rpm package
suse/kernel-livepatch-SLE15-SP6-RT_Update_17&distro=SUSE Linux Enterprise Live Patching 15 SP6
pkg:rpm/suse/kernel-livepatch-SLE15-SP6-RT_Update_17&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP6
Vulnerabilities (190)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-53600 | — | < 1-150600.1.3.1 | 1-150600.1.3.1 | Oct 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: tunnels: fix kasan splat when generating ipv4 pmtu error If we try to emit an icmp error in response to a nonliner skb, we get BUG: KASAN: slab-out-of-bounds in ip_compute_csum+0x134/0x220 Read of size 4 at ad | ||
| CVE-2023-53599 | — | < 1-150600.1.3.1 | 1-150600.1.3.1 | Oct 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: crypto: af_alg - Fix missing initialisation affecting gcm-aes-s390 Fix af_alg_alloc_areq() to initialise areq->first_rsgl.sgl.sgt.sgl to point to the scatterlist array in areq->first_rsgl.sgl.sgl. Without this | ||
| CVE-2023-53597 | — | < 1-150600.1.3.1 | 1-150600.1.3.1 | Oct 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: cifs: fix mid leak during reconnection after timeout threshold When the number of responses with status of STATUS_IO_TIMEOUT exceeds a specified threshold (NUM_STATUS_IO_TIMEOUT), we reconnect the connection. B | ||
| CVE-2023-53596 | — | < 1-150600.1.3.1 | 1-150600.1.3.1 | Oct 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: drivers: base: Free devm resources when unregistering a device In the current code, devres_release_all() only gets called if the device has a bus and has been probed. This leads to issues when using bus-less o | ||
| CVE-2023-53593 | — | < 1-150600.1.3.1 | 1-150600.1.3.1 | Oct 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: cifs: Release folio lock on fscache read hit. Under the current code, when cifs_readpage_worker is called, the call contract is that the callee should unlock the page. This is documented in the read_folio secti | ||
| CVE-2023-53588 | — | < 1-150600.1.3.1 | 1-150600.1.3.1 | Oct 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: check for station first in client probe When probing a client, first check if we have it, and then check for the channel context, otherwise you can trigger the warning there easily by probing wh | ||
| CVE-2023-53585 | — | < 1-150600.1.3.1 | 1-150600.1.3.1 | Oct 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: bpf: reject unhashed sockets in bpf_sk_assign The semantics for bpf_sk_assign are as follows: sk = some_lookup_func() bpf_sk_assign(skb, sk) bpf_sk_release(sk) That is, the sk is not consumed by b | ||
| CVE-2023-53583 | — | < 1-150600.1.3.1 | 1-150600.1.3.1 | Oct 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: perf: RISC-V: Remove PERF_HES_STOPPED flag checking in riscv_pmu_start() Since commit 096b52fd2bb4 ("perf: RISC-V: throttle perf events") the perf_sample_event_took() function was added to report time spent in | ||
| CVE-2023-53581 | — | < 1-150600.1.3.1 | 1-150600.1.3.1 | Oct 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Check for NOT_READY flag state after locking Currently the check for NOT_READY flag is performed before obtaining the necessary lock. This opens a possibility for race condition when the flow is conc | ||
| CVE-2023-53580 | — | < 1-150600.1.3.1 | 1-150600.1.3.1 | Oct 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: USB: Gadget: core: Help prevent panic during UVC unconfigure Avichal Rakesh reported a kernel panic that occurred when the UVC gadget driver was removed from a gadget's configuration. The panic involves a some | ||
| CVE-2023-53579 | — | < 1-150600.1.3.1 | 1-150600.1.3.1 | Oct 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: gpio: mvebu: fix irq domain leak Uwe Kleine-König pointed out we still have one resource leak in the mvebu driver triggered on driver detach. Let's address it with a custom devm action. | ||
| CVE-2023-53577 | — | < 1-150600.1.3.1 | 1-150600.1.3.1 | Oct 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: bpf, cpumap: Make sure kthread is running before map update returns The following warning was reported when running stress-mode enabled xdp_redirect_cpu with some RT threads: ------------[ cut here ]-------- | ||
| CVE-2023-53575 | — | < 1-150600.1.3.1 | 1-150600.1.3.1 | Oct 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: fix potential array out of bounds access Account for IWL_SEC_WEP_KEY_OFFSET when needed while verifying key_len size in iwl_mvm_sec_key_add(). | ||
| CVE-2023-53574 | — | < 1-150600.1.3.1 | 1-150600.1.3.1 | Oct 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: delete timer and free skb queue when unloading Fix possible crash and memory leak on driver unload by deleting TX purge timer and freeing C2H queue in 'rtw_core_deinit()', shrink critical section i | ||
| CVE-2023-53572 | — | < 1-150600.1.3.1 | 1-150600.1.3.1 | Oct 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: clk: imx: scu: use _safe list iterator to avoid a use after free This loop is freeing "clk" so it needs to use list_for_each_entry_safe(). Otherwise it dereferences a freed variable to get the next item on the | ||
| CVE-2023-53570 | — | < 1-150600.1.3.1 | 1-150600.1.3.1 | Oct 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: fix integer overflow in nl80211_parse_mbssid_elems() nl80211_parse_mbssid_elems() uses a u8 variable num_elems to count the number of MBSSID elements in the nested netlink attribute attrs, which | ||
| CVE-2023-53568 | — | < 1-150600.1.3.1 | 1-150600.1.3.1 | Oct 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: s390/zcrypt: don't leak memory if dev_set_name() fails When dev_set_name() fails, zcdn_create() doesn't free the newly allocated resources. Do it. | ||
| CVE-2023-53563 | — | < 1-150600.1.3.1 | 1-150600.1.3.1 | Oct 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: cpufreq: amd-pstate-ut: Fix kernel panic when loading the driver After loading the amd-pstate-ut driver, amd_pstate_ut_check_perf() and amd_pstate_ut_check_freq() use cpufreq_cpu_get() to get the policy of the | ||
| CVE-2023-53560 | — | < 1-150600.1.3.1 | 1-150600.1.3.1 | Oct 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: tracing/histograms: Add histograms to hist_vars if they have referenced variables Hist triggers can have referenced variables without having direct variables fields. This can be the case if referenced variables | ||
| CVE-2023-53559 | — | < 1-150600.1.3.1 | 1-150600.1.3.1 | Oct 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: ip_vti: fix potential slab-use-after-free in decode_session6 When ip_vti device is set to the qdisc of the sfb type, the cb field of the sent skb may be modified during enqueuing. Then, slab-use-after-free may |
- CVE-2023-53600Oct 4, 2025affected < 1-150600.1.3.1fixed 1-150600.1.3.1
In the Linux kernel, the following vulnerability has been resolved: tunnels: fix kasan splat when generating ipv4 pmtu error If we try to emit an icmp error in response to a nonliner skb, we get BUG: KASAN: slab-out-of-bounds in ip_compute_csum+0x134/0x220 Read of size 4 at ad
- CVE-2023-53599Oct 4, 2025affected < 1-150600.1.3.1fixed 1-150600.1.3.1
In the Linux kernel, the following vulnerability has been resolved: crypto: af_alg - Fix missing initialisation affecting gcm-aes-s390 Fix af_alg_alloc_areq() to initialise areq->first_rsgl.sgl.sgt.sgl to point to the scatterlist array in areq->first_rsgl.sgl.sgl. Without this
- CVE-2023-53597Oct 4, 2025affected < 1-150600.1.3.1fixed 1-150600.1.3.1
In the Linux kernel, the following vulnerability has been resolved: cifs: fix mid leak during reconnection after timeout threshold When the number of responses with status of STATUS_IO_TIMEOUT exceeds a specified threshold (NUM_STATUS_IO_TIMEOUT), we reconnect the connection. B
- CVE-2023-53596Oct 4, 2025affected < 1-150600.1.3.1fixed 1-150600.1.3.1
In the Linux kernel, the following vulnerability has been resolved: drivers: base: Free devm resources when unregistering a device In the current code, devres_release_all() only gets called if the device has a bus and has been probed. This leads to issues when using bus-less o
- CVE-2023-53593Oct 4, 2025affected < 1-150600.1.3.1fixed 1-150600.1.3.1
In the Linux kernel, the following vulnerability has been resolved: cifs: Release folio lock on fscache read hit. Under the current code, when cifs_readpage_worker is called, the call contract is that the callee should unlock the page. This is documented in the read_folio secti
- CVE-2023-53588Oct 4, 2025affected < 1-150600.1.3.1fixed 1-150600.1.3.1
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: check for station first in client probe When probing a client, first check if we have it, and then check for the channel context, otherwise you can trigger the warning there easily by probing wh
- CVE-2023-53585Oct 4, 2025affected < 1-150600.1.3.1fixed 1-150600.1.3.1
In the Linux kernel, the following vulnerability has been resolved: bpf: reject unhashed sockets in bpf_sk_assign The semantics for bpf_sk_assign are as follows: sk = some_lookup_func() bpf_sk_assign(skb, sk) bpf_sk_release(sk) That is, the sk is not consumed by b
- CVE-2023-53583Oct 4, 2025affected < 1-150600.1.3.1fixed 1-150600.1.3.1
In the Linux kernel, the following vulnerability has been resolved: perf: RISC-V: Remove PERF_HES_STOPPED flag checking in riscv_pmu_start() Since commit 096b52fd2bb4 ("perf: RISC-V: throttle perf events") the perf_sample_event_took() function was added to report time spent in
- CVE-2023-53581Oct 4, 2025affected < 1-150600.1.3.1fixed 1-150600.1.3.1
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Check for NOT_READY flag state after locking Currently the check for NOT_READY flag is performed before obtaining the necessary lock. This opens a possibility for race condition when the flow is conc
- CVE-2023-53580Oct 4, 2025affected < 1-150600.1.3.1fixed 1-150600.1.3.1
In the Linux kernel, the following vulnerability has been resolved: USB: Gadget: core: Help prevent panic during UVC unconfigure Avichal Rakesh reported a kernel panic that occurred when the UVC gadget driver was removed from a gadget's configuration. The panic involves a some
- CVE-2023-53579Oct 4, 2025affected < 1-150600.1.3.1fixed 1-150600.1.3.1
In the Linux kernel, the following vulnerability has been resolved: gpio: mvebu: fix irq domain leak Uwe Kleine-König pointed out we still have one resource leak in the mvebu driver triggered on driver detach. Let's address it with a custom devm action.
- CVE-2023-53577Oct 4, 2025affected < 1-150600.1.3.1fixed 1-150600.1.3.1
In the Linux kernel, the following vulnerability has been resolved: bpf, cpumap: Make sure kthread is running before map update returns The following warning was reported when running stress-mode enabled xdp_redirect_cpu with some RT threads: ------------[ cut here ]--------
- CVE-2023-53575Oct 4, 2025affected < 1-150600.1.3.1fixed 1-150600.1.3.1
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: fix potential array out of bounds access Account for IWL_SEC_WEP_KEY_OFFSET when needed while verifying key_len size in iwl_mvm_sec_key_add().
- CVE-2023-53574Oct 4, 2025affected < 1-150600.1.3.1fixed 1-150600.1.3.1
In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: delete timer and free skb queue when unloading Fix possible crash and memory leak on driver unload by deleting TX purge timer and freeing C2H queue in 'rtw_core_deinit()', shrink critical section i
- CVE-2023-53572Oct 4, 2025affected < 1-150600.1.3.1fixed 1-150600.1.3.1
In the Linux kernel, the following vulnerability has been resolved: clk: imx: scu: use _safe list iterator to avoid a use after free This loop is freeing "clk" so it needs to use list_for_each_entry_safe(). Otherwise it dereferences a freed variable to get the next item on the
- CVE-2023-53570Oct 4, 2025affected < 1-150600.1.3.1fixed 1-150600.1.3.1
In the Linux kernel, the following vulnerability has been resolved: wifi: nl80211: fix integer overflow in nl80211_parse_mbssid_elems() nl80211_parse_mbssid_elems() uses a u8 variable num_elems to count the number of MBSSID elements in the nested netlink attribute attrs, which
- CVE-2023-53568Oct 4, 2025affected < 1-150600.1.3.1fixed 1-150600.1.3.1
In the Linux kernel, the following vulnerability has been resolved: s390/zcrypt: don't leak memory if dev_set_name() fails When dev_set_name() fails, zcdn_create() doesn't free the newly allocated resources. Do it.
- CVE-2023-53563Oct 4, 2025affected < 1-150600.1.3.1fixed 1-150600.1.3.1
In the Linux kernel, the following vulnerability has been resolved: cpufreq: amd-pstate-ut: Fix kernel panic when loading the driver After loading the amd-pstate-ut driver, amd_pstate_ut_check_perf() and amd_pstate_ut_check_freq() use cpufreq_cpu_get() to get the policy of the
- CVE-2023-53560Oct 4, 2025affected < 1-150600.1.3.1fixed 1-150600.1.3.1
In the Linux kernel, the following vulnerability has been resolved: tracing/histograms: Add histograms to hist_vars if they have referenced variables Hist triggers can have referenced variables without having direct variables fields. This can be the case if referenced variables
- CVE-2023-53559Oct 4, 2025affected < 1-150600.1.3.1fixed 1-150600.1.3.1
In the Linux kernel, the following vulnerability has been resolved: ip_vti: fix potential slab-use-after-free in decode_session6 When ip_vti device is set to the qdisc of the sfb type, the cb field of the sent skb may be modified during enqueuing. Then, slab-use-after-free may
Page 7 of 10