rpm package
suse/kernel-livepatch-SLE15-SP6_Update_18&distro=SUSE Linux Enterprise Live Patching 15 SP6
pkg:rpm/suse/kernel-livepatch-SLE15-SP6_Update_18&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP6
Vulnerabilities (77)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-23268 | Hig | 7.8 | < 4-150600.2.1 | 4-150600.2.1 | Mar 18, 2026 | In the Linux kernel, the following vulnerability has been resolved: apparmor: fix unprivileged local user can do privileged policy management An unprivileged local user can load, replace, and remove profiles by opening the apparmorfs interfaces, via a confused deputy attack, by | |
| CVE-2026-23209 | Hig | 7.8 | < 3-150600.2.1 | 3-150600.2.1 | Feb 14, 2026 | In the Linux kernel, the following vulnerability has been resolved: macvlan: fix error recovery in macvlan_common_newlink() valis provided a nice repro to crash the kernel: ip link add p1 type veth peer p2 ip link set address 00:00:00:00:00:20 dev p1 ip link set up dev p1 ip l | |
| CVE-2026-23111 | Hig | 7.8 | < 3-150600.2.1 | 3-150600.2.1 | Feb 13, 2026 | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() nft_map_catchall_activate() has an inverted element activity check compared to its non-catchall counterpart nft_mapelem_activate() | |
| CVE-2026-23074 | Hig | 7.8 | < 3-150600.2.1 | 3-150600.2.1 | Feb 4, 2026 | In the Linux kernel, the following vulnerability has been resolved: net/sched: Enforce that teql can only be used as root qdisc Design intent of teql is that it is only supposed to be used as root qdisc. We need to check for that constraint. Although not important, I will desc | |
| CVE-2026-22999 | Hig | 7.8 | < 3-150600.2.1 | 3-150600.2.1 | Jan 25, 2026 | In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_qfq: do not free existing class in qfq_change_class() Fixes qfq_change_class() error case. cl->qdisc and cl should only be freed if a new class and qdisc were allocated, or we risk various UAF. | |
| CVE-2025-71120 | — | < 3-150600.2.1 | 3-150600.2.1 | Jan 14, 2026 | In the Linux kernel, the following vulnerability has been resolved: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf A zero length gss_token results in pages == 0 and in_token->pages[0] is NULL. The code unconditionally evaluates page_addres | ||
| CVE-2025-68813 | — | < 2-150600.2.1 | 2-150600.2.1 | Jan 13, 2026 | In the Linux kernel, the following vulnerability has been resolved: ipvs: fix ipv4 null-ptr-deref in route error path The IPv4 code path in __ip_vs_get_out_rt() calls dst_link_failure() without ensuring skb->dev is set, leading to a NULL pointer dereference in fib_compute_spec_ | ||
| CVE-2025-71085 | — | < 2-150600.2.1 | 2-150600.2.1 | Jan 13, 2026 | In the Linux kernel, the following vulnerability has been resolved: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() There exists a kernel oops caused by a BUG_ON(nhead < 0) at net/core/skbuff.c:2232 in pskb_expand_head(). This bug is triggered as part of t | ||
| CVE-2025-68285 | — | < 2-150600.2.1 | 2-150600.2.1 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: libceph: fix potential use-after-free in have_mon_and_osd_map() The wait loop in __ceph_open_session() can race with the client receiving a new monmap or osdmap shortly after the initial map is received. Both | ||
| CVE-2025-68284 | — | < 2-150600.2.1 | 2-150600.2.1 | Dec 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: libceph: prevent potential out-of-bounds writes in handle_auth_session_key() The len field originates from untrusted network packets. Boundary checks have been added to prevent potential out-of-bounds writes wh | ||
| CVE-2025-40297 | — | < 2-150600.2.1 | 2-150600.2.1 | Dec 8, 2025 | In the Linux kernel, the following vulnerability has been resolved: net: bridge: fix use-after-free due to MST port state bypass syzbot reported[1] a use-after-free when deleting an expired fdb. It is due to a race condition between learning still happening and a port being del | ||
| CVE-2025-40258 | — | < 2-150600.2.1 | 2-150600.2.1 | Dec 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: mptcp: fix race condition in mptcp_schedule_work() syzbot reported use-after-free in mptcp_schedule_work() [1] Issue here is that mptcp_schedule_work() schedules a work, then gets a refcount on sk->sk_refcnt i | ||
| CVE-2025-40207 | — | < 1-150600.13.3.3 | 1-150600.13.3.3 | Nov 12, 2025 | In the Linux kernel, the following vulnerability has been resolved: media: v4l2-subdev: Fix alloc failure check in v4l2_subdev_call_state_try() v4l2_subdev_call_state_try() macro allocates a subdev state with __v4l2_subdev_state_alloc(), but does not check the returned value. I | ||
| CVE-2025-40206 | — | < 1-150600.13.3.3 | 1-150600.13.3.3 | Nov 12, 2025 | In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_objref: validate objref and objrefmap expressions Referencing a synproxy stateful object from OUTPUT hook causes kernel crash due to infinite recursive calls: BUG: TASK stack guard page was hit | ||
| CVE-2025-40205 | — | < 1-150600.13.3.3 | 1-150600.13.3.3 | Nov 12, 2025 | In the Linux kernel, the following vulnerability has been resolved: btrfs: avoid potential out-of-bounds in btrfs_encode_fh() The function btrfs_encode_fh() does not properly account for the three cases it handles. Before writing to the file handle (fh), the function only retu | ||
| CVE-2025-40204 | — | < 1-150600.13.3.3 | 1-150600.13.3.3 | Nov 12, 2025 | In the Linux kernel, the following vulnerability has been resolved: sctp: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this. | ||
| CVE-2025-40200 | — | < 1-150600.13.3.3 | 1-150600.13.3.3 | Nov 12, 2025 | In the Linux kernel, the following vulnerability has been resolved: Squashfs: reject negative file sizes in squashfs_read_inode() Syskaller reports a "WARNING in ovl_copy_up_file" in overlayfs. This warning is ultimately caused because the underlying Squashfs file system retur | ||
| CVE-2025-40198 | — | < 1-150600.13.3.3 | 1-150600.13.3.3 | Nov 12, 2025 | In the Linux kernel, the following vulnerability has been resolved: ext4: avoid potential buffer over-read in parse_apply_sb_mount_options() Unlike other strings in the ext4 superblock, we rely on tune2fs to make sure s_mount_opts is NUL terminated. Harden parse_apply_sb_mount | ||
| CVE-2025-40194 | — | < 1-150600.13.3.3 | 1-150600.13.3.3 | Nov 12, 2025 | In the Linux kernel, the following vulnerability has been resolved: cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() The cpufreq_cpu_put() call in update_qos_request() takes place too early because the latter subsequently calls freq_qos_update_request() | ||
| CVE-2025-40188 | — | < 1-150600.13.3.3 | 1-150600.13.3.3 | Nov 12, 2025 | In the Linux kernel, the following vulnerability has been resolved: pwm: berlin: Fix wrong register in suspend/resume The 'enable' register should be BERLIN_PWM_EN rather than BERLIN_PWM_ENABLE, otherwise, the driver accesses wrong address, there will be cpu exception then kern |
- affected < 4-150600.2.1fixed 4-150600.2.1
In the Linux kernel, the following vulnerability has been resolved: apparmor: fix unprivileged local user can do privileged policy management An unprivileged local user can load, replace, and remove profiles by opening the apparmorfs interfaces, via a confused deputy attack, by
- affected < 3-150600.2.1fixed 3-150600.2.1
In the Linux kernel, the following vulnerability has been resolved: macvlan: fix error recovery in macvlan_common_newlink() valis provided a nice repro to crash the kernel: ip link add p1 type veth peer p2 ip link set address 00:00:00:00:00:20 dev p1 ip link set up dev p1 ip l
- affected < 3-150600.2.1fixed 3-150600.2.1
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() nft_map_catchall_activate() has an inverted element activity check compared to its non-catchall counterpart nft_mapelem_activate()
- affected < 3-150600.2.1fixed 3-150600.2.1
In the Linux kernel, the following vulnerability has been resolved: net/sched: Enforce that teql can only be used as root qdisc Design intent of teql is that it is only supposed to be used as root qdisc. We need to check for that constraint. Although not important, I will desc
- affected < 3-150600.2.1fixed 3-150600.2.1
In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_qfq: do not free existing class in qfq_change_class() Fixes qfq_change_class() error case. cl->qdisc and cl should only be freed if a new class and qdisc were allocated, or we risk various UAF.
- CVE-2025-71120Jan 14, 2026affected < 3-150600.2.1fixed 3-150600.2.1
In the Linux kernel, the following vulnerability has been resolved: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf A zero length gss_token results in pages == 0 and in_token->pages[0] is NULL. The code unconditionally evaluates page_addres
- CVE-2025-68813Jan 13, 2026affected < 2-150600.2.1fixed 2-150600.2.1
In the Linux kernel, the following vulnerability has been resolved: ipvs: fix ipv4 null-ptr-deref in route error path The IPv4 code path in __ip_vs_get_out_rt() calls dst_link_failure() without ensuring skb->dev is set, leading to a NULL pointer dereference in fib_compute_spec_
- CVE-2025-71085Jan 13, 2026affected < 2-150600.2.1fixed 2-150600.2.1
In the Linux kernel, the following vulnerability has been resolved: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() There exists a kernel oops caused by a BUG_ON(nhead < 0) at net/core/skbuff.c:2232 in pskb_expand_head(). This bug is triggered as part of t
- CVE-2025-68285Dec 16, 2025affected < 2-150600.2.1fixed 2-150600.2.1
In the Linux kernel, the following vulnerability has been resolved: libceph: fix potential use-after-free in have_mon_and_osd_map() The wait loop in __ceph_open_session() can race with the client receiving a new monmap or osdmap shortly after the initial map is received. Both
- CVE-2025-68284Dec 16, 2025affected < 2-150600.2.1fixed 2-150600.2.1
In the Linux kernel, the following vulnerability has been resolved: libceph: prevent potential out-of-bounds writes in handle_auth_session_key() The len field originates from untrusted network packets. Boundary checks have been added to prevent potential out-of-bounds writes wh
- CVE-2025-40297Dec 8, 2025affected < 2-150600.2.1fixed 2-150600.2.1
In the Linux kernel, the following vulnerability has been resolved: net: bridge: fix use-after-free due to MST port state bypass syzbot reported[1] a use-after-free when deleting an expired fdb. It is due to a race condition between learning still happening and a port being del
- CVE-2025-40258Dec 4, 2025affected < 2-150600.2.1fixed 2-150600.2.1
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix race condition in mptcp_schedule_work() syzbot reported use-after-free in mptcp_schedule_work() [1] Issue here is that mptcp_schedule_work() schedules a work, then gets a refcount on sk->sk_refcnt i
- CVE-2025-40207Nov 12, 2025affected < 1-150600.13.3.3fixed 1-150600.13.3.3
In the Linux kernel, the following vulnerability has been resolved: media: v4l2-subdev: Fix alloc failure check in v4l2_subdev_call_state_try() v4l2_subdev_call_state_try() macro allocates a subdev state with __v4l2_subdev_state_alloc(), but does not check the returned value. I
- CVE-2025-40206Nov 12, 2025affected < 1-150600.13.3.3fixed 1-150600.13.3.3
In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_objref: validate objref and objrefmap expressions Referencing a synproxy stateful object from OUTPUT hook causes kernel crash due to infinite recursive calls: BUG: TASK stack guard page was hit
- CVE-2025-40205Nov 12, 2025affected < 1-150600.13.3.3fixed 1-150600.13.3.3
In the Linux kernel, the following vulnerability has been resolved: btrfs: avoid potential out-of-bounds in btrfs_encode_fh() The function btrfs_encode_fh() does not properly account for the three cases it handles. Before writing to the file handle (fh), the function only retu
- CVE-2025-40204Nov 12, 2025affected < 1-150600.13.3.3fixed 1-150600.13.3.3
In the Linux kernel, the following vulnerability has been resolved: sctp: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this.
- CVE-2025-40200Nov 12, 2025affected < 1-150600.13.3.3fixed 1-150600.13.3.3
In the Linux kernel, the following vulnerability has been resolved: Squashfs: reject negative file sizes in squashfs_read_inode() Syskaller reports a "WARNING in ovl_copy_up_file" in overlayfs. This warning is ultimately caused because the underlying Squashfs file system retur
- CVE-2025-40198Nov 12, 2025affected < 1-150600.13.3.3fixed 1-150600.13.3.3
In the Linux kernel, the following vulnerability has been resolved: ext4: avoid potential buffer over-read in parse_apply_sb_mount_options() Unlike other strings in the ext4 superblock, we rely on tune2fs to make sure s_mount_opts is NUL terminated. Harden parse_apply_sb_mount
- CVE-2025-40194Nov 12, 2025affected < 1-150600.13.3.3fixed 1-150600.13.3.3
In the Linux kernel, the following vulnerability has been resolved: cpufreq: intel_pstate: Fix object lifecycle issue in update_qos_request() The cpufreq_cpu_put() call in update_qos_request() takes place too early because the latter subsequently calls freq_qos_update_request()
- CVE-2025-40188Nov 12, 2025affected < 1-150600.13.3.3fixed 1-150600.13.3.3
In the Linux kernel, the following vulnerability has been resolved: pwm: berlin: Fix wrong register in suspend/resume The 'enable' register should be BERLIN_PWM_EN rather than BERLIN_PWM_ENABLE, otherwise, the driver accesses wrong address, there will be cpu exception then kern
Page 1 of 4