rpm package
suse/kernel-livepatch-SLE15-SP6-RT_Update_17&distro=SUSE Linux Enterprise Live Patching 15 SP6
pkg:rpm/suse/kernel-livepatch-SLE15-SP6-RT_Update_17&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP6
Vulnerabilities (190)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-39987 | — | < 1-150600.1.3.1 | 1-150600.1.3.1 | Oct 15, 2025 | In the Linux kernel, the following vulnerability has been resolved: can: hi311x: populate ndo_change_mtu() to prevent buffer overflow Sending an PF_PACKET allows to bypass the CAN framework logic and to directly reach the xmit() function of a CAN driver. The only check which is | ||
| CVE-2025-39986 | — | < 1-150600.1.3.1 | 1-150600.1.3.1 | Oct 15, 2025 | In the Linux kernel, the following vulnerability has been resolved: can: sun4i_can: populate ndo_change_mtu() to prevent buffer overflow Sending an PF_PACKET allows to bypass the CAN framework logic and to directly reach the xmit() function of a CAN driver. The only check which | ||
| CVE-2025-39985 | — | < 1-150600.1.3.1 | 1-150600.1.3.1 | Oct 15, 2025 | In the Linux kernel, the following vulnerability has been resolved: can: mcba_usb: populate ndo_change_mtu() to prevent buffer overflow Sending an PF_PACKET allows to bypass the CAN framework logic and to directly reach the xmit() function of a CAN driver. The only check which | ||
| CVE-2025-39982 | — | < 1-150600.1.3.1 | 1-150600.1.3.1 | Oct 15, 2025 | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: Fix UAF in hci_acl_create_conn_sync This fixes the following UFA in hci_acl_create_conn_sync where a connection still pending is command submission (conn->state == BT_OPEN) maybe freed, al | ||
| CVE-2025-39981 | — | < 1-150600.1.3.1 | 1-150600.1.3.1 | Oct 15, 2025 | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix possible UAFs This attemps to fix possible UAFs caused by struct mgmt_pending being freed while still being processed like in the following trace, in order to fix mgmt_pending_valid is intr | ||
| CVE-2025-39978 | — | < 1-150600.1.3.1 | 1-150600.1.3.1 | Oct 15, 2025 | In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: Fix potential use after free in otx2_tc_add_flow() This code calls kfree_rcu(new_node, rcu) and then dereferences "new_node" and then dereferences it on the next line. Two lines later, we take a | ||
| CVE-2025-39973 | — | < 1-150600.1.3.1 | 1-150600.1.3.1 | Oct 15, 2025 | In the Linux kernel, the following vulnerability has been resolved: i40e: add validation for ring_len param The `ring_len` parameter provided by the virtual function (VF) is assigned directly to the hardware memory context (HMC) without any validation. To address this, introdu | ||
| CVE-2025-39972 | — | < 1-150600.1.3.1 | 1-150600.1.3.1 | Oct 15, 2025 | In the Linux kernel, the following vulnerability has been resolved: i40e: fix idx validation in i40e_validate_queue_map Ensure idx is within range of active/initialized TCs when iterating over vf->ch[idx] in i40e_validate_queue_map(). | ||
| CVE-2025-39971 | — | < 1-150600.1.3.1 | 1-150600.1.3.1 | Oct 15, 2025 | In the Linux kernel, the following vulnerability has been resolved: i40e: fix idx validation in config queues msg Ensure idx is within range of active/initialized TCs when iterating over vf->ch[idx] in i40e_vc_config_queues_msg(). | ||
| CVE-2025-39970 | — | < 1-150600.1.3.1 | 1-150600.1.3.1 | Oct 15, 2025 | In the Linux kernel, the following vulnerability has been resolved: i40e: fix input validation logic for action_meta Fix condition to check 'greater or equal' to prevent OOB dereference. | ||
| CVE-2025-39969 | — | < 1-150600.1.3.1 | 1-150600.1.3.1 | Oct 15, 2025 | In the Linux kernel, the following vulnerability has been resolved: i40e: fix validation of VF state in get resources VF state I40E_VF_STATE_ACTIVE is not the only state in which VF is actually active so it should not be used to determine if a VF is allowed to obtain resources. | ||
| CVE-2025-39968 | — | < 1-150600.1.3.1 | 1-150600.1.3.1 | Oct 15, 2025 | In the Linux kernel, the following vulnerability has been resolved: i40e: add max boundary check for VF filters There is no check for max filters that VF can request. Add it. | ||
| CVE-2025-39967 | — | < 1-150600.1.3.1 | 1-150600.1.3.1 | Oct 15, 2025 | In the Linux kernel, the following vulnerability has been resolved: fbcon: fix integer overflow in fbcon_do_set_font Fix integer overflow vulnerabilities in fbcon_do_set_font() where font size calculations could overflow when handling user-controlled font parameters. The vulne | ||
| CVE-2025-39965 | — | < 1-150600.1.3.1 | 1-150600.1.3.1 | Oct 13, 2025 | In the Linux kernel, the following vulnerability has been resolved: xfrm: xfrm_alloc_spi shouldn't use 0 as SPI x->id.spi == 0 means "no SPI assigned", but since commit 94f39804d891 ("xfrm: Duplicate SPI Handling"), we now create states and add them to the byspi list with this | ||
| CVE-2025-39957 | — | < 1-150600.1.3.1 | 1-150600.1.3.1 | Oct 9, 2025 | In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: increase scan_ies_len for S1G Currently the S1G capability element is not taken into account for the scan_ies_len, which leads to a buffer length validation failure in ieee80211_prep_hw_scan() a | ||
| CVE-2025-39955 | — | < 1-150600.1.3.1 | 1-150600.1.3.1 | Oct 9, 2025 | In the Linux kernel, the following vulnerability has been resolved: tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect(). syzbot reported the splat below where a socket had tcp_sk(sk)->fastopen_rsk in the TCP_ESTABLISHED state. [0] syzbot reused the server-side TCP Fast Ope | ||
| CVE-2023-53673 | Hig | 7.8 | < 1-150600.1.3.1 | 1-150600.1.3.1 | Oct 7, 2025 | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: call disconnect callback before deleting conn In hci_cs_disconnect, we do hci_conn_del even if disconnection failed. ISO, L2CAP and SCO connections refer to the hci_conn without hci_conn_ | |
| CVE-2023-53687 | — | < 1-150600.1.3.1 | 1-150600.1.3.1 | Oct 7, 2025 | In the Linux kernel, the following vulnerability has been resolved: tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() when iterating clk When the best clk is searched, we iterate over all possible clk. If we find a better match, the previous one, if any, n | ||
| CVE-2023-53686 | — | < 1-150600.1.3.1 | 1-150600.1.3.1 | Oct 7, 2025 | In the Linux kernel, the following vulnerability has been resolved: net/handshake: fix null-ptr-deref in handshake_nl_done_doit() We should not call trace_handshake_cmd_done_err() if socket lookup has failed. Also we should call trace_handshake_cmd_done_err() before releasing | ||
| CVE-2023-53681 | — | < 1-150600.1.3.1 | 1-150600.1.3.1 | Oct 7, 2025 | In the Linux kernel, the following vulnerability has been resolved: bcache: Fix __bch_btree_node_alloc to make the failure behavior consistent In some specific situations, the return value of __bch_btree_node_alloc may be NULL. This may lead to a potential NULL pointer derefere |
- CVE-2025-39987Oct 15, 2025affected < 1-150600.1.3.1fixed 1-150600.1.3.1
In the Linux kernel, the following vulnerability has been resolved: can: hi311x: populate ndo_change_mtu() to prevent buffer overflow Sending an PF_PACKET allows to bypass the CAN framework logic and to directly reach the xmit() function of a CAN driver. The only check which is
- CVE-2025-39986Oct 15, 2025affected < 1-150600.1.3.1fixed 1-150600.1.3.1
In the Linux kernel, the following vulnerability has been resolved: can: sun4i_can: populate ndo_change_mtu() to prevent buffer overflow Sending an PF_PACKET allows to bypass the CAN framework logic and to directly reach the xmit() function of a CAN driver. The only check which
- CVE-2025-39985Oct 15, 2025affected < 1-150600.1.3.1fixed 1-150600.1.3.1
In the Linux kernel, the following vulnerability has been resolved: can: mcba_usb: populate ndo_change_mtu() to prevent buffer overflow Sending an PF_PACKET allows to bypass the CAN framework logic and to directly reach the xmit() function of a CAN driver. The only check which
- CVE-2025-39982Oct 15, 2025affected < 1-150600.1.3.1fixed 1-150600.1.3.1
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: Fix UAF in hci_acl_create_conn_sync This fixes the following UFA in hci_acl_create_conn_sync where a connection still pending is command submission (conn->state == BT_OPEN) maybe freed, al
- CVE-2025-39981Oct 15, 2025affected < 1-150600.1.3.1fixed 1-150600.1.3.1
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix possible UAFs This attemps to fix possible UAFs caused by struct mgmt_pending being freed while still being processed like in the following trace, in order to fix mgmt_pending_valid is intr
- CVE-2025-39978Oct 15, 2025affected < 1-150600.1.3.1fixed 1-150600.1.3.1
In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: Fix potential use after free in otx2_tc_add_flow() This code calls kfree_rcu(new_node, rcu) and then dereferences "new_node" and then dereferences it on the next line. Two lines later, we take a
- CVE-2025-39973Oct 15, 2025affected < 1-150600.1.3.1fixed 1-150600.1.3.1
In the Linux kernel, the following vulnerability has been resolved: i40e: add validation for ring_len param The `ring_len` parameter provided by the virtual function (VF) is assigned directly to the hardware memory context (HMC) without any validation. To address this, introdu
- CVE-2025-39972Oct 15, 2025affected < 1-150600.1.3.1fixed 1-150600.1.3.1
In the Linux kernel, the following vulnerability has been resolved: i40e: fix idx validation in i40e_validate_queue_map Ensure idx is within range of active/initialized TCs when iterating over vf->ch[idx] in i40e_validate_queue_map().
- CVE-2025-39971Oct 15, 2025affected < 1-150600.1.3.1fixed 1-150600.1.3.1
In the Linux kernel, the following vulnerability has been resolved: i40e: fix idx validation in config queues msg Ensure idx is within range of active/initialized TCs when iterating over vf->ch[idx] in i40e_vc_config_queues_msg().
- CVE-2025-39970Oct 15, 2025affected < 1-150600.1.3.1fixed 1-150600.1.3.1
In the Linux kernel, the following vulnerability has been resolved: i40e: fix input validation logic for action_meta Fix condition to check 'greater or equal' to prevent OOB dereference.
- CVE-2025-39969Oct 15, 2025affected < 1-150600.1.3.1fixed 1-150600.1.3.1
In the Linux kernel, the following vulnerability has been resolved: i40e: fix validation of VF state in get resources VF state I40E_VF_STATE_ACTIVE is not the only state in which VF is actually active so it should not be used to determine if a VF is allowed to obtain resources.
- CVE-2025-39968Oct 15, 2025affected < 1-150600.1.3.1fixed 1-150600.1.3.1
In the Linux kernel, the following vulnerability has been resolved: i40e: add max boundary check for VF filters There is no check for max filters that VF can request. Add it.
- CVE-2025-39967Oct 15, 2025affected < 1-150600.1.3.1fixed 1-150600.1.3.1
In the Linux kernel, the following vulnerability has been resolved: fbcon: fix integer overflow in fbcon_do_set_font Fix integer overflow vulnerabilities in fbcon_do_set_font() where font size calculations could overflow when handling user-controlled font parameters. The vulne
- CVE-2025-39965Oct 13, 2025affected < 1-150600.1.3.1fixed 1-150600.1.3.1
In the Linux kernel, the following vulnerability has been resolved: xfrm: xfrm_alloc_spi shouldn't use 0 as SPI x->id.spi == 0 means "no SPI assigned", but since commit 94f39804d891 ("xfrm: Duplicate SPI Handling"), we now create states and add them to the byspi list with this
- CVE-2025-39957Oct 9, 2025affected < 1-150600.1.3.1fixed 1-150600.1.3.1
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: increase scan_ies_len for S1G Currently the S1G capability element is not taken into account for the scan_ies_len, which leads to a buffer length validation failure in ieee80211_prep_hw_scan() a
- CVE-2025-39955Oct 9, 2025affected < 1-150600.1.3.1fixed 1-150600.1.3.1
In the Linux kernel, the following vulnerability has been resolved: tcp: Clear tcp_sk(sk)->fastopen_rsk in tcp_disconnect(). syzbot reported the splat below where a socket had tcp_sk(sk)->fastopen_rsk in the TCP_ESTABLISHED state. [0] syzbot reused the server-side TCP Fast Ope
- affected < 1-150600.1.3.1fixed 1-150600.1.3.1
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: call disconnect callback before deleting conn In hci_cs_disconnect, we do hci_conn_del even if disconnection failed. ISO, L2CAP and SCO connections refer to the hci_conn without hci_conn_
- CVE-2023-53687Oct 7, 2025affected < 1-150600.1.3.1fixed 1-150600.1.3.1
In the Linux kernel, the following vulnerability has been resolved: tty: serial: samsung_tty: Fix a memory leak in s3c24xx_serial_getclk() when iterating clk When the best clk is searched, we iterate over all possible clk. If we find a better match, the previous one, if any, n
- CVE-2023-53686Oct 7, 2025affected < 1-150600.1.3.1fixed 1-150600.1.3.1
In the Linux kernel, the following vulnerability has been resolved: net/handshake: fix null-ptr-deref in handshake_nl_done_doit() We should not call trace_handshake_cmd_done_err() if socket lookup has failed. Also we should call trace_handshake_cmd_done_err() before releasing
- CVE-2023-53681Oct 7, 2025affected < 1-150600.1.3.1fixed 1-150600.1.3.1
In the Linux kernel, the following vulnerability has been resolved: bcache: Fix __bch_btree_node_alloc to make the failure behavior consistent In some specific situations, the return value of __bch_btree_node_alloc may be NULL. This may lead to a potential NULL pointer derefere
Page 4 of 10