rpm package
suse/kernel-livepatch-SLE15-SP6_Update_13&distro=SUSE Linux Enterprise Live Patching 15 SP6
pkg:rpm/suse/kernel-livepatch-SLE15-SP6_Update_13&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP6
Vulnerabilities (141)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-53676 | — | < 9-150600.2.1 | 9-150600.2.1 | Oct 7, 2025 | In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show() The function lio_target_nacl_info_show() uses sprintf() in a loop to print details for every iSCSI connection in a session without checkin | ||
| CVE-2025-39742 | Med | 5.5 | < 10-150600.2.1 | 10-150600.2.1 | Sep 11, 2025 | In the Linux kernel, the following vulnerability has been resolved: RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask() The function divides number of online CPUs by num_core_siblings, and later checks the divider by zero. This implies a possibility to get and divi | |
| CVE-2025-39682 | Hig | 7.1 | < 9-150600.2.1 | 9-150600.2.1 | Sep 5, 2025 | In the Linux kernel, the following vulnerability has been resolved: tls: fix handling of zero-length records on the rx_list Each recvmsg() call must process either - only contiguous DATA records (any number of them) - one non-DATA record If the next record has different type | |
| CVE-2025-38678 | — | < 6-150600.2.1 | 6-150600.2.1 | Sep 3, 2025 | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: reject duplicate device on updates A chain/flowtable update with duplicated devices in the same batch is possible. Unfortunately, netdev event path only removes the first device that is fo | ||
| CVE-2025-38664 | — | < 7-150600.4.1 | 7-150600.4.1 | Aug 22, 2025 | In the Linux kernel, the following vulnerability has been resolved: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() Add check for the return value of devm_kmemdup() to prevent potential null pointer dereference. | ||
| CVE-2025-38644 | — | < 6-150600.2.1 | 6-150600.2.1 | Aug 22, 2025 | In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: reject TDLS operations when station is not associated syzbot triggered a WARN in ieee80211_tdls_oper() by sending NL80211_TDLS_ENABLE_LINK immediately after NL80211_CMD_CONNECT, before associati | ||
| CVE-2025-38618 | — | < 7-150600.4.1 | 7-150600.4.1 | Aug 22, 2025 | In the Linux kernel, the following vulnerability has been resolved: vsock: Do not allow binding to VMADDR_PORT_ANY It is possible for a vsock to autobind to VMADDR_PORT_ANY. This can cause a use-after-free when a connection is made to the bound socket. The socket returned by ac | ||
| CVE-2025-38617 | — | < 7-150600.4.1 | 7-150600.4.1 | Aug 22, 2025 | In the Linux kernel, the following vulnerability has been resolved: net/packet: fix a race in packet_set_ring() and packet_notifier() When packet_set_ring() releases po->bind_lock, another thread can run packet_notifier() and process an NETDEV_UP event. This race and the fix a | ||
| CVE-2025-38616 | — | < 8-150600.2.1 | 8-150600.2.1 | Aug 22, 2025 | In the Linux kernel, the following vulnerability has been resolved: tls: handle data disappearing from under the TLS ULP TLS expects that it owns the receive queue of the TCP socket. This cannot be guaranteed in case the reader of the TCP socket entered before the TLS ULP was i | ||
| CVE-2025-38608 | — | < 9-150600.2.1 | 9-150600.2.1 | Aug 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls When sending plaintext data, we initially calculated the corresponding ciphertext length. However, if we later reduced the plaintext data len | ||
| CVE-2025-38588 | — | < 9-150600.2.1 | 9-150600.2.1 | Aug 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent infinite loop in rt6_nlmsg_size() While testing prior patch, I was able to trigger an infinite loop in rt6_nlmsg_size() in the following place: list_for_each_entry_rcu(sibling, &f6i->fib6_sibling | ||
| CVE-2025-38572 | — | < 9-150600.2.1 | 9-150600.2.1 | Aug 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: ipv6: reject malicious packets in ipv6_gso_segment() syzbot was able to craft a packet with very long IPv6 extension headers leading to an overflow of skb->transport_header. This 16bit field has a limited rang | ||
| CVE-2025-38566 | — | < 6-150600.2.1 | 6-150600.2.1 | Aug 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix handling of server side tls alerts Scott Mayhew discovered a security exploit in NFS over TLS in tls_alert_recv() due to its assumption it can read data from the msg iterator's kvec.. kTLS implemen | ||
| CVE-2025-38555 | — | < 4-150600.2.1 | 4-150600.2.1 | Aug 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: usb: gadget : fix use-after-free in composite_dev_cleanup() 1. In func configfs_composite_bind() -> composite_os_desc_req_prepare(): if kmalloc fails, the pointer cdev->os_desc_req will be freed but not set to | ||
| CVE-2025-38500 | — | < 8-150600.2.1 | 8-150600.2.1 | Aug 12, 2025 | In the Linux kernel, the following vulnerability has been resolved: xfrm: interface: fix use-after-free after changing collect_md xfrm interface collect_md property on xfrm interfaces can only be set on device creation, thus xfrmi_changelink() should fail when called on such in | ||
| CVE-2025-38499 | Med | 5.5 | < 6-150600.2.1 | 6-150600.2.1 | Aug 11, 2025 | In the Linux kernel, the following vulnerability has been resolved: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns What we want is to verify there is that clone won't expose something hidden by a mount we wouldn't be able to undo. "Wouldn't be | |
| CVE-2025-38498 | Med | 5.5 | < 4-150600.2.1 | 4-150600.2.1 | Jul 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: do_change_type(): refuse to operate on unmounted/not ours mounts Ensure that propagation settings can only be changed for mounts located in the caller's mount namespace. This change aligns permission checking w | |
| CVE-2025-38477 | Med | 4.7 | < 5-150600.2.1 | 5-150600.2.1 | Jul 28, 2025 | In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_qfq: Fix race condition on qfq_aggregate A race condition can occur when 'agg' is modified in qfq_change_agg (called during qfq_enqueue) while other threads access it concurrently. For example, q | |
| CVE-2025-38471 | Hig | 7.8 | < 6-150600.2.1 | 6-150600.2.1 | Jul 28, 2025 | In the Linux kernel, the following vulnerability has been resolved: tls: always refresh the queue when reading sock After recent changes in net-next TCP compacts skbs much more aggressively. This unearthed a bug in TLS where we may try to operate on an old skb when checking if | |
| CVE-2025-38495 | — | < 2-150600.2.1 | 2-150600.2.1 | Jul 28, 2025 | In the Linux kernel, the following vulnerability has been resolved: HID: core: ensure the allocated report buffer can contain the reserved report ID When the report ID is not used, the low level transport drivers expect the first byte to be 0. However, currently the allocated b |
- CVE-2023-53676Oct 7, 2025affected < 9-150600.2.1fixed 9-150600.2.1
In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show() The function lio_target_nacl_info_show() uses sprintf() in a loop to print details for every iSCSI connection in a session without checkin
- affected < 10-150600.2.1fixed 10-150600.2.1
In the Linux kernel, the following vulnerability has been resolved: RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask() The function divides number of online CPUs by num_core_siblings, and later checks the divider by zero. This implies a possibility to get and divi
- affected < 9-150600.2.1fixed 9-150600.2.1
In the Linux kernel, the following vulnerability has been resolved: tls: fix handling of zero-length records on the rx_list Each recvmsg() call must process either - only contiguous DATA records (any number of them) - one non-DATA record If the next record has different type
- CVE-2025-38678Sep 3, 2025affected < 6-150600.2.1fixed 6-150600.2.1
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: reject duplicate device on updates A chain/flowtable update with duplicated devices in the same batch is possible. Unfortunately, netdev event path only removes the first device that is fo
- CVE-2025-38664Aug 22, 2025affected < 7-150600.4.1fixed 7-150600.4.1
In the Linux kernel, the following vulnerability has been resolved: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() Add check for the return value of devm_kmemdup() to prevent potential null pointer dereference.
- CVE-2025-38644Aug 22, 2025affected < 6-150600.2.1fixed 6-150600.2.1
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: reject TDLS operations when station is not associated syzbot triggered a WARN in ieee80211_tdls_oper() by sending NL80211_TDLS_ENABLE_LINK immediately after NL80211_CMD_CONNECT, before associati
- CVE-2025-38618Aug 22, 2025affected < 7-150600.4.1fixed 7-150600.4.1
In the Linux kernel, the following vulnerability has been resolved: vsock: Do not allow binding to VMADDR_PORT_ANY It is possible for a vsock to autobind to VMADDR_PORT_ANY. This can cause a use-after-free when a connection is made to the bound socket. The socket returned by ac
- CVE-2025-38617Aug 22, 2025affected < 7-150600.4.1fixed 7-150600.4.1
In the Linux kernel, the following vulnerability has been resolved: net/packet: fix a race in packet_set_ring() and packet_notifier() When packet_set_ring() releases po->bind_lock, another thread can run packet_notifier() and process an NETDEV_UP event. This race and the fix a
- CVE-2025-38616Aug 22, 2025affected < 8-150600.2.1fixed 8-150600.2.1
In the Linux kernel, the following vulnerability has been resolved: tls: handle data disappearing from under the TLS ULP TLS expects that it owns the receive queue of the TCP socket. This cannot be guaranteed in case the reader of the TCP socket entered before the TLS ULP was i
- CVE-2025-38608Aug 19, 2025affected < 9-150600.2.1fixed 9-150600.2.1
In the Linux kernel, the following vulnerability has been resolved: bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls When sending plaintext data, we initially calculated the corresponding ciphertext length. However, if we later reduced the plaintext data len
- CVE-2025-38588Aug 19, 2025affected < 9-150600.2.1fixed 9-150600.2.1
In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent infinite loop in rt6_nlmsg_size() While testing prior patch, I was able to trigger an infinite loop in rt6_nlmsg_size() in the following place: list_for_each_entry_rcu(sibling, &f6i->fib6_sibling
- CVE-2025-38572Aug 19, 2025affected < 9-150600.2.1fixed 9-150600.2.1
In the Linux kernel, the following vulnerability has been resolved: ipv6: reject malicious packets in ipv6_gso_segment() syzbot was able to craft a packet with very long IPv6 extension headers leading to an overflow of skb->transport_header. This 16bit field has a limited rang
- CVE-2025-38566Aug 19, 2025affected < 6-150600.2.1fixed 6-150600.2.1
In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix handling of server side tls alerts Scott Mayhew discovered a security exploit in NFS over TLS in tls_alert_recv() due to its assumption it can read data from the msg iterator's kvec.. kTLS implemen
- CVE-2025-38555Aug 19, 2025affected < 4-150600.2.1fixed 4-150600.2.1
In the Linux kernel, the following vulnerability has been resolved: usb: gadget : fix use-after-free in composite_dev_cleanup() 1. In func configfs_composite_bind() -> composite_os_desc_req_prepare(): if kmalloc fails, the pointer cdev->os_desc_req will be freed but not set to
- CVE-2025-38500Aug 12, 2025affected < 8-150600.2.1fixed 8-150600.2.1
In the Linux kernel, the following vulnerability has been resolved: xfrm: interface: fix use-after-free after changing collect_md xfrm interface collect_md property on xfrm interfaces can only be set on device creation, thus xfrmi_changelink() should fail when called on such in
- affected < 6-150600.2.1fixed 6-150600.2.1
In the Linux kernel, the following vulnerability has been resolved: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns What we want is to verify there is that clone won't expose something hidden by a mount we wouldn't be able to undo. "Wouldn't be
- affected < 4-150600.2.1fixed 4-150600.2.1
In the Linux kernel, the following vulnerability has been resolved: do_change_type(): refuse to operate on unmounted/not ours mounts Ensure that propagation settings can only be changed for mounts located in the caller's mount namespace. This change aligns permission checking w
- affected < 5-150600.2.1fixed 5-150600.2.1
In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_qfq: Fix race condition on qfq_aggregate A race condition can occur when 'agg' is modified in qfq_change_agg (called during qfq_enqueue) while other threads access it concurrently. For example, q
- affected < 6-150600.2.1fixed 6-150600.2.1
In the Linux kernel, the following vulnerability has been resolved: tls: always refresh the queue when reading sock After recent changes in net-next TCP compacts skbs much more aggressively. This unearthed a bug in TLS where we may try to operate on an old skb when checking if
- CVE-2025-38495Jul 28, 2025affected < 2-150600.2.1fixed 2-150600.2.1
In the Linux kernel, the following vulnerability has been resolved: HID: core: ensure the allocated report buffer can contain the reserved report ID When the report ID is not used, the low level transport drivers expect the first byte to be 0. However, currently the allocated b
Page 2 of 8