rpm package
suse/kernel-livepatch-SLE15-SP6_Update_19&distro=SUSE Linux Enterprise Live Patching 15 SP6
pkg:rpm/suse/kernel-livepatch-SLE15-SP6_Update_19&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP6
Vulnerabilities (343)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-40284 | — | < 1-150600.13.3.1 | 1-150600.13.3.1 | Dec 6, 2025 | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: cancel mesh send timer when hdev removed mesh_send_done timer is not canceled when hdev is removed, which causes crash if the timer triggers after hdev is gone. Cancel the timer when MGMT remo | ||
| CVE-2025-40283 | — | < 1-150600.13.3.1 | 1-150600.13.3.1 | Dec 6, 2025 | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btusb: reorder cleanup in btusb_disconnect to avoid UAF There is a KASAN: slab-use-after-free read in btusb_disconnect(). Calling "usb_driver_release_interface(&btusb_driver, data->intf)" will free t | ||
| CVE-2025-40282 | — | < 1-150600.13.3.1 | 1-150600.13.3.1 | Dec 6, 2025 | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: 6lowpan: reset link-local header on ipv6 recv path Bluetooth 6lowpan.c netdev has header_ops, so it must set link-local header for RX skb, otherwise things crash, eg. with AF_PACKET SOCK_RAW Add mis | ||
| CVE-2025-40280 | — | < 1-150600.13.3.1 | 1-150600.13.3.1 | Dec 6, 2025 | In the Linux kernel, the following vulnerability has been resolved: tipc: Fix use-after-free in tipc_mon_reinit_self(). syzbot reported use-after-free of tipc_net(net)->monitors[] in tipc_mon_reinit_self(). [0] The array is protected by RTNL, but tipc_mon_reinit_self() iterate | ||
| CVE-2025-40277 | — | < 1-150600.13.3.1 | 1-150600.13.3.1 | Dec 6, 2025 | In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE This data originates from userspace and is used in buffer offset calculations which could potentially overflow causing an out-of-bounds acc | ||
| CVE-2025-40275 | — | < 1-150600.13.3.1 | 1-150600.13.3.1 | Dec 6, 2025 | In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix NULL pointer dereference in snd_usb_mixer_controls_badd In snd_usb_create_streams(), for UAC version 3 devices, the Interface Association Descriptor (IAD) is retrieved via usb_ifnum_to_if() | ||
| CVE-2025-40273 | — | < 1-150600.13.3.1 | 1-150600.13.3.1 | Dec 6, 2025 | In the Linux kernel, the following vulnerability has been resolved: NFSD: free copynotify stateid in nfs4_free_ol_stateid() Typically copynotify stateid is freed either when parent's stateid is being close/freed or in nfsd4_laundromat if the stateid hasn't been used in a lease | ||
| CVE-2025-40272 | — | < 1-150600.13.3.1 | 1-150600.13.3.1 | Dec 6, 2025 | In the Linux kernel, the following vulnerability has been resolved: mm/secretmem: fix use-after-free race in fault handler When a page fault occurs in a secret memory file created with `memfd_secret(2)`, the kernel will allocate a new folio for it, mark the underlying page as n | ||
| CVE-2025-40269 | — | < 1-150600.13.3.1 | 1-150600.13.3.1 | Dec 6, 2025 | In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix potential overflow of PCM transfer buffer The PCM stream data in USB-audio driver is transferred over USB URB packet buffers, and each packet size is determined dynamically. The packet siz | ||
| CVE-2025-40263 | — | < 1-150600.13.3.1 | 1-150600.13.3.1 | Dec 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: Input: cros_ec_keyb - fix an invalid memory access If cros_ec_keyb_register_matrix() isn't called (due to `buttons_switches_only`) in cros_ec_keyb_probe(), `ckdev->idev` remains NULL. An invalid memory access | ||
| CVE-2025-40262 | — | < 1-150600.13.3.1 | 1-150600.13.3.1 | Dec 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: Input: imx_sc_key - fix memory corruption on unload This is supposed to be "priv" but we accidentally pass "&priv" which is an address in the stack and so it will lead to memory corruption when the imx_sc_key_a | ||
| CVE-2025-40258 | — | < 1-150600.13.3.1 | 1-150600.13.3.1 | Dec 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: mptcp: fix race condition in mptcp_schedule_work() syzbot reported use-after-free in mptcp_schedule_work() [1] Issue here is that mptcp_schedule_work() schedules a work, then gets a refcount on sk->sk_refcnt i | ||
| CVE-2025-40256 | — | < 1-150600.13.3.1 | 1-150600.13.3.1 | Dec 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: xfrm: also call xfrm_state_delete_tunnel at destroy time for states that were never added In commit b441cf3f8c4b ("xfrm: delete x->tunnel as we delete x"), I missed the case where state creation fails between f | ||
| CVE-2025-40244 | — | < 1-150600.13.3.1 | 1-150600.13.3.1 | Dec 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent() The syzbot reported issue in __hfsplus_ext_cache_extent(): [ 70.194323][ T9350] BUG: KMSAN: uninit-value in __hfsplus_ext_cache_extent+0x | ||
| CVE-2025-40242 | — | < 1-150600.13.3.1 | 1-150600.13.3.1 | Dec 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix unlikely race in gdlm_put_lock In gdlm_put_lock(), there is a small window of time in which the DFL_UNMOUNT flag has been set but the lockspace hasn't been released, yet. In that window, dlm may stil | ||
| CVE-2025-40233 | — | < 1-150600.13.3.1 | 1-150600.13.3.1 | Dec 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: ocfs2: clear extent cache after moving/defragmenting extents The extent map cache can become stale when extents are moved or defragmented, causing subsequent operations to see outdated extent flags. This trigg | ||
| CVE-2025-40223 | — | < 1-150600.13.3.1 | 1-150600.13.3.1 | Dec 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: most: usb: Fix use-after-free in hdm_disconnect hdm_disconnect() calls most_deregister_interface(), which eventually unregisters the MOST interface device with device_unregister(iface->dev). If that drops the l | ||
| CVE-2025-40220 | — | < 1-150600.13.3.1 | 1-150600.13.3.1 | Dec 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: fuse: fix livelock in synchronous file put from fuseblk workers I observed a hang when running generic/323 against a fuseblk server. This test opens a file, initiates a lot of AIO writes to that file descriptor | ||
| CVE-2025-40219 | — | < 1-150600.13.3.1 | 1-150600.13.3.1 | Dec 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: PCI/IOV: Fix race between SR-IOV enable/disable and hotplug Commit 05703271c3cd ("PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV") tried to fix a race between the VF removal inside sriov_ | ||
| CVE-2025-40215 | — | < 1-150600.13.3.1 | 1-150600.13.3.1 | Dec 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: xfrm: delete x->tunnel as we delete x The ipcomp fallback tunnels currently get deleted (from the various lists and hashtables) as the last user state that needed that fallback is destroyed (not deleted). If a |
- CVE-2025-40284Dec 6, 2025affected < 1-150600.13.3.1fixed 1-150600.13.3.1
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: cancel mesh send timer when hdev removed mesh_send_done timer is not canceled when hdev is removed, which causes crash if the timer triggers after hdev is gone. Cancel the timer when MGMT remo
- CVE-2025-40283Dec 6, 2025affected < 1-150600.13.3.1fixed 1-150600.13.3.1
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btusb: reorder cleanup in btusb_disconnect to avoid UAF There is a KASAN: slab-use-after-free read in btusb_disconnect(). Calling "usb_driver_release_interface(&btusb_driver, data->intf)" will free t
- CVE-2025-40282Dec 6, 2025affected < 1-150600.13.3.1fixed 1-150600.13.3.1
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: 6lowpan: reset link-local header on ipv6 recv path Bluetooth 6lowpan.c netdev has header_ops, so it must set link-local header for RX skb, otherwise things crash, eg. with AF_PACKET SOCK_RAW Add mis
- CVE-2025-40280Dec 6, 2025affected < 1-150600.13.3.1fixed 1-150600.13.3.1
In the Linux kernel, the following vulnerability has been resolved: tipc: Fix use-after-free in tipc_mon_reinit_self(). syzbot reported use-after-free of tipc_net(net)->monitors[] in tipc_mon_reinit_self(). [0] The array is protected by RTNL, but tipc_mon_reinit_self() iterate
- CVE-2025-40277Dec 6, 2025affected < 1-150600.13.3.1fixed 1-150600.13.3.1
In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Validate command header size against SVGA_CMD_MAX_DATASIZE This data originates from userspace and is used in buffer offset calculations which could potentially overflow causing an out-of-bounds acc
- CVE-2025-40275Dec 6, 2025affected < 1-150600.13.3.1fixed 1-150600.13.3.1
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix NULL pointer dereference in snd_usb_mixer_controls_badd In snd_usb_create_streams(), for UAC version 3 devices, the Interface Association Descriptor (IAD) is retrieved via usb_ifnum_to_if()
- CVE-2025-40273Dec 6, 2025affected < 1-150600.13.3.1fixed 1-150600.13.3.1
In the Linux kernel, the following vulnerability has been resolved: NFSD: free copynotify stateid in nfs4_free_ol_stateid() Typically copynotify stateid is freed either when parent's stateid is being close/freed or in nfsd4_laundromat if the stateid hasn't been used in a lease
- CVE-2025-40272Dec 6, 2025affected < 1-150600.13.3.1fixed 1-150600.13.3.1
In the Linux kernel, the following vulnerability has been resolved: mm/secretmem: fix use-after-free race in fault handler When a page fault occurs in a secret memory file created with `memfd_secret(2)`, the kernel will allocate a new folio for it, mark the underlying page as n
- CVE-2025-40269Dec 6, 2025affected < 1-150600.13.3.1fixed 1-150600.13.3.1
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix potential overflow of PCM transfer buffer The PCM stream data in USB-audio driver is transferred over USB URB packet buffers, and each packet size is determined dynamically. The packet siz
- CVE-2025-40263Dec 4, 2025affected < 1-150600.13.3.1fixed 1-150600.13.3.1
In the Linux kernel, the following vulnerability has been resolved: Input: cros_ec_keyb - fix an invalid memory access If cros_ec_keyb_register_matrix() isn't called (due to `buttons_switches_only`) in cros_ec_keyb_probe(), `ckdev->idev` remains NULL. An invalid memory access
- CVE-2025-40262Dec 4, 2025affected < 1-150600.13.3.1fixed 1-150600.13.3.1
In the Linux kernel, the following vulnerability has been resolved: Input: imx_sc_key - fix memory corruption on unload This is supposed to be "priv" but we accidentally pass "&priv" which is an address in the stack and so it will lead to memory corruption when the imx_sc_key_a
- CVE-2025-40258Dec 4, 2025affected < 1-150600.13.3.1fixed 1-150600.13.3.1
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix race condition in mptcp_schedule_work() syzbot reported use-after-free in mptcp_schedule_work() [1] Issue here is that mptcp_schedule_work() schedules a work, then gets a refcount on sk->sk_refcnt i
- CVE-2025-40256Dec 4, 2025affected < 1-150600.13.3.1fixed 1-150600.13.3.1
In the Linux kernel, the following vulnerability has been resolved: xfrm: also call xfrm_state_delete_tunnel at destroy time for states that were never added In commit b441cf3f8c4b ("xfrm: delete x->tunnel as we delete x"), I missed the case where state creation fails between f
- CVE-2025-40244Dec 4, 2025affected < 1-150600.13.3.1fixed 1-150600.13.3.1
In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent() The syzbot reported issue in __hfsplus_ext_cache_extent(): [ 70.194323][ T9350] BUG: KMSAN: uninit-value in __hfsplus_ext_cache_extent+0x
- CVE-2025-40242Dec 4, 2025affected < 1-150600.13.3.1fixed 1-150600.13.3.1
In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix unlikely race in gdlm_put_lock In gdlm_put_lock(), there is a small window of time in which the DFL_UNMOUNT flag has been set but the lockspace hasn't been released, yet. In that window, dlm may stil
- CVE-2025-40233Dec 4, 2025affected < 1-150600.13.3.1fixed 1-150600.13.3.1
In the Linux kernel, the following vulnerability has been resolved: ocfs2: clear extent cache after moving/defragmenting extents The extent map cache can become stale when extents are moved or defragmented, causing subsequent operations to see outdated extent flags. This trigg
- CVE-2025-40223Dec 4, 2025affected < 1-150600.13.3.1fixed 1-150600.13.3.1
In the Linux kernel, the following vulnerability has been resolved: most: usb: Fix use-after-free in hdm_disconnect hdm_disconnect() calls most_deregister_interface(), which eventually unregisters the MOST interface device with device_unregister(iface->dev). If that drops the l
- CVE-2025-40220Dec 4, 2025affected < 1-150600.13.3.1fixed 1-150600.13.3.1
In the Linux kernel, the following vulnerability has been resolved: fuse: fix livelock in synchronous file put from fuseblk workers I observed a hang when running generic/323 against a fuseblk server. This test opens a file, initiates a lot of AIO writes to that file descriptor
- CVE-2025-40219Dec 4, 2025affected < 1-150600.13.3.1fixed 1-150600.13.3.1
In the Linux kernel, the following vulnerability has been resolved: PCI/IOV: Fix race between SR-IOV enable/disable and hotplug Commit 05703271c3cd ("PCI/IOV: Add PCI rescan-remove locking when enabling/disabling SR-IOV") tried to fix a race between the VF removal inside sriov_
- CVE-2025-40215Dec 4, 2025affected < 1-150600.13.3.1fixed 1-150600.13.3.1
In the Linux kernel, the following vulnerability has been resolved: xfrm: delete x->tunnel as we delete x The ipcomp fallback tunnels currently get deleted (from the various lists and hashtables) as the last user state that needed that fallback is destroyed (not deleted). If a
Page 16 of 18