rpm package

suse/kernel-livepatch-SLE15-SP6_Update_13&distro=SUSE Linux Enterprise Live Patching 15 SP6

pkg:rpm/suse/kernel-livepatch-SLE15-SP6_Update_13&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP6

Vulnerabilities (141)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2025-38003		—	< 1-150600.13.6.4	1-150600.13.6.4	Jun 8, 2025	In the Linux kernel, the following vulnerability has been resolved: can: bcm: add missing rcu read protection for procfs content When the procfs content is generated for a bcm_op which is in the process to be removed the procfs output might show unreliable data (UAF). As the r
CVE-2025-38001		—	< 1-150600.13.6.4	1-150600.13.6.4	Jun 6, 2025	In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice Savino says: "We are writing to report that this recent patch (141d34391abbb315d68556b7c67ad97885407547) [1] can be bypassed,
CVE-2025-38000		—	< 1-150600.13.6.4	1-150600.13.6.4	Jun 6, 2025	In the Linux kernel, the following vulnerability has been resolved: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() When enqueuing the first packet to an HFSC class, hfsc_enqueue() calls the child qdisc's peek() operation before incrementing sch->q.qlen and
CVE-2025-37998		—	< 1-150600.13.6.4	1-150600.13.6.4	May 29, 2025	In the Linux kernel, the following vulnerability has been resolved: openvswitch: Fix unsafe attribute parsing in output_userspace() This patch replaces the manual Netlink attribute iteration in output_userspace() with nla_for_each_nested(), which ensures that only well-formed a
CVE-2025-37997		—	< 1-150600.13.6.4	1-150600.13.6.4	May 29, 2025	In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: fix region locking in hash types Region locking introduced in v5.6-rc4 contained three macros to handle the region locks: ahash_bucket_start(), ahash_bucket_end() which gave back the start and
CVE-2025-37995		—	< 1-150600.13.6.4	1-150600.13.6.4	May 29, 2025	In the Linux kernel, the following vulnerability has been resolved: module: ensure that kobject_put() is safe for module type kobjects In 'lookup_or_create_module_kobject()', an internal kobject is created using 'module_ktype'. So call to 'kobject_put()' on error handling path
CVE-2025-37994		—	< 1-150600.13.6.4	1-150600.13.6.4	May 29, 2025	In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: displayport: Fix NULL pointer access This patch ensures that the UCSI driver waits for all pending tasks in the ucsi_displayport_work workqueue to finish executing before proceeding with the p
CVE-2025-37992		—	< 1-150600.13.6.4	1-150600.13.6.4	May 26, 2025	In the Linux kernel, the following vulnerability has been resolved: net_sched: Flush gso_skb list too during ->change() Previously, when reducing a qdisc's limit via the ->change() operation, only the main skb queue was trimmed, potentially leaving packets in the gso_skb list.
CVE-2025-37968	Med	5.5	< 1-150600.13.6.4	1-150600.13.6.4	May 20, 2025	In the Linux kernel, the following vulnerability has been resolved: iio: light: opt3001: fix deadlock due to concurrent flag access The threaded IRQ function in this driver is reading the flag twice: once to lock a mutex and once to unlock it. Even though the code setting the f
CVE-2025-37987		—	< 1-150600.13.6.4	1-150600.13.6.4	May 20, 2025	In the Linux kernel, the following vulnerability has been resolved: pds_core: Prevent possible adminq overflow/stuck condition The pds_core's adminq is protected by the adminq_lock, which prevents more than 1 command to be posted onto it at any one time. This makes it so the cl
CVE-2025-37973		—	< 1-150600.13.6.4	1-150600.13.6.4	May 20, 2025	In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: fix out-of-bounds access during multi-link element defragmentation Currently during the multi-link element defragmentation process, the multi-link element length added to the total IEs length wh
CVE-2025-37967		—	< 1-150600.13.6.4	1-150600.13.6.4	May 20, 2025	In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: displayport: Fix deadlock This patch introduces the ucsi_con_mutex_lock / ucsi_con_mutex_unlock functions to the UCSI driver. ucsi_con_mutex_lock ensures the connector mutex is only locked if
CVE-2025-37945	Med	5.5	< 1-150600.13.6.4	1-150600.13.6.4	May 20, 2025	In the Linux kernel, the following vulnerability has been resolved: net: phy: allow MDIO bus PM ops to start/stop state machine for phylink-controlled PHY DSA has 2 kinds of drivers: 1. Those who call dsa_switch_suspend() and dsa_switch_resume() from their device PM ops: qc
CVE-2025-37961		—	< 1-150600.13.6.4	1-150600.13.6.4	May 20, 2025	In the Linux kernel, the following vulnerability has been resolved: ipvs: fix uninit-value for saddr in do_output_route4 syzbot reports for uninit-value for the saddr argument [1]. commit 4754957f04f5 ("ipvs: do not use random local source address for tunnels") already implies
CVE-2025-37946		—	< 1-150600.13.6.4	1-150600.13.6.4	May 20, 2025	In the Linux kernel, the following vulnerability has been resolved: s390/pci: Fix duplicate pci_dev_put() in disable_slot() when PF has child VFs With commit bcb5d6c76903 ("s390/pci: introduce lock to synchronize state of zpci_dev's") the code to ignore power off of a PF that h
CVE-2025-37938		—	< 1-150600.13.6.4	1-150600.13.6.4	May 20, 2025	In the Linux kernel, the following vulnerability has been resolved: tracing: Verify event formats that have "%*p.." The trace event verifier checks the formats of trace events to make sure that they do not point at memory that is not in the trace event itself or in data that wi
CVE-2025-37936		—	< 1-150600.13.6.4	1-150600.13.6.4	May 20, 2025	In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel: KVM: Mask PEBS_ENABLE loaded for guest with vCPU's value. When generating the MSR_IA32_PEBS_ENABLE value that will be loaded on VM-Entry to a KVM guest, mask the value with the vCPU's desired PE
CVE-2025-37933		—	< 1-150600.13.6.4	1-150600.13.6.4	May 20, 2025	In the Linux kernel, the following vulnerability has been resolved: octeon_ep: Fix host hang issue during device reboot When the host loses heartbeat messages from the device, the driver calls the device-specific ndo_stop function, which frees the resources. If the driver is un
CVE-2025-37927		—	< 1-150600.13.6.4	1-150600.13.6.4	May 20, 2025	In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Fix potential buffer overflow in parse_ivrs_acpihid There is a string parsing logic error which can lead to an overflow of hid or uid buffers. Comparing ACPIID_LEN against a total string length doesn
CVE-2025-37923		—	< 1-150600.13.6.4	1-150600.13.6.4	May 20, 2025	In the Linux kernel, the following vulnerability has been resolved: tracing: Fix oob write in trace_seq_to_buffer() syzbot reported this bug: ================================================================== BUG: KASAN: slab-out-of-bounds in trace_seq_to_buffer kernel/trace/tr

CVE-2025-38003Jun 8, 2025
affected < 1-150600.13.6.4fixed 1-150600.13.6.4
In the Linux kernel, the following vulnerability has been resolved: can: bcm: add missing rcu read protection for procfs content When the procfs content is generated for a bcm_op which is in the process to be removed the procfs output might show unreliable data (UAF). As the r
CVE-2025-38001Jun 6, 2025
affected < 1-150600.13.6.4fixed 1-150600.13.6.4
In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice Savino says: "We are writing to report that this recent patch (141d34391abbb315d68556b7c67ad97885407547) [1] can be bypassed,
CVE-2025-38000Jun 6, 2025
affected < 1-150600.13.6.4fixed 1-150600.13.6.4
In the Linux kernel, the following vulnerability has been resolved: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() When enqueuing the first packet to an HFSC class, hfsc_enqueue() calls the child qdisc's peek() operation before incrementing sch->q.qlen and
CVE-2025-37998May 29, 2025
affected < 1-150600.13.6.4fixed 1-150600.13.6.4
In the Linux kernel, the following vulnerability has been resolved: openvswitch: Fix unsafe attribute parsing in output_userspace() This patch replaces the manual Netlink attribute iteration in output_userspace() with nla_for_each_nested(), which ensures that only well-formed a
CVE-2025-37997May 29, 2025
affected < 1-150600.13.6.4fixed 1-150600.13.6.4
In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: fix region locking in hash types Region locking introduced in v5.6-rc4 contained three macros to handle the region locks: ahash_bucket_start(), ahash_bucket_end() which gave back the start and
CVE-2025-37995May 29, 2025
affected < 1-150600.13.6.4fixed 1-150600.13.6.4
In the Linux kernel, the following vulnerability has been resolved: module: ensure that kobject_put() is safe for module type kobjects In 'lookup_or_create_module_kobject()', an internal kobject is created using 'module_ktype'. So call to 'kobject_put()' on error handling path
CVE-2025-37994May 29, 2025
affected < 1-150600.13.6.4fixed 1-150600.13.6.4
In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: displayport: Fix NULL pointer access This patch ensures that the UCSI driver waits for all pending tasks in the ucsi_displayport_work workqueue to finish executing before proceeding with the p
CVE-2025-37992May 26, 2025
affected < 1-150600.13.6.4fixed 1-150600.13.6.4
In the Linux kernel, the following vulnerability has been resolved: net_sched: Flush gso_skb list too during ->change() Previously, when reducing a qdisc's limit via the ->change() operation, only the main skb queue was trimmed, potentially leaving packets in the gso_skb list.
CVE-2025-37968MedMay 20, 2025
affected < 1-150600.13.6.4fixed 1-150600.13.6.4
In the Linux kernel, the following vulnerability has been resolved: iio: light: opt3001: fix deadlock due to concurrent flag access The threaded IRQ function in this driver is reading the flag twice: once to lock a mutex and once to unlock it. Even though the code setting the f
CVE-2025-37987May 20, 2025
affected < 1-150600.13.6.4fixed 1-150600.13.6.4
In the Linux kernel, the following vulnerability has been resolved: pds_core: Prevent possible adminq overflow/stuck condition The pds_core's adminq is protected by the adminq_lock, which prevents more than 1 command to be posted onto it at any one time. This makes it so the cl
CVE-2025-37973May 20, 2025
affected < 1-150600.13.6.4fixed 1-150600.13.6.4
In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: fix out-of-bounds access during multi-link element defragmentation Currently during the multi-link element defragmentation process, the multi-link element length added to the total IEs length wh
CVE-2025-37967May 20, 2025
affected < 1-150600.13.6.4fixed 1-150600.13.6.4
In the Linux kernel, the following vulnerability has been resolved: usb: typec: ucsi: displayport: Fix deadlock This patch introduces the ucsi_con_mutex_lock / ucsi_con_mutex_unlock functions to the UCSI driver. ucsi_con_mutex_lock ensures the connector mutex is only locked if
CVE-2025-37945MedMay 20, 2025
affected < 1-150600.13.6.4fixed 1-150600.13.6.4
In the Linux kernel, the following vulnerability has been resolved: net: phy: allow MDIO bus PM ops to start/stop state machine for phylink-controlled PHY DSA has 2 kinds of drivers: 1. Those who call dsa_switch_suspend() and dsa_switch_resume() from their device PM ops: qc
CVE-2025-37961May 20, 2025
affected < 1-150600.13.6.4fixed 1-150600.13.6.4
In the Linux kernel, the following vulnerability has been resolved: ipvs: fix uninit-value for saddr in do_output_route4 syzbot reports for uninit-value for the saddr argument [1]. commit 4754957f04f5 ("ipvs: do not use random local source address for tunnels") already implies
CVE-2025-37946May 20, 2025
affected < 1-150600.13.6.4fixed 1-150600.13.6.4
In the Linux kernel, the following vulnerability has been resolved: s390/pci: Fix duplicate pci_dev_put() in disable_slot() when PF has child VFs With commit bcb5d6c76903 ("s390/pci: introduce lock to synchronize state of zpci_dev's") the code to ignore power off of a PF that h
CVE-2025-37938May 20, 2025
affected < 1-150600.13.6.4fixed 1-150600.13.6.4
In the Linux kernel, the following vulnerability has been resolved: tracing: Verify event formats that have "%*p.." The trace event verifier checks the formats of trace events to make sure that they do not point at memory that is not in the trace event itself or in data that wi
CVE-2025-37936May 20, 2025
affected < 1-150600.13.6.4fixed 1-150600.13.6.4
In the Linux kernel, the following vulnerability has been resolved: perf/x86/intel: KVM: Mask PEBS_ENABLE loaded for guest with vCPU's value. When generating the MSR_IA32_PEBS_ENABLE value that will be loaded on VM-Entry to a KVM guest, mask the value with the vCPU's desired PE
CVE-2025-37933May 20, 2025
affected < 1-150600.13.6.4fixed 1-150600.13.6.4
In the Linux kernel, the following vulnerability has been resolved: octeon_ep: Fix host hang issue during device reboot When the host loses heartbeat messages from the device, the driver calls the device-specific ndo_stop function, which frees the resources. If the driver is un
CVE-2025-37927May 20, 2025
affected < 1-150600.13.6.4fixed 1-150600.13.6.4
In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Fix potential buffer overflow in parse_ivrs_acpihid There is a string parsing logic error which can lead to an overflow of hid or uid buffers. Comparing ACPIID_LEN against a total string length doesn
CVE-2025-37923May 20, 2025
affected < 1-150600.13.6.4fixed 1-150600.13.6.4
In the Linux kernel, the following vulnerability has been resolved: tracing: Fix oob write in trace_seq_to_buffer() syzbot reported this bug: ================================================================== BUG: KASAN: slab-out-of-bounds in trace_seq_to_buffer kernel/trace/tr

Page 5 of 8