rpm package

suse/kernel-livepatch-SLE15-SP6_Update_9&distro=SUSE Linux Enterprise Live Patching 15 SP6

pkg:rpm/suse/kernel-livepatch-SLE15-SP6_Update_9&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP6

Vulnerabilities (110)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2023-52924		—	< 1-150600.13.3.4	1-150600.13.3.4	Feb 5, 2025	In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: don't skip expired elements during walk There is an asymmetry between commit/abort and preparation phase if the following conditions are met: 1. set is a verdict map ("1.2.3.4 : jump foo"
CVE-2024-57948	Med	5.5	< 1-150600.13.3.4	1-150600.13.3.4	Jan 31, 2025	In the Linux kernel, the following vulnerability has been resolved: mac802154: check local interfaces before deleting sdata list syzkaller reported a corrupted list in ieee802154_if_remove. [1] Remove an IEEE 802.15.4 network interface after unregister an IEEE 802.15.4 hardwar
CVE-2025-21681		—	< 1-150600.13.3.4	1-150600.13.3.4	Jan 31, 2025	In the Linux kernel, the following vulnerability has been resolved: openvswitch: fix lockup on tx to unregistering netdev with carrier Commit in a fixes tag attempted to fix the issue in the following sequence of calls: do_output -> ovs_vport_send -> dev_queue_x
CVE-2025-21680		—	< 1-150600.13.3.4	1-150600.13.3.4	Jan 31, 2025	In the Linux kernel, the following vulnerability has been resolved: pktgen: Avoid out-of-bounds access in get_imix_entries Passing a sufficient amount of imix entries leads to invalid access to the pkt_dev->imix_entries array because of the incorrect boundary check. UBSAN: arr
CVE-2025-21673		—	< 1-150600.13.3.4	1-150600.13.3.4	Jan 31, 2025	In the Linux kernel, the following vulnerability has been resolved: smb: client: fix double free of TCP_Server_Info::hostname When shutting down the server in cifs_put_tcp_session(), cifsd thread might be reconnecting to multiple DFS targets before it realizes it should exit th
CVE-2025-21668		—	< 1-150600.13.3.4	1-150600.13.3.4	Jan 31, 2025	In the Linux kernel, the following vulnerability has been resolved: pmdomain: imx8mp-blk-ctrl: add missing loop break condition Currently imx8mp_blk_ctrl_remove() will continue the for loop until an out-of-bounds exception occurs. pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DI
CVE-2025-21667		—	< 1-150600.13.3.4	1-150600.13.3.4	Jan 31, 2025	In the Linux kernel, the following vulnerability has been resolved: iomap: avoid avoid truncating 64-bit offset to 32 bits on 32-bit kernels, iomap_write_delalloc_scan() was inadvertently using a 32-bit position due to folio_next_index() returning an unsigned long. This could l
CVE-2025-21665		—	< 1-150600.13.3.4	1-150600.13.3.4	Jan 31, 2025	In the Linux kernel, the following vulnerability has been resolved: filemap: avoid truncating 64-bit offset to 32 bits On 32-bit kernels, folio_seek_hole_data() was inadvertently truncating a 64-bit value to 32 bits, leading to a possible infinite loop when writing to an xfs fi
CVE-2025-21659		—	< 6-150600.2.1	6-150600.2.1	Jan 21, 2025	In the Linux kernel, the following vulnerability has been resolved: netdev: prevent accessing NAPI instances from another namespace The NAPI IDs were not fully exposed to user space prior to the netlink API, so they were never namespaced. The netlink API must ensure that at the
CVE-2025-21647	Hig	7.1	< 1-150600.13.3.4	1-150600.13.3.4	Jan 19, 2025	In the Linux kernel, the following vulnerability has been resolved: sched: sch_cake: add bounds checks to host bulk flow fairness counts Even though we fixed a logic error in the commit cited below, syzbot still managed to trigger an underflow of the per-host bulk flow counters
CVE-2025-21640	Med	5.5	< 1-150600.13.3.4	1-150600.13.3.4	Jan 19, 2025	In the Linux kernel, the following vulnerability has been resolved: sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy As mentioned in a previous commit of this series, using the 'net' structure via 'current' is not recommended for different reasons: - Inconsistency:
CVE-2025-21639	Med	5.5	< 1-150600.13.3.4	1-150600.13.3.4	Jan 19, 2025	In the Linux kernel, the following vulnerability has been resolved: sctp: sysctl: rto_min/max: avoid using current->nsproxy As mentioned in a previous commit of this series, using the 'net' structure via 'current' is not recommended for different reasons: - Inconsistency: gett
CVE-2025-21638	Med	5.5	< 1-150600.13.3.4	1-150600.13.3.4	Jan 19, 2025	In the Linux kernel, the following vulnerability has been resolved: sctp: sysctl: auth_enable: avoid using current->nsproxy As mentioned in a previous commit of this series, using the 'net' structure via 'current' is not recommended for different reasons: - Inconsistency: gett
CVE-2025-21637		—	< 1-150600.13.3.4	1-150600.13.3.4	Jan 19, 2025	In the Linux kernel, the following vulnerability has been resolved: sctp: sysctl: udp_port: avoid using current->nsproxy As mentioned in a previous commit of this series, using the 'net' structure via 'current' is not recommended for different reasons: - Inconsistency: getting
CVE-2025-21636		—	< 1-150600.13.3.4	1-150600.13.3.4	Jan 19, 2025	In the Linux kernel, the following vulnerability has been resolved: sctp: sysctl: plpmtud_probe_interval: avoid using current->nsproxy As mentioned in a previous commit of this series, using the 'net' structure via 'current' is not recommended for different reasons: - Inconsis
CVE-2024-57889		—	< 1-150600.13.3.4	1-150600.13.3.4	Jan 15, 2025	In the Linux kernel, the following vulnerability has been resolved: pinctrl: mcp23s08: Fix sleeping in atomic context due to regmap locking If a device uses MCP23xxx IO expander to receive IRQs, the following bug can happen: BUG: sleeping function called from invalid context
CVE-2024-56720		—	< 1-150600.13.3.4	1-150600.13.3.4	Dec 29, 2024	In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Several fixes to bpf_msg_pop_data Several fixes to bpf_msg_pop_data, 1. In sk_msg_shift_left, we should put_page 2. if (len == 0), return early is better 3. pop the entire sk_msg (last == msg->sg.
CVE-2024-56647	Med	5.5	< 1-150600.13.3.4	1-150600.13.3.4	Dec 27, 2024	In the Linux kernel, the following vulnerability has been resolved: net: Fix icmp host relookup triggering ip_rt_bug arp link failure may trigger ip_rt_bug while xfrm enabled, call trace is: WARNING: CPU: 0 PID: 0 at net/ipv4/route.c:1241 ip_rt_bug+0x14/0x20 Modules linked in:
CVE-2024-56633		—	< 1-150600.13.3.4	1-150600.13.3.4	Dec 27, 2024	In the Linux kernel, the following vulnerability has been resolved: tcp_bpf: Fix the sk_mem_uncharge logic in tcp_bpf_sendmsg The current sk memory accounting logic in __SK_REDIRECT is pre-uncharging tosend bytes, which is either msg->sg.size or a smaller value apply_bytes. Po
CVE-2024-56605		—	< 1-150600.13.3.4	1-150600.13.3.4	Dec 27, 2024	In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create() bt_sock_alloc() allocates the sk object and attaches it to the provided sock object. On error l2cap_sock_alloc() frees the sk o

CVE-2023-52924Feb 5, 2025
affected < 1-150600.13.3.4fixed 1-150600.13.3.4
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: don't skip expired elements during walk There is an asymmetry between commit/abort and preparation phase if the following conditions are met: 1. set is a verdict map ("1.2.3.4 : jump foo"
CVE-2024-57948MedJan 31, 2025
affected < 1-150600.13.3.4fixed 1-150600.13.3.4
In the Linux kernel, the following vulnerability has been resolved: mac802154: check local interfaces before deleting sdata list syzkaller reported a corrupted list in ieee802154_if_remove. [1] Remove an IEEE 802.15.4 network interface after unregister an IEEE 802.15.4 hardwar
CVE-2025-21681Jan 31, 2025
affected < 1-150600.13.3.4fixed 1-150600.13.3.4
In the Linux kernel, the following vulnerability has been resolved: openvswitch: fix lockup on tx to unregistering netdev with carrier Commit in a fixes tag attempted to fix the issue in the following sequence of calls: do_output -> ovs_vport_send -> dev_queue_x
CVE-2025-21680Jan 31, 2025
affected < 1-150600.13.3.4fixed 1-150600.13.3.4
In the Linux kernel, the following vulnerability has been resolved: pktgen: Avoid out-of-bounds access in get_imix_entries Passing a sufficient amount of imix entries leads to invalid access to the pkt_dev->imix_entries array because of the incorrect boundary check. UBSAN: arr
CVE-2025-21673Jan 31, 2025
affected < 1-150600.13.3.4fixed 1-150600.13.3.4
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix double free of TCP_Server_Info::hostname When shutting down the server in cifs_put_tcp_session(), cifsd thread might be reconnecting to multiple DFS targets before it realizes it should exit th
CVE-2025-21668Jan 31, 2025
affected < 1-150600.13.3.4fixed 1-150600.13.3.4
In the Linux kernel, the following vulnerability has been resolved: pmdomain: imx8mp-blk-ctrl: add missing loop break condition Currently imx8mp_blk_ctrl_remove() will continue the for loop until an out-of-bounds exception occurs. pstate: 60000005 (nZCv daif -PAN -UAO -TCO -DI
CVE-2025-21667Jan 31, 2025
affected < 1-150600.13.3.4fixed 1-150600.13.3.4
In the Linux kernel, the following vulnerability has been resolved: iomap: avoid avoid truncating 64-bit offset to 32 bits on 32-bit kernels, iomap_write_delalloc_scan() was inadvertently using a 32-bit position due to folio_next_index() returning an unsigned long. This could l
CVE-2025-21665Jan 31, 2025
affected < 1-150600.13.3.4fixed 1-150600.13.3.4
In the Linux kernel, the following vulnerability has been resolved: filemap: avoid truncating 64-bit offset to 32 bits On 32-bit kernels, folio_seek_hole_data() was inadvertently truncating a 64-bit value to 32 bits, leading to a possible infinite loop when writing to an xfs fi
CVE-2025-21659Jan 21, 2025
affected < 6-150600.2.1fixed 6-150600.2.1
In the Linux kernel, the following vulnerability has been resolved: netdev: prevent accessing NAPI instances from another namespace The NAPI IDs were not fully exposed to user space prior to the netlink API, so they were never namespaced. The netlink API must ensure that at the
CVE-2025-21647HigJan 19, 2025
affected < 1-150600.13.3.4fixed 1-150600.13.3.4
In the Linux kernel, the following vulnerability has been resolved: sched: sch_cake: add bounds checks to host bulk flow fairness counts Even though we fixed a logic error in the commit cited below, syzbot still managed to trigger an underflow of the per-host bulk flow counters
CVE-2025-21640MedJan 19, 2025
affected < 1-150600.13.3.4fixed 1-150600.13.3.4
In the Linux kernel, the following vulnerability has been resolved: sctp: sysctl: cookie_hmac_alg: avoid using current->nsproxy As mentioned in a previous commit of this series, using the 'net' structure via 'current' is not recommended for different reasons: - Inconsistency:
CVE-2025-21639MedJan 19, 2025
affected < 1-150600.13.3.4fixed 1-150600.13.3.4
In the Linux kernel, the following vulnerability has been resolved: sctp: sysctl: rto_min/max: avoid using current->nsproxy As mentioned in a previous commit of this series, using the 'net' structure via 'current' is not recommended for different reasons: - Inconsistency: gett
CVE-2025-21638MedJan 19, 2025
affected < 1-150600.13.3.4fixed 1-150600.13.3.4
In the Linux kernel, the following vulnerability has been resolved: sctp: sysctl: auth_enable: avoid using current->nsproxy As mentioned in a previous commit of this series, using the 'net' structure via 'current' is not recommended for different reasons: - Inconsistency: gett
CVE-2025-21637Jan 19, 2025
affected < 1-150600.13.3.4fixed 1-150600.13.3.4
In the Linux kernel, the following vulnerability has been resolved: sctp: sysctl: udp_port: avoid using current->nsproxy As mentioned in a previous commit of this series, using the 'net' structure via 'current' is not recommended for different reasons: - Inconsistency: getting
CVE-2025-21636Jan 19, 2025
affected < 1-150600.13.3.4fixed 1-150600.13.3.4
In the Linux kernel, the following vulnerability has been resolved: sctp: sysctl: plpmtud_probe_interval: avoid using current->nsproxy As mentioned in a previous commit of this series, using the 'net' structure via 'current' is not recommended for different reasons: - Inconsis
CVE-2024-57889Jan 15, 2025
affected < 1-150600.13.3.4fixed 1-150600.13.3.4
In the Linux kernel, the following vulnerability has been resolved: pinctrl: mcp23s08: Fix sleeping in atomic context due to regmap locking If a device uses MCP23xxx IO expander to receive IRQs, the following bug can happen: BUG: sleeping function called from invalid context
CVE-2024-56720Dec 29, 2024
affected < 1-150600.13.3.4fixed 1-150600.13.3.4
In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Several fixes to bpf_msg_pop_data Several fixes to bpf_msg_pop_data, 1. In sk_msg_shift_left, we should put_page 2. if (len == 0), return early is better 3. pop the entire sk_msg (last == msg->sg.
CVE-2024-56647MedDec 27, 2024
affected < 1-150600.13.3.4fixed 1-150600.13.3.4
In the Linux kernel, the following vulnerability has been resolved: net: Fix icmp host relookup triggering ip_rt_bug arp link failure may trigger ip_rt_bug while xfrm enabled, call trace is: WARNING: CPU: 0 PID: 0 at net/ipv4/route.c:1241 ip_rt_bug+0x14/0x20 Modules linked in:
CVE-2024-56633Dec 27, 2024
affected < 1-150600.13.3.4fixed 1-150600.13.3.4
In the Linux kernel, the following vulnerability has been resolved: tcp_bpf: Fix the sk_mem_uncharge logic in tcp_bpf_sendmsg The current sk memory accounting logic in __SK_REDIRECT is pre-uncharging tosend bytes, which is either msg->sg.size or a smaller value apply_bytes. Po
CVE-2024-56605Dec 27, 2024
affected < 1-150600.13.3.4fixed 1-150600.13.3.4
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create() bt_sock_alloc() allocates the sk object and attaches it to the provided sock object. On error l2cap_sock_alloc() frees the sk o

Page 4 of 6