixed 1-150600.1.5.1

    In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fix a use-after-free in r535_gsp_rpc_push() The RPC container is released after being passed to r535_gsp_rpc_send(). When sending the initial fragment of a large RPC and passing the caller's RPC c

  • CVE-2025-38183Jul 4, 2025
    affected < 1-150600.1.5.1fixed 1-150600.1.5.1

    In the Linux kernel, the following vulnerability has been resolved: net: lan743x: fix potential out-of-bounds write in lan743x_ptp_io_event_clock_get() Before calling lan743x_ptp_io_event_clock_get(), the 'channel' value is checked against the maximum value of PCI11X1X_PTP_IO_M

  • CVE-2025-38182Jul 4, 2025
    affected < 1-150600.1.5.1fixed 1-150600.1.5.1

    In the Linux kernel, the following vulnerability has been resolved: ublk: santizize the arguments from userspace when adding a device Sanity check the values for queue depth and number of queues we get from userspace when adding a device.

  • CVE-2025-38181Jul 4, 2025
    affected < 1-150600.1.5.1fixed 1-150600.1.5.1

    In the Linux kernel, the following vulnerability has been resolved: calipso: Fix null-ptr-deref in calipso_req_{set,del}attr(). syzkaller reported a null-ptr-deref in sock_omalloc() while allocating a CALIPSO option. [0] The NULL is of struct sock, which was fetched by sk_to_

  • CVE-2025-38180Jul 4, 2025
    affected < 1-150600.1.5.1fixed 1-150600.1.5.1

    In the Linux kernel, the following vulnerability has been resolved: net: atm: fix /proc/net/atm/lec handling /proc/net/atm/lec must ensure safety against dev_lec[] changes. It appears it had dev_put() calls without prior dev_hold(), leading to imbalance and UAF.

Page 8 of 12