VYPR

rpm package

suse/kernel-livepatch-SLE15-SP6_Update_14&distro=SUSE Linux Enterprise Live Patching 15 SP6

pkg:rpm/suse/kernel-livepatch-SLE15-SP6_Update_14&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP6

Vulnerabilities (264)

  • CVE-2025-38259Jul 9, 2025
    affected < 1-150600.13.3.4fixed 1-150600.13.3.4

    In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: wcd9335: Fix missing free of regulator supplies Driver gets and enables all regulator supplies in probe path (wcd9335_parse_dt() and wcd9335_power_on_reset()), but does not cleanup in final error

  • CVE-2025-38257Jul 9, 2025
    affected < 1-150600.13.3.4fixed 1-150600.13.3.4

    In the Linux kernel, the following vulnerability has been resolved: s390/pkey: Prevent overflow in size calculation for memdup_user() Number of apqn target list entries contained in 'nr_apqns' variable is determined by userspace via an ioctl call so the result of the product in

  • CVE-2025-38249Jul 9, 2025
    affected < 1-150600.13.3.4fixed 1-150600.13.3.4

    In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix out-of-bounds read in snd_usb_get_audioformat_uac3() In snd_usb_get_audioformat_uac3(), the length value returned from snd_usb_ctl_msg() is used directly for memory allocation without valid

  • CVE-2025-38248Jul 9, 2025
    affected < 1-150600.13.3.4fixed 1-150600.13.3.4

    In the Linux kernel, the following vulnerability has been resolved: bridge: mcast: Fix use-after-free during router port configuration The bridge maintains a global list of ports behind which a multicast router resides. The list is consulted during forwarding to ensure multicas

  • CVE-2025-38246Jul 9, 2025
    affected < 1-150600.13.3.4fixed 1-150600.13.3.4

    In the Linux kernel, the following vulnerability has been resolved: bnxt: properly flush XDP redirect lists We encountered following crash when testing a XDP_REDIRECT feature in production: [56251.579676] list_add corruption. next->prev should be prev (ffff93120dd40f30), but w

  • CVE-2025-38244Jul 9, 2025
    affected < 1-150600.13.3.4fixed 1-150600.13.3.4

    In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential deadlock when reconnecting channels Fix cifs_signal_cifsd_for_reconnect() to take the correct lock order and prevent the following deadlock from happening ===========================

  • CVE-2025-38239Jul 9, 2025
    affected < 1-150600.13.3.4fixed 1-150600.13.3.4

    In the Linux kernel, the following vulnerability has been resolved: scsi: megaraid_sas: Fix invalid node index On a system with DRAM interleave enabled, out-of-bound access is detected: megaraid_sas 0000:3f:00.0: requested/available msix 128/128 poll_queue 0 ------------[ cut

  • CVE-2024-36357MedJul 8, 2025
    affected < 1-150600.13.3.4fixed 1-150600.13.3.4

    A transient execution vulnerability in some AMD processors may allow an attacker to infer data in the L1D cache, potentially resulting in the leakage of sensitive information across privileged boundaries.

  • CVE-2024-36350MedJul 8, 2025
    affected < 1-150600.13.3.4fixed 1-150600.13.3.4

    A transient execution vulnerability in some AMD processors may allow an attacker to infer data from previous stores, potentially resulting in the leakage of privileged information.

  • CVE-2024-36349LowJul 8, 2025
    affected < 1-150600.13.3.4fixed 1-150600.13.3.4

    A transient execution vulnerability in some AMD processors may allow a user process to infer TSC_AUX even when such a read is disabled, potentially resulting in information leakage.

  • CVE-2024-36348LowJul 8, 2025
    affected < 1-150600.13.3.4fixed 1-150600.13.3.4

    A transient execution vulnerability in some AMD processors may allow a user process to infer the control registers speculatively even if UMIP feature is enabled, potentially resulting in information leakage.

  • CVE-2025-38236HigJul 8, 2025
    affected < 1-150600.13.3.4fixed 1-150600.13.3.4

    In the Linux kernel, the following vulnerability has been resolved: af_unix: Don't leave consecutive consumed OOB skbs. Jann Horn reported a use-after-free in unix_stream_read_generic(). The following sequences reproduce the issue: $ python3 from socket import * s1, s2

  • CVE-2025-38231MedJul 4, 2025
    affected < 1-150600.13.3.4fixed 1-150600.13.3.4

    In the Linux kernel, the following vulnerability has been resolved: nfsd: Initialize ssc before laundromat_work to prevent NULL dereference In nfs4_state_start_net(), laundromat_work may access nfsd_ssc through nfs4_laundromat -> nfsd4_ssc_expire_umount. If nfsd_ssc isn't initi

  • CVE-2025-38222MedJul 4, 2025
    affected < 1-150600.13.3.4fixed 1-150600.13.3.4

    In the Linux kernel, the following vulnerability has been resolved: ext4: inline: fix len overflow in ext4_prepare_inline_data When running the following code on an ext4 filesystem with inline_data feature enabled, it will lead to the bug below. fd = open("file1", O_RD

  • CVE-2025-38215MedJul 4, 2025
    affected < 1-150600.13.3.4fixed 1-150600.13.3.4

    In the Linux kernel, the following vulnerability has been resolved: fbdev: Fix do_register_framebuffer to prevent null-ptr-deref in fb_videomode_to_var If fb_add_videomode() in do_register_framebuffer() fails to allocate memory for fb_videomode, it will later lead to a null-ptr

  • CVE-2025-38214MedJul 4, 2025
    affected < 1-150600.13.3.4fixed 1-150600.13.3.4

    In the Linux kernel, the following vulnerability has been resolved: fbdev: Fix fb_set_var to prevent null-ptr-deref in fb_videomode_to_var If fb_add_videomode() in fb_set_var() fails to allocate memory for fb_videomode, later it may lead to a null-ptr dereference in fb_videomod

  • CVE-2025-38212HigJul 4, 2025
    affected < 1-150600.13.3.4fixed 1-150600.13.3.4

    In the Linux kernel, the following vulnerability has been resolved: ipc: fix to protect IPCS lookups using RCU syzbot reported that it discovered a use-after-free vulnerability, [0] [0]: https://lore.kernel.org/all/67af13f8.050a0220.21dd3.0038.GAE@google.com/ idr_for_each() i

  • CVE-2025-38198HigJul 4, 2025
    affected < 1-150600.13.3.4fixed 1-150600.13.3.4

    In the Linux kernel, the following vulnerability has been resolved: fbcon: Make sure modelist not set on unregistered console It looks like attempting to write to the "store_modes" sysfs node will run afoul of unregistered consoles: UBSAN: array-index-out-of-bounds in drivers/

  • CVE-2025-38192MedJul 4, 2025
    affected < 1-150600.13.3.4fixed 1-150600.13.3.4

    In the Linux kernel, the following vulnerability has been resolved: net: clear the dst when changing skb protocol A not-so-careful NAT46 BPF program can crash the kernel if it indiscriminately flips ingress packets from v4 to v6: BUG: kernel NULL pointer dereference, address

  • CVE-2025-38229Jul 4, 2025
    affected < 1-150600.13.3.4fixed 1-150600.13.3.4

    In the Linux kernel, the following vulnerability has been resolved: media: cxusb: no longer judge rbuf when the write fails syzbot reported a uninit-value in cxusb_i2c_xfer. [1] Only when the write operation of usb_bulk_msg() in dvb_usb_generic_rw() succeeds and rlen is greate

Page 8 of 14