rpm package
suse/kernel-livepatch-SLE15-SP6_Update_13&distro=SUSE Linux Enterprise Live Patching 15 SP6
pkg:rpm/suse/kernel-livepatch-SLE15-SP6_Update_13&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP6
Vulnerabilities (141)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-38494 | — | < 2-150600.2.1 | 2-150600.2.1 | Jul 28, 2025 | In the Linux kernel, the following vulnerability has been resolved: HID: core: do not bypass hid_hw_raw_request hid_hw_raw_request() is actually useful to ensure the provided buffer and length are valid. Directly calling in the low level transport driver function bypassed those | ||
| CVE-2025-38488 | — | < 11-150600.2.1 | 11-150600.2.1 | Jul 28, 2025 | In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free in crypt_message when using async crypto The CVE-2024-50047 fix removed asynchronous crypto handling from crypt_message(), assuming all crypto operations are synchronous. However | ||
| CVE-2025-38476 | — | < 9-150600.2.1 | 9-150600.2.1 | Jul 28, 2025 | In the Linux kernel, the following vulnerability has been resolved: rpl: Fix use-after-free in rpl_do_srh_inline(). Running lwt_dst_cache_ref_loop.sh in selftest with KASAN triggers the splat below [0]. rpl_do_srh_inline() fetches ipv6_hdr(skb) and accesses it after skb_cow_he | ||
| CVE-2025-38396 | — | < 6-150600.2.1 | 6-150600.2.1 | Jul 25, 2025 | In the Linux kernel, the following vulnerability has been resolved: fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass Export anon_inode_make_secure_inode() to allow KVM guest_memfd to create anonymous inodes with proper security context. This replaces the c | ||
| CVE-2025-38352 | — | KEV | < 10-150600.2.1 | 10-150600.2.1 | Jul 22, 2025 | In the Linux kernel, the following vulnerability has been resolved: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() If an exiting non-autoreaping task has already passed exit_notify() and calls handle_posix_cpu_timers() from IRQ, it can be | |
| CVE-2025-38212 | Hig | 7.8 | < 3-150600.2.1 | 3-150600.2.1 | Jul 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: ipc: fix to protect IPCS lookups using RCU syzbot reported that it discovered a use-after-free vulnerability, [0] [0]: https://lore.kernel.org/all/67af13f8.050a0220.21dd3.0038.GAE@google.com/ idr_for_each() i | |
| CVE-2025-38206 | — | < 6-150600.2.1 | 6-150600.2.1 | Jul 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: exfat: fix double free in delayed_free The double free could happen in the following path. exfat_create_upcase_table() exfat_create_upcase_table() : return error exfat_free_upcase_table() : fre | ||
| CVE-2025-38083 | Med | 4.7 | < 1-150600.13.6.4 | 1-150600.13.6.4 | Jun 20, 2025 | In the Linux kernel, the following vulnerability has been resolved: net_sched: prio: fix a race in prio_tune() Gerrard Tai reported a race condition in PRIO, whenever SFQ perturb timer fires at the wrong time. The race is as follows: CPU 0 CPU | |
| CVE-2025-38079 | Hig | 7.8 | < 1-150600.13.6.4 | 1-150600.13.6.4 | Jun 18, 2025 | In the Linux kernel, the following vulnerability has been resolved: crypto: algif_hash - fix double free in hash_accept If accept(2) is called on socket type algif_hash with MSG_MORE flag set and crypto_ahash_import fails, sk2 is freed. However, it is also freed in af_alg_relea | |
| CVE-2025-38081 | — | < 1-150600.13.6.4 | 1-150600.13.6.4 | Jun 18, 2025 | In the Linux kernel, the following vulnerability has been resolved: spi-rockchip: Fix register out of bounds access Do not write native chip select stuff for GPIO chip selects. GPIOs can be numbered much higher than native CS. Also, it makes no sense. | ||
| CVE-2025-38080 | — | < 1-150600.13.6.4 | 1-150600.13.6.4 | Jun 18, 2025 | In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Increase block_sequence array size [Why] It's possible to generate more than 50 steps in hwss_build_fast_sequence, for example with a 6-pipe asic where all pipes are in one MPC chain. This over | ||
| CVE-2025-38078 | — | < 1-150600.13.6.4 | 1-150600.13.6.4 | Jun 18, 2025 | In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Fix race of buffer access at PCM OSS layer The PCM OSS layer tries to clear the buffer with the silence data at initialization (or reconfiguration) of a stream with the explicit call of snd_pcm_forma | ||
| CVE-2025-38077 | — | < 1-150600.13.6.4 | 1-150600.13.6.4 | Jun 18, 2025 | In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-wmi-sysman: Avoid buffer overflow in current_password_store() If the 'buf' array received from the user contains an empty string, the 'length' variable will be zero. Accessing the 'buf' array | ||
| CVE-2025-38072 | — | < 1-150600.13.6.4 | 1-150600.13.6.4 | Jun 18, 2025 | In the Linux kernel, the following vulnerability has been resolved: libnvdimm/labels: Fix divide error in nd_label_data_init() If a faulty CXL memory device returns a broken zero LSA size in its memory device information (Identify Memory Device (Opcode 4000h), CXL spec. 3.1, 8. | ||
| CVE-2025-38068 | — | < 1-150600.13.6.4 | 1-150600.13.6.4 | Jun 18, 2025 | In the Linux kernel, the following vulnerability has been resolved: crypto: lzo - Fix compression buffer overrun Unlike the decompression code, the compression code in LZO never checked for output overruns. It instead assumes that the caller always provides enough buffer space | ||
| CVE-2025-38065 | — | < 1-150600.13.6.4 | 1-150600.13.6.4 | Jun 18, 2025 | In the Linux kernel, the following vulnerability has been resolved: orangefs: Do not truncate file size 'len' is used to store the result of i_size_read(), so making 'len' a size_t results in truncation to 4GiB on 32-bit systems. | ||
| CVE-2025-38060 | — | < 1-150600.13.6.4 | 1-150600.13.6.4 | Jun 18, 2025 | In the Linux kernel, the following vulnerability has been resolved: bpf: copy_verifier_state() should copy 'loop_entry' field The bpf_verifier_state.loop_entry state should be copied by copy_verifier_state(). Otherwise, .loop_entry values from unrelated states would poison env- | ||
| CVE-2025-38059 | — | < 1-150600.13.6.4 | 1-150600.13.6.4 | Jun 18, 2025 | In the Linux kernel, the following vulnerability has been resolved: btrfs: avoid NULL pointer dereference if no valid csum tree [BUG] When trying read-only scrub on a btrfs with rescue=idatacsums mount option, it will crash with the following call trace: BUG: kernel NULL poi | ||
| CVE-2025-38057 | — | < 1-150600.13.6.4 | 1-150600.13.6.4 | Jun 18, 2025 | In the Linux kernel, the following vulnerability has been resolved: espintcp: fix skb leaks A few error paths are missing a kfree_skb. | ||
| CVE-2025-38053 | — | < 1-150600.13.6.4 | 1-150600.13.6.4 | Jun 18, 2025 | In the Linux kernel, the following vulnerability has been resolved: idpf: fix null-ptr-deref in idpf_features_check idpf_features_check is used to validate the TX packet. skb header length is compared with the hardware supported value received from the device control plane. The |
- CVE-2025-38494Jul 28, 2025affected < 2-150600.2.1fixed 2-150600.2.1
In the Linux kernel, the following vulnerability has been resolved: HID: core: do not bypass hid_hw_raw_request hid_hw_raw_request() is actually useful to ensure the provided buffer and length are valid. Directly calling in the low level transport driver function bypassed those
- CVE-2025-38488Jul 28, 2025affected < 11-150600.2.1fixed 11-150600.2.1
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free in crypt_message when using async crypto The CVE-2024-50047 fix removed asynchronous crypto handling from crypt_message(), assuming all crypto operations are synchronous. However
- CVE-2025-38476Jul 28, 2025affected < 9-150600.2.1fixed 9-150600.2.1
In the Linux kernel, the following vulnerability has been resolved: rpl: Fix use-after-free in rpl_do_srh_inline(). Running lwt_dst_cache_ref_loop.sh in selftest with KASAN triggers the splat below [0]. rpl_do_srh_inline() fetches ipv6_hdr(skb) and accesses it after skb_cow_he
- CVE-2025-38396Jul 25, 2025affected < 6-150600.2.1fixed 6-150600.2.1
In the Linux kernel, the following vulnerability has been resolved: fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass Export anon_inode_make_secure_inode() to allow KVM guest_memfd to create anonymous inodes with proper security context. This replaces the c
- affected < 10-150600.2.1fixed 10-150600.2.1
In the Linux kernel, the following vulnerability has been resolved: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() If an exiting non-autoreaping task has already passed exit_notify() and calls handle_posix_cpu_timers() from IRQ, it can be
- affected < 3-150600.2.1fixed 3-150600.2.1
In the Linux kernel, the following vulnerability has been resolved: ipc: fix to protect IPCS lookups using RCU syzbot reported that it discovered a use-after-free vulnerability, [0] [0]: https://lore.kernel.org/all/67af13f8.050a0220.21dd3.0038.GAE@google.com/ idr_for_each() i
- CVE-2025-38206Jul 4, 2025affected < 6-150600.2.1fixed 6-150600.2.1
In the Linux kernel, the following vulnerability has been resolved: exfat: fix double free in delayed_free The double free could happen in the following path. exfat_create_upcase_table() exfat_create_upcase_table() : return error exfat_free_upcase_table() : fre
- affected < 1-150600.13.6.4fixed 1-150600.13.6.4
In the Linux kernel, the following vulnerability has been resolved: net_sched: prio: fix a race in prio_tune() Gerrard Tai reported a race condition in PRIO, whenever SFQ perturb timer fires at the wrong time. The race is as follows: CPU 0 CPU
- affected < 1-150600.13.6.4fixed 1-150600.13.6.4
In the Linux kernel, the following vulnerability has been resolved: crypto: algif_hash - fix double free in hash_accept If accept(2) is called on socket type algif_hash with MSG_MORE flag set and crypto_ahash_import fails, sk2 is freed. However, it is also freed in af_alg_relea
- CVE-2025-38081Jun 18, 2025affected < 1-150600.13.6.4fixed 1-150600.13.6.4
In the Linux kernel, the following vulnerability has been resolved: spi-rockchip: Fix register out of bounds access Do not write native chip select stuff for GPIO chip selects. GPIOs can be numbered much higher than native CS. Also, it makes no sense.
- CVE-2025-38080Jun 18, 2025affected < 1-150600.13.6.4fixed 1-150600.13.6.4
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Increase block_sequence array size [Why] It's possible to generate more than 50 steps in hwss_build_fast_sequence, for example with a 6-pipe asic where all pipes are in one MPC chain. This over
- CVE-2025-38078Jun 18, 2025affected < 1-150600.13.6.4fixed 1-150600.13.6.4
In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Fix race of buffer access at PCM OSS layer The PCM OSS layer tries to clear the buffer with the silence data at initialization (or reconfiguration) of a stream with the explicit call of snd_pcm_forma
- CVE-2025-38077Jun 18, 2025affected < 1-150600.13.6.4fixed 1-150600.13.6.4
In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-wmi-sysman: Avoid buffer overflow in current_password_store() If the 'buf' array received from the user contains an empty string, the 'length' variable will be zero. Accessing the 'buf' array
- CVE-2025-38072Jun 18, 2025affected < 1-150600.13.6.4fixed 1-150600.13.6.4
In the Linux kernel, the following vulnerability has been resolved: libnvdimm/labels: Fix divide error in nd_label_data_init() If a faulty CXL memory device returns a broken zero LSA size in its memory device information (Identify Memory Device (Opcode 4000h), CXL spec. 3.1, 8.
- CVE-2025-38068Jun 18, 2025affected < 1-150600.13.6.4fixed 1-150600.13.6.4
In the Linux kernel, the following vulnerability has been resolved: crypto: lzo - Fix compression buffer overrun Unlike the decompression code, the compression code in LZO never checked for output overruns. It instead assumes that the caller always provides enough buffer space
- CVE-2025-38065Jun 18, 2025affected < 1-150600.13.6.4fixed 1-150600.13.6.4
In the Linux kernel, the following vulnerability has been resolved: orangefs: Do not truncate file size 'len' is used to store the result of i_size_read(), so making 'len' a size_t results in truncation to 4GiB on 32-bit systems.
- CVE-2025-38060Jun 18, 2025affected < 1-150600.13.6.4fixed 1-150600.13.6.4
In the Linux kernel, the following vulnerability has been resolved: bpf: copy_verifier_state() should copy 'loop_entry' field The bpf_verifier_state.loop_entry state should be copied by copy_verifier_state(). Otherwise, .loop_entry values from unrelated states would poison env-
- CVE-2025-38059Jun 18, 2025affected < 1-150600.13.6.4fixed 1-150600.13.6.4
In the Linux kernel, the following vulnerability has been resolved: btrfs: avoid NULL pointer dereference if no valid csum tree [BUG] When trying read-only scrub on a btrfs with rescue=idatacsums mount option, it will crash with the following call trace: BUG: kernel NULL poi
- CVE-2025-38057Jun 18, 2025affected < 1-150600.13.6.4fixed 1-150600.13.6.4
In the Linux kernel, the following vulnerability has been resolved: espintcp: fix skb leaks A few error paths are missing a kfree_skb.
- CVE-2025-38053Jun 18, 2025affected < 1-150600.13.6.4fixed 1-150600.13.6.4
In the Linux kernel, the following vulnerability has been resolved: idpf: fix null-ptr-deref in idpf_features_check idpf_features_check is used to validate the TX packet. skb header length is compared with the hardware supported value received from the device control plane. The
Page 3 of 8