rpm package
suse/kernel-livepatch-SLE15-SP6-RT_Update_15&distro=SUSE Linux Enterprise Live Patching 15 SP6
pkg:rpm/suse/kernel-livepatch-SLE15-SP6-RT_Update_15&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP6
Vulnerabilities (98)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-38608 | — | < 1-150600.1.3.1 | 1-150600.1.3.1 | Aug 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls When sending plaintext data, we initially calculated the corresponding ciphertext length. However, if we later reduced the plaintext data len | ||
| CVE-2025-38604 | — | < 1-150600.1.3.1 | 1-150600.1.3.1 | Aug 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: wifi: rtl818x: Kill URBs before clearing tx status queue In rtl8187_stop() move the call of usb_kill_anchored_urbs() before clearing b_tx_status.queue. This change prevents callbacks from using already freed sk | ||
| CVE-2025-38602 | — | < 1-150600.1.3.1 | 1-150600.1.3.1 | Aug 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: iwlwifi: Add missing check for alloc_ordered_workqueue Add check for the return value of alloc_ordered_workqueue since it may return NULL pointer. | ||
| CVE-2025-38601 | — | < 1-150600.1.3.1 | 1-150600.1.3.1 | Aug 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: clear initialized flag for deinit-ed srng lists In a number of cases we see kernel panics on resume due to ath11k kernel page fault, which happens under the following circumstances: 1) First ath1 | ||
| CVE-2025-38591 | — | < 1-150600.1.3.1 | 1-150600.1.3.1 | Aug 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: bpf: Reject narrower access to pointer ctx fields The following BPF program, simplified from a syzkaller repro, causes a kernel warning: r0 = *(u8 *)(r1 + 169); exit; With pointer field sk being at of | ||
| CVE-2025-38588 | — | < 1-150600.1.3.1 | 1-150600.1.3.1 | Aug 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent infinite loop in rt6_nlmsg_size() While testing prior patch, I was able to trigger an infinite loop in rt6_nlmsg_size() in the following place: list_for_each_entry_rcu(sibling, &f6i->fib6_sibling | ||
| CVE-2025-38587 | — | < 1-150600.1.3.1 | 1-150600.1.3.1 | Aug 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: ipv6: fix possible infinite loop in fib6_info_uses_dev() fib6_info_uses_dev() seems to rely on RCU without an explicit protection. Like the prior fix in rt6_nlmsg_size(), we need to make sure fib6_del_route() | ||
| CVE-2025-38585 | — | < 1-150600.1.3.1 | 1-150600.1.3.1 | Aug 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: staging: media: atomisp: Fix stack buffer overflow in gmin_get_var_int() When gmin_get_config_var() calls efi.get_variable() and the EFI variable is larger than the expected buffer size, two behaviors combine t | ||
| CVE-2025-38583 | — | < 1-150600.1.3.1 | 1-150600.1.3.1 | Aug 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: clk: xilinx: vcu: unregister pll_post only if registered correctly If registration of pll_post is failed, it will be set to NULL or ERR, unregistering same will fail with following call trace: Unable to handle | ||
| CVE-2025-38582 | — | < 1-150600.1.3.1 | 1-150600.1.3.1 | Aug 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix double destruction of rsv_qp rsv_qp may be double destroyed in error flow, first in free_mr_init(), and then in hns_roce_exit(). Fix it by moving the free_mr_init() call into hns_roce_v2_init(). | ||
| CVE-2025-38581 | — | < 1-150600.1.3.1 | 1-150600.1.3.1 | Aug 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - Fix crash when rebind ccp device for ccp.ko When CONFIG_CRYPTO_DEV_CCP_DEBUGFS is enabled, rebinding the ccp device causes the following crash: $ echo '0000:0a:00.2' > /sys/bus/pci/drivers/ccp/un | ||
| CVE-2025-38576 | — | < 1-150600.1.3.1 | 1-150600.1.3.1 | Aug 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: powerpc/eeh: Make EEH driver device hotplug safe Multiple race conditions existed between the PCIe hotplug driver and the EEH driver, leading to a variety of kernel oopses of the same general nature: <pcie dev | ||
| CVE-2025-38572 | — | < 1-150600.1.3.1 | 1-150600.1.3.1 | Aug 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: ipv6: reject malicious packets in ipv6_gso_segment() syzbot was able to craft a packet with very long IPv6 extension headers leading to an overflow of skb->transport_header. This 16bit field has a limited rang | ||
| CVE-2025-38571 | — | < 1-150600.1.3.1 | 1-150600.1.3.1 | Aug 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix client side handling of tls alerts A security exploit was discovered in NFS over TLS in tls_alert_recv due to its assumption that there is valid data in the msghdr's iterator's kvec. Instead, this | ||
| CVE-2025-38568 | — | < 1-150600.1.3.1 | 1-150600.1.3.1 | Aug 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: net/sched: mqprio: fix stack out-of-bounds write in tc entry parsing TCA_MQPRIO_TC_ENTRY_INDEX is validated using NLA_POLICY_MAX(NLA_U32, TC_QOPT_MAX_QUEUE), which allows the value TC_QOPT_MAX_QUEUE (16). This | ||
| CVE-2025-38566 | — | < 1-150600.1.3.1 | 1-150600.1.3.1 | Aug 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix handling of server side tls alerts Scott Mayhew discovered a security exploit in NFS over TLS in tls_alert_recv() due to its assumption it can read data from the msg iterator's kvec.. kTLS implemen | ||
| CVE-2025-38565 | — | < 1-150600.1.3.1 | 1-150600.1.3.1 | Aug 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: perf/core: Exit early on perf_mmap() fail When perf_mmap() fails to allocate a buffer, it still invokes the event_mapped() callback of the related event. On X86 this might increase the perf_rdpmc_allowed refere | ||
| CVE-2025-38563 | — | < 1-150600.1.3.1 | 1-150600.1.3.1 | Aug 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: perf/core: Prevent VMA split of buffer mappings The perf mmap code is careful about mmap()'ing the user page with the ringbuffer and additionally the auxiliary buffer, when the event supports it. Once the first | ||
| CVE-2025-38560 | — | < 1-150600.1.3.1 | 1-150600.1.3.1 | Aug 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: x86/sev: Evict cache lines during SNP memory validation An SNP cache coherency vulnerability requires a cache line eviction mitigation when validating memory after a page state change to private. The specific m | ||
| CVE-2025-38555 | — | < 1-150600.1.3.1 | 1-150600.1.3.1 | Aug 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: usb: gadget : fix use-after-free in composite_dev_cleanup() 1. In func configfs_composite_bind() -> composite_os_desc_req_prepare(): if kmalloc fails, the pointer cdev->os_desc_req will be freed but not set to |
- CVE-2025-38608Aug 19, 2025affected < 1-150600.1.3.1fixed 1-150600.1.3.1
In the Linux kernel, the following vulnerability has been resolved: bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls When sending plaintext data, we initially calculated the corresponding ciphertext length. However, if we later reduced the plaintext data len
- CVE-2025-38604Aug 19, 2025affected < 1-150600.1.3.1fixed 1-150600.1.3.1
In the Linux kernel, the following vulnerability has been resolved: wifi: rtl818x: Kill URBs before clearing tx status queue In rtl8187_stop() move the call of usb_kill_anchored_urbs() before clearing b_tx_status.queue. This change prevents callbacks from using already freed sk
- CVE-2025-38602Aug 19, 2025affected < 1-150600.1.3.1fixed 1-150600.1.3.1
In the Linux kernel, the following vulnerability has been resolved: iwlwifi: Add missing check for alloc_ordered_workqueue Add check for the return value of alloc_ordered_workqueue since it may return NULL pointer.
- CVE-2025-38601Aug 19, 2025affected < 1-150600.1.3.1fixed 1-150600.1.3.1
In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: clear initialized flag for deinit-ed srng lists In a number of cases we see kernel panics on resume due to ath11k kernel page fault, which happens under the following circumstances: 1) First ath1
- CVE-2025-38591Aug 19, 2025affected < 1-150600.1.3.1fixed 1-150600.1.3.1
In the Linux kernel, the following vulnerability has been resolved: bpf: Reject narrower access to pointer ctx fields The following BPF program, simplified from a syzkaller repro, causes a kernel warning: r0 = *(u8 *)(r1 + 169); exit; With pointer field sk being at of
- CVE-2025-38588Aug 19, 2025affected < 1-150600.1.3.1fixed 1-150600.1.3.1
In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent infinite loop in rt6_nlmsg_size() While testing prior patch, I was able to trigger an infinite loop in rt6_nlmsg_size() in the following place: list_for_each_entry_rcu(sibling, &f6i->fib6_sibling
- CVE-2025-38587Aug 19, 2025affected < 1-150600.1.3.1fixed 1-150600.1.3.1
In the Linux kernel, the following vulnerability has been resolved: ipv6: fix possible infinite loop in fib6_info_uses_dev() fib6_info_uses_dev() seems to rely on RCU without an explicit protection. Like the prior fix in rt6_nlmsg_size(), we need to make sure fib6_del_route()
- CVE-2025-38585Aug 19, 2025affected < 1-150600.1.3.1fixed 1-150600.1.3.1
In the Linux kernel, the following vulnerability has been resolved: staging: media: atomisp: Fix stack buffer overflow in gmin_get_var_int() When gmin_get_config_var() calls efi.get_variable() and the EFI variable is larger than the expected buffer size, two behaviors combine t
- CVE-2025-38583Aug 19, 2025affected < 1-150600.1.3.1fixed 1-150600.1.3.1
In the Linux kernel, the following vulnerability has been resolved: clk: xilinx: vcu: unregister pll_post only if registered correctly If registration of pll_post is failed, it will be set to NULL or ERR, unregistering same will fail with following call trace: Unable to handle
- CVE-2025-38582Aug 19, 2025affected < 1-150600.1.3.1fixed 1-150600.1.3.1
In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix double destruction of rsv_qp rsv_qp may be double destroyed in error flow, first in free_mr_init(), and then in hns_roce_exit(). Fix it by moving the free_mr_init() call into hns_roce_v2_init().
- CVE-2025-38581Aug 19, 2025affected < 1-150600.1.3.1fixed 1-150600.1.3.1
In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - Fix crash when rebind ccp device for ccp.ko When CONFIG_CRYPTO_DEV_CCP_DEBUGFS is enabled, rebinding the ccp device causes the following crash: $ echo '0000:0a:00.2' > /sys/bus/pci/drivers/ccp/un
- CVE-2025-38576Aug 19, 2025affected < 1-150600.1.3.1fixed 1-150600.1.3.1
In the Linux kernel, the following vulnerability has been resolved: powerpc/eeh: Make EEH driver device hotplug safe Multiple race conditions existed between the PCIe hotplug driver and the EEH driver, leading to a variety of kernel oopses of the same general nature: <pcie dev
- CVE-2025-38572Aug 19, 2025affected < 1-150600.1.3.1fixed 1-150600.1.3.1
In the Linux kernel, the following vulnerability has been resolved: ipv6: reject malicious packets in ipv6_gso_segment() syzbot was able to craft a packet with very long IPv6 extension headers leading to an overflow of skb->transport_header. This 16bit field has a limited rang
- CVE-2025-38571Aug 19, 2025affected < 1-150600.1.3.1fixed 1-150600.1.3.1
In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix client side handling of tls alerts A security exploit was discovered in NFS over TLS in tls_alert_recv due to its assumption that there is valid data in the msghdr's iterator's kvec. Instead, this
- CVE-2025-38568Aug 19, 2025affected < 1-150600.1.3.1fixed 1-150600.1.3.1
In the Linux kernel, the following vulnerability has been resolved: net/sched: mqprio: fix stack out-of-bounds write in tc entry parsing TCA_MQPRIO_TC_ENTRY_INDEX is validated using NLA_POLICY_MAX(NLA_U32, TC_QOPT_MAX_QUEUE), which allows the value TC_QOPT_MAX_QUEUE (16). This
- CVE-2025-38566Aug 19, 2025affected < 1-150600.1.3.1fixed 1-150600.1.3.1
In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix handling of server side tls alerts Scott Mayhew discovered a security exploit in NFS over TLS in tls_alert_recv() due to its assumption it can read data from the msg iterator's kvec.. kTLS implemen
- CVE-2025-38565Aug 19, 2025affected < 1-150600.1.3.1fixed 1-150600.1.3.1
In the Linux kernel, the following vulnerability has been resolved: perf/core: Exit early on perf_mmap() fail When perf_mmap() fails to allocate a buffer, it still invokes the event_mapped() callback of the related event. On X86 this might increase the perf_rdpmc_allowed refere
- CVE-2025-38563Aug 19, 2025affected < 1-150600.1.3.1fixed 1-150600.1.3.1
In the Linux kernel, the following vulnerability has been resolved: perf/core: Prevent VMA split of buffer mappings The perf mmap code is careful about mmap()'ing the user page with the ringbuffer and additionally the auxiliary buffer, when the event supports it. Once the first
- CVE-2025-38560Aug 19, 2025affected < 1-150600.1.3.1fixed 1-150600.1.3.1
In the Linux kernel, the following vulnerability has been resolved: x86/sev: Evict cache lines during SNP memory validation An SNP cache coherency vulnerability requires a cache line eviction mitigation when validating memory after a page state change to private. The specific m
- CVE-2025-38555Aug 19, 2025affected < 1-150600.1.3.1fixed 1-150600.1.3.1
In the Linux kernel, the following vulnerability has been resolved: usb: gadget : fix use-after-free in composite_dev_cleanup() 1. In func configfs_composite_bind() -> composite_os_desc_req_prepare(): if kmalloc fails, the pointer cdev->os_desc_req will be freed but not set to
Page 2 of 5