rpm package

suse/kernel-livepatch-SLE15-SP6_Update_17&distro=SUSE Linux Enterprise Live Patching 15 SP6

pkg:rpm/suse/kernel-livepatch-SLE15-SP6_Update_17&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP6

Vulnerabilities (205)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2025-39902		—	< 1-150600.13.5.1	1-150600.13.5.1	Oct 1, 2025	In the Linux kernel, the following vulnerability has been resolved: mm/slub: avoid accessing metadata when pointer is invalid in object_err() object_err() reports details of an object for further debugging, such as the freelist pointer, redzone, etc. However, if the pointer is
CVE-2025-39895		—	< 1-150600.13.5.1	1-150600.13.5.1	Oct 1, 2025	In the Linux kernel, the following vulnerability has been resolved: sched: Fix sched_numa_find_nth_cpu() if mask offline sched_numa_find_nth_cpu() uses a bsearch to look for the 'closest' CPU in sched_domains_numa_masks and given cpus mask. However they might not intersect if a
CVE-2025-39881		—	< 1-150600.13.5.1	1-150600.13.5.1	Sep 23, 2025	In the Linux kernel, the following vulnerability has been resolved: kernfs: Fix UAF in polling when open file is released A use-after-free (UAF) vulnerability was identified in the PSI (Pressure Stall Information) monitoring mechanism: BUG: KASAN: slab-use-after-free in psi_tr
CVE-2025-39876		—	< 1-150600.13.5.1	1-150600.13.5.1	Sep 23, 2025	In the Linux kernel, the following vulnerability has been resolved: net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable() The function of_phy_find_device may return NULL, so we need to take care before dereferencing phy_dev.
CVE-2025-39866	Hig	7.8	< 1-150600.13.5.1	1-150600.13.5.1	Sep 19, 2025	In the Linux kernel, the following vulnerability has been resolved: fs: writeback: fix use-after-free in __mark_inode_dirty() An use-after-free issue occurred when __mark_inode_dirty() get the bdi_writeback that was in the progress of switching. CPU: 1 PID: 562 Comm: systemd-r
CVE-2025-39841	Hig	7.8	< 1-150600.13.5.1	1-150600.13.5.1	Sep 19, 2025	In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix buffer free/clear order in deferred receive path Fix a use-after-free window by correcting the buffer release sequence in the deferred receive path. The code freed the RQ buffer first and only t
CVE-2025-39851		—	< 1-150600.13.5.1	1-150600.13.5.1	Sep 19, 2025	In the Linux kernel, the following vulnerability has been resolved: vxlan: Fix NPD when refreshing an FDB entry with a nexthop object VXLAN FDB entries can point to either a remote destination or an FDB nexthop group. The latter is usually used in EVPN deployments where learnin
CVE-2025-39828	Hig	7.8	< 1-150600.13.5.1	1-150600.13.5.1	Sep 16, 2025	In the Linux kernel, the following vulnerability has been resolved: atm: atmtcp: Prevent arbitrary write in atmtcp_recv_control(). syzbot reported the splat below. [0] When atmtcp_v_open() or atmtcp_v_close() is called via connect() or close(), atmtcp_send_control() is called
CVE-2025-39813	Med	4.7	< 1-150600.13.5.1	1-150600.13.5.1	Sep 16, 2025	In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix potential warning in trace_printk_seq during ftrace_dump When calling ftrace_dump_one() concurrently with reading trace_pipe, a WARN_ON_ONCE() in trace_printk_seq() can be triggered due to a race co
CVE-2025-39812	Med	5.5	< 1-150600.13.5.1	1-150600.13.5.1	Sep 16, 2025	In the Linux kernel, the following vulnerability has been resolved: sctp: initialize more fields in sctp_v6_from_sk() syzbot found that sin6_scope_id was not properly initialized, leading to undefined behavior. Clear sin6_scope_id and sin6_flowinfo. BUG: KMSAN: uninit-value i
CVE-2025-39794	Med	5.5	< 1-150600.13.5.1	1-150600.13.5.1	Sep 12, 2025	In the Linux kernel, the following vulnerability has been resolved: ARM: tegra: Use I/O memcpy to write to IRAM Kasan crashes the kernel trying to check boundaries when using the normal memcpy.
CVE-2025-39797		—	< 1-150600.13.5.1	1-150600.13.5.1	Sep 12, 2025	In the Linux kernel, the following vulnerability has been resolved: xfrm: Duplicate SPI Handling The issue originates when Strongswan initiates an XFRM_MSG_ALLOCSPI Netlink message, which triggers the kernel function xfrm_alloc_spi(). This function is expected to ensure uniquen
CVE-2025-39756	Med	5.5	< 1-150600.13.5.1	1-150600.13.5.1	Sep 11, 2025	In the Linux kernel, the following vulnerability has been resolved: fs: Prevent file descriptor table allocations exceeding INT_MAX When sysctl_nr_open is set to a very high value (for example, 1073741816 as set by systemd), processes attempting to use file descriptors near the
CVE-2025-39702	Hig	7.0	< 1-150600.13.5.1	1-150600.13.5.1	Sep 5, 2025	In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this.
CVE-2025-39697	Med	4.7	< 1-150600.13.5.1	1-150600.13.5.1	Sep 5, 2025	In the Linux kernel, the following vulnerability has been resolved: NFS: Fix a race when updating an existing write After nfs_lock_and_join_requests() tests for whether the request is still attached to the mapping, nothing prevents a call to nfs_inode_remove_request() from succ
CVE-2025-39683	Hig	7.1	< 1-150600.13.5.1	1-150600.13.5.1	Sep 5, 2025	In the Linux kernel, the following vulnerability has been resolved: tracing: Limit access to parser->buffer when trace_get_user failed When the length of the string written to set_ftrace_filter exceeds FTRACE_BUFF_MAX, the following KASAN alarm will be triggered: BUG: KASAN: s
CVE-2025-39676	Med	5.5	< 1-150600.13.5.1	1-150600.13.5.1	Sep 5, 2025	In the Linux kernel, the following vulnerability has been resolved: scsi: qla4xxx: Prevent a potential error pointer dereference The qla4xxx_get_ep_fwdb() function is supposed to return NULL on error, but qla4xxx_ep_connect() returns error pointers. Propagating the error point
CVE-2025-39673	Med	4.7	< 1-150600.13.5.1	1-150600.13.5.1	Sep 5, 2025	In the Linux kernel, the following vulnerability has been resolved: ppp: fix race conditions in ppp_fill_forward_path ppp_fill_forward_path() has two race conditions: 1. The ppp->channels list can change between list_empty() and list_first_entry(), as ppp_lock() is not held
CVE-2025-38700	Med	5.5	< 1-150600.13.5.1	1-150600.13.5.1	Sep 4, 2025	In the Linux kernel, the following vulnerability has been resolved: scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated In case of an ib_fast_reg_mr allocation failure during iSER setup, the machine hits a panic because iscsi_conn->dd_data is initialized
CVE-2025-38699	Hig	7.8	< 1-150600.13.5.1	1-150600.13.5.1	Sep 4, 2025	In the Linux kernel, the following vulnerability has been resolved: scsi: bfa: Double-free fix When the bfad_im_probe() function fails during initialization, the memory pointed to by bfad->im is freed without setting bfad->im to NULL. Subsequently, during driver uninstallation

CVE-2025-39902Oct 1, 2025
affected < 1-150600.13.5.1fixed 1-150600.13.5.1
In the Linux kernel, the following vulnerability has been resolved: mm/slub: avoid accessing metadata when pointer is invalid in object_err() object_err() reports details of an object for further debugging, such as the freelist pointer, redzone, etc. However, if the pointer is
CVE-2025-39895Oct 1, 2025
affected < 1-150600.13.5.1fixed 1-150600.13.5.1
In the Linux kernel, the following vulnerability has been resolved: sched: Fix sched_numa_find_nth_cpu() if mask offline sched_numa_find_nth_cpu() uses a bsearch to look for the 'closest' CPU in sched_domains_numa_masks and given cpus mask. However they might not intersect if a
CVE-2025-39881Sep 23, 2025
affected < 1-150600.13.5.1fixed 1-150600.13.5.1
In the Linux kernel, the following vulnerability has been resolved: kernfs: Fix UAF in polling when open file is released A use-after-free (UAF) vulnerability was identified in the PSI (Pressure Stall Information) monitoring mechanism: BUG: KASAN: slab-use-after-free in psi_tr
CVE-2025-39876Sep 23, 2025
affected < 1-150600.13.5.1fixed 1-150600.13.5.1
In the Linux kernel, the following vulnerability has been resolved: net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable() The function of_phy_find_device may return NULL, so we need to take care before dereferencing phy_dev.
CVE-2025-39866HigSep 19, 2025
affected < 1-150600.13.5.1fixed 1-150600.13.5.1
In the Linux kernel, the following vulnerability has been resolved: fs: writeback: fix use-after-free in __mark_inode_dirty() An use-after-free issue occurred when __mark_inode_dirty() get the bdi_writeback that was in the progress of switching. CPU: 1 PID: 562 Comm: systemd-r
CVE-2025-39841HigSep 19, 2025
affected < 1-150600.13.5.1fixed 1-150600.13.5.1
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix buffer free/clear order in deferred receive path Fix a use-after-free window by correcting the buffer release sequence in the deferred receive path. The code freed the RQ buffer first and only t
CVE-2025-39851Sep 19, 2025
affected < 1-150600.13.5.1fixed 1-150600.13.5.1
In the Linux kernel, the following vulnerability has been resolved: vxlan: Fix NPD when refreshing an FDB entry with a nexthop object VXLAN FDB entries can point to either a remote destination or an FDB nexthop group. The latter is usually used in EVPN deployments where learnin
CVE-2025-39828HigSep 16, 2025
affected < 1-150600.13.5.1fixed 1-150600.13.5.1
In the Linux kernel, the following vulnerability has been resolved: atm: atmtcp: Prevent arbitrary write in atmtcp_recv_control(). syzbot reported the splat below. [0] When atmtcp_v_open() or atmtcp_v_close() is called via connect() or close(), atmtcp_send_control() is called
CVE-2025-39813MedSep 16, 2025
affected < 1-150600.13.5.1fixed 1-150600.13.5.1
In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix potential warning in trace_printk_seq during ftrace_dump When calling ftrace_dump_one() concurrently with reading trace_pipe, a WARN_ON_ONCE() in trace_printk_seq() can be triggered due to a race co
CVE-2025-39812MedSep 16, 2025
affected < 1-150600.13.5.1fixed 1-150600.13.5.1
In the Linux kernel, the following vulnerability has been resolved: sctp: initialize more fields in sctp_v6_from_sk() syzbot found that sin6_scope_id was not properly initialized, leading to undefined behavior. Clear sin6_scope_id and sin6_flowinfo. BUG: KMSAN: uninit-value i
CVE-2025-39794MedSep 12, 2025
affected < 1-150600.13.5.1fixed 1-150600.13.5.1
In the Linux kernel, the following vulnerability has been resolved: ARM: tegra: Use I/O memcpy to write to IRAM Kasan crashes the kernel trying to check boundaries when using the normal memcpy.
CVE-2025-39797Sep 12, 2025
affected < 1-150600.13.5.1fixed 1-150600.13.5.1
In the Linux kernel, the following vulnerability has been resolved: xfrm: Duplicate SPI Handling The issue originates when Strongswan initiates an XFRM_MSG_ALLOCSPI Netlink message, which triggers the kernel function xfrm_alloc_spi(). This function is expected to ensure uniquen
CVE-2025-39756MedSep 11, 2025
affected < 1-150600.13.5.1fixed 1-150600.13.5.1
In the Linux kernel, the following vulnerability has been resolved: fs: Prevent file descriptor table allocations exceeding INT_MAX When sysctl_nr_open is set to a very high value (for example, 1073741816 as set by systemd), processes attempting to use file descriptors near the
CVE-2025-39702HigSep 5, 2025
affected < 1-150600.13.5.1fixed 1-150600.13.5.1
In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this.
CVE-2025-39697MedSep 5, 2025
affected < 1-150600.13.5.1fixed 1-150600.13.5.1
In the Linux kernel, the following vulnerability has been resolved: NFS: Fix a race when updating an existing write After nfs_lock_and_join_requests() tests for whether the request is still attached to the mapping, nothing prevents a call to nfs_inode_remove_request() from succ
CVE-2025-39683HigSep 5, 2025
affected < 1-150600.13.5.1fixed 1-150600.13.5.1
In the Linux kernel, the following vulnerability has been resolved: tracing: Limit access to parser->buffer when trace_get_user failed When the length of the string written to set_ftrace_filter exceeds FTRACE_BUFF_MAX, the following KASAN alarm will be triggered: BUG: KASAN: s
CVE-2025-39676MedSep 5, 2025
affected < 1-150600.13.5.1fixed 1-150600.13.5.1
In the Linux kernel, the following vulnerability has been resolved: scsi: qla4xxx: Prevent a potential error pointer dereference The qla4xxx_get_ep_fwdb() function is supposed to return NULL on error, but qla4xxx_ep_connect() returns error pointers. Propagating the error point
CVE-2025-39673MedSep 5, 2025
affected < 1-150600.13.5.1fixed 1-150600.13.5.1
In the Linux kernel, the following vulnerability has been resolved: ppp: fix race conditions in ppp_fill_forward_path ppp_fill_forward_path() has two race conditions: 1. The ppp->channels list can change between list_empty() and list_first_entry(), as ppp_lock() is not held
CVE-2025-38700MedSep 4, 2025
affected < 1-150600.13.5.1fixed 1-150600.13.5.1
In the Linux kernel, the following vulnerability has been resolved: scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated In case of an ib_fast_reg_mr allocation failure during iSER setup, the machine hits a panic because iscsi_conn->dd_data is initialized
CVE-2025-38699HigSep 4, 2025
affected < 1-150600.13.5.1fixed 1-150600.13.5.1
In the Linux kernel, the following vulnerability has been resolved: scsi: bfa: Double-free fix When the bfad_im_probe() function fails during initialization, the memory pointed to by bfad->im is freed without setting bfad->im to NULL. Subsequently, during driver uninstallation

Page 10 of 11