rpm package

suse/kernel-livepatch-SLE15-SP7-RT_Update_1&distro=SUSE Linux Enterprise Live Patching 15 SP7

pkg:rpm/suse/kernel-livepatch-SLE15-SP7-RT_Update_1&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP7

Vulnerabilities (161)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2025-22033		—	< 1-150700.1.3.1	1-150700.1.3.1	Apr 16, 2025	In the Linux kernel, the following vulnerability has been resolved: arm64: Don't call NULL in do_compat_alignment_fixup() do_alignment_t32_to_handler() only fixes up alignment faults for specific instructions; it returns NULL otherwise (e.g. LDREX). When that's the case, signal
CVE-2025-22030		—	< 1-150700.1.3.1	1-150700.1.3.1	Apr 16, 2025	In the Linux kernel, the following vulnerability has been resolved: mm: zswap: fix crypto_free_acomp() deadlock in zswap_cpu_comp_dead() Currently, zswap_cpu_comp_dead() calls crypto_free_acomp() while holding the per-CPU acomp_ctx mutex. crypto_free_acomp() then holds scomp_l
CVE-2025-22027		—	< 1-150700.1.3.1	1-150700.1.3.1	Apr 16, 2025	In the Linux kernel, the following vulnerability has been resolved: media: streamzap: fix race between device disconnection and urb callback Syzkaller has reported a general protection fault at function ir_raw_event_store_with_filter(). This crash is caused by a NULL pointer de
CVE-2025-22025		—	< 1-150700.1.3.1	1-150700.1.3.1	Apr 16, 2025	In the Linux kernel, the following vulnerability has been resolved: nfsd: put dl_stid if fail to queue dl_recall Before calling nfsd4_run_cb to queue dl_recall to the callback_wq, we increment the reference count of dl_stid. We expect that after the corresponding work_struct is
CVE-2024-58095		—	< 1-150700.1.3.1	1-150700.1.3.1	Apr 16, 2025	In the Linux kernel, the following vulnerability has been resolved: jfs: add check read-only before txBeginAnon() call Added a read-only check before calling `txBeginAnon` in `extAlloc` and `extRecord`. This prevents modification attempts on a read-only mounted filesystem, avoi
CVE-2024-58094		—	< 1-150700.1.3.1	1-150700.1.3.1	Apr 16, 2025	In the Linux kernel, the following vulnerability has been resolved: jfs: add check read-only before truncation in jfs_truncate_nolock() Added a check for "read-only" mode in the `jfs_truncate_nolock` function to avoid errors related to writing to a read-only filesystem. Call s
CVE-2024-58093		—	< 1-150700.1.3.1	1-150700.1.3.1	Apr 16, 2025	In the Linux kernel, the following vulnerability has been resolved: PCI/ASPM: Fix link state exit during switch upstream function removal Before 456d8aa37d0f ("PCI/ASPM: Disable ASPM on MFD function removal to avoid use-after-free"), we would free the ASPM link only after the l
CVE-2023-53034		—	< 1-150700.1.3.1	1-150700.1.3.1	Apr 16, 2025	In the Linux kernel, the following vulnerability has been resolved: ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans There is a kernel API ntb_mw_clear_trans() would pass 0 to both addr and size. This would make xlate_pos negative. [ 23.734156] switcht
CVE-2025-22021		—	< 1-150700.1.3.1	1-150700.1.3.1	Apr 16, 2025	In the Linux kernel, the following vulnerability has been resolved: netfilter: socket: Lookup orig tuple for IPv6 SNAT nf_sk_lookup_slow_v4 does the conntrack lookup for IPv4 packets to restore the original 5-tuple in case of SNAT, to be able to find the right socket (if any).
CVE-2025-22018		—	< 1-150700.1.3.1	1-150700.1.3.1	Apr 16, 2025	In the Linux kernel, the following vulnerability has been resolved: atm: Fix NULL pointer dereference When MPOA_cache_impos_rcvd() receives the msg, it can trigger Null Pointer Dereference Vulnerability if both entry and holding_time are NULL. Because there is only for the situ
CVE-2025-21964		—	< 1-150700.1.3.1	1-150700.1.3.1	Apr 1, 2025	In the Linux kernel, the following vulnerability has been resolved: cifs: Fix integer overflow while processing acregmax mount option User-provided mount parameter acregmax of type u32 is intended to have an upper limit, but before it is validated, the value is converted from s
CVE-2025-21963		—	< 1-150700.1.3.1	1-150700.1.3.1	Apr 1, 2025	In the Linux kernel, the following vulnerability has been resolved: cifs: Fix integer overflow while processing acdirmax mount option User-provided mount parameter acdirmax of type u32 is intended to have an upper limit, but before it is validated, the value is converted from s
CVE-2025-21962		—	< 1-150700.1.3.1	1-150700.1.3.1	Apr 1, 2025	In the Linux kernel, the following vulnerability has been resolved: cifs: Fix integer overflow while processing closetimeo mount option User-provided mount parameter closetimeo of type u32 is intended to have an upper limit, but before it is validated, the value is converted fr
CVE-2025-21929		—	< 1-150700.1.3.1	1-150700.1.3.1	Apr 1, 2025	In the Linux kernel, the following vulnerability has been resolved: HID: intel-ish-hid: Fix use-after-free issue in hid_ishtp_cl_remove() During the `rmmod` operation for the `intel_ishtp_hid` driver, a use-after-free issue can occur in the hid_ishtp_cl_remove() function. The f
CVE-2025-21919		—	< 1-150700.1.3.1	1-150700.1.3.1	Apr 1, 2025	In the Linux kernel, the following vulnerability has been resolved: sched/fair: Fix potential memory corruption in child_cfs_rq_on_list child_cfs_rq_on_list attempts to convert a 'prev' pointer to a cfs_rq. This 'prev' pointer can originate from struct rq's leaf_cfs_rq_list, ma
CVE-2025-21853		—	< 1-150700.1.3.1	1-150700.1.3.1	Mar 12, 2025	In the Linux kernel, the following vulnerability has been resolved: bpf: avoid holding freeze_mutex during mmap operation We use map->freeze_mutex to prevent races between map_freeze() and memory mapping BPF map contents with writable permissions. The way we naively do this mea
CVE-2025-21852		—	< 1-150700.1.3.1	1-150700.1.3.1	Mar 12, 2025	In the Linux kernel, the following vulnerability has been resolved: net: Add rx_skb of kfree_skb to raw_tp_null_args[]. Yan Zhai reported a BPF prog could trigger a null-ptr-deref [0] in trace_kfree_skb if the prog does not check if rx_sk is NULL. Commit c53795d48ee8 ("net: ad
CVE-2024-58070		—	< 1-150700.1.3.1	1-150700.1.3.1	Mar 6, 2025	In the Linux kernel, the following vulnerability has been resolved: bpf: bpf_local_storage: Always use bpf_mem_alloc in PREEMPT_RT In PREEMPT_RT, kmalloc(GFP_ATOMIC) is still not safe in non preemptible context. bpf_mem_alloc must be used in PREEMPT_RT. This patch is to enforce
CVE-2025-21814	Med	5.5	< 1-150700.1.3.1	1-150700.1.3.1	Feb 27, 2025	In the Linux kernel, the following vulnerability has been resolved: ptp: Ensure info->enable callback is always set The ioctl and sysfs handlers unconditionally call the ->enable callback. Not all drivers implement that callback, leading to NULL dereferences. Example of affecte
CVE-2025-21787	Med	5.5	< 1-150700.1.3.1	1-150700.1.3.1	Feb 27, 2025	In the Linux kernel, the following vulnerability has been resolved: team: better TEAM_OPTION_TYPE_STRING validation syzbot reported following splat [1] Make sure user-provided data contains one nul byte. [1] BUG: KMSAN: uninit-value in string_nocheck lib/vsprintf.c:633 [inli

CVE-2025-22033Apr 16, 2025
affected < 1-150700.1.3.1fixed 1-150700.1.3.1
In the Linux kernel, the following vulnerability has been resolved: arm64: Don't call NULL in do_compat_alignment_fixup() do_alignment_t32_to_handler() only fixes up alignment faults for specific instructions; it returns NULL otherwise (e.g. LDREX). When that's the case, signal
CVE-2025-22030Apr 16, 2025
affected < 1-150700.1.3.1fixed 1-150700.1.3.1
In the Linux kernel, the following vulnerability has been resolved: mm: zswap: fix crypto_free_acomp() deadlock in zswap_cpu_comp_dead() Currently, zswap_cpu_comp_dead() calls crypto_free_acomp() while holding the per-CPU acomp_ctx mutex. crypto_free_acomp() then holds scomp_l
CVE-2025-22027Apr 16, 2025
affected < 1-150700.1.3.1fixed 1-150700.1.3.1
In the Linux kernel, the following vulnerability has been resolved: media: streamzap: fix race between device disconnection and urb callback Syzkaller has reported a general protection fault at function ir_raw_event_store_with_filter(). This crash is caused by a NULL pointer de
CVE-2025-22025Apr 16, 2025
affected < 1-150700.1.3.1fixed 1-150700.1.3.1
In the Linux kernel, the following vulnerability has been resolved: nfsd: put dl_stid if fail to queue dl_recall Before calling nfsd4_run_cb to queue dl_recall to the callback_wq, we increment the reference count of dl_stid. We expect that after the corresponding work_struct is
CVE-2024-58095Apr 16, 2025
affected < 1-150700.1.3.1fixed 1-150700.1.3.1
In the Linux kernel, the following vulnerability has been resolved: jfs: add check read-only before txBeginAnon() call Added a read-only check before calling `txBeginAnon` in `extAlloc` and `extRecord`. This prevents modification attempts on a read-only mounted filesystem, avoi
CVE-2024-58094Apr 16, 2025
affected < 1-150700.1.3.1fixed 1-150700.1.3.1
In the Linux kernel, the following vulnerability has been resolved: jfs: add check read-only before truncation in jfs_truncate_nolock() Added a check for "read-only" mode in the `jfs_truncate_nolock` function to avoid errors related to writing to a read-only filesystem. Call s
CVE-2024-58093Apr 16, 2025
affected < 1-150700.1.3.1fixed 1-150700.1.3.1
In the Linux kernel, the following vulnerability has been resolved: PCI/ASPM: Fix link state exit during switch upstream function removal Before 456d8aa37d0f ("PCI/ASPM: Disable ASPM on MFD function removal to avoid use-after-free"), we would free the ASPM link only after the l
CVE-2023-53034Apr 16, 2025
affected < 1-150700.1.3.1fixed 1-150700.1.3.1
In the Linux kernel, the following vulnerability has been resolved: ntb_hw_switchtec: Fix shift-out-of-bounds in switchtec_ntb_mw_set_trans There is a kernel API ntb_mw_clear_trans() would pass 0 to both addr and size. This would make xlate_pos negative. [ 23.734156] switcht
CVE-2025-22021Apr 16, 2025
affected < 1-150700.1.3.1fixed 1-150700.1.3.1
In the Linux kernel, the following vulnerability has been resolved: netfilter: socket: Lookup orig tuple for IPv6 SNAT nf_sk_lookup_slow_v4 does the conntrack lookup for IPv4 packets to restore the original 5-tuple in case of SNAT, to be able to find the right socket (if any).
CVE-2025-22018Apr 16, 2025
affected < 1-150700.1.3.1fixed 1-150700.1.3.1
In the Linux kernel, the following vulnerability has been resolved: atm: Fix NULL pointer dereference When MPOA_cache_impos_rcvd() receives the msg, it can trigger Null Pointer Dereference Vulnerability if both entry and holding_time are NULL. Because there is only for the situ
CVE-2025-21964Apr 1, 2025
affected < 1-150700.1.3.1fixed 1-150700.1.3.1
In the Linux kernel, the following vulnerability has been resolved: cifs: Fix integer overflow while processing acregmax mount option User-provided mount parameter acregmax of type u32 is intended to have an upper limit, but before it is validated, the value is converted from s
CVE-2025-21963Apr 1, 2025
affected < 1-150700.1.3.1fixed 1-150700.1.3.1
In the Linux kernel, the following vulnerability has been resolved: cifs: Fix integer overflow while processing acdirmax mount option User-provided mount parameter acdirmax of type u32 is intended to have an upper limit, but before it is validated, the value is converted from s
CVE-2025-21962Apr 1, 2025
affected < 1-150700.1.3.1fixed 1-150700.1.3.1
In the Linux kernel, the following vulnerability has been resolved: cifs: Fix integer overflow while processing closetimeo mount option User-provided mount parameter closetimeo of type u32 is intended to have an upper limit, but before it is validated, the value is converted fr
CVE-2025-21929Apr 1, 2025
affected < 1-150700.1.3.1fixed 1-150700.1.3.1
In the Linux kernel, the following vulnerability has been resolved: HID: intel-ish-hid: Fix use-after-free issue in hid_ishtp_cl_remove() During the `rmmod` operation for the `intel_ishtp_hid` driver, a use-after-free issue can occur in the hid_ishtp_cl_remove() function. The f
CVE-2025-21919Apr 1, 2025
affected < 1-150700.1.3.1fixed 1-150700.1.3.1
In the Linux kernel, the following vulnerability has been resolved: sched/fair: Fix potential memory corruption in child_cfs_rq_on_list child_cfs_rq_on_list attempts to convert a 'prev' pointer to a cfs_rq. This 'prev' pointer can originate from struct rq's leaf_cfs_rq_list, ma
CVE-2025-21853Mar 12, 2025
affected < 1-150700.1.3.1fixed 1-150700.1.3.1
In the Linux kernel, the following vulnerability has been resolved: bpf: avoid holding freeze_mutex during mmap operation We use map->freeze_mutex to prevent races between map_freeze() and memory mapping BPF map contents with writable permissions. The way we naively do this mea
CVE-2025-21852Mar 12, 2025
affected < 1-150700.1.3.1fixed 1-150700.1.3.1
In the Linux kernel, the following vulnerability has been resolved: net: Add rx_skb of kfree_skb to raw_tp_null_args[]. Yan Zhai reported a BPF prog could trigger a null-ptr-deref [0] in trace_kfree_skb if the prog does not check if rx_sk is NULL. Commit c53795d48ee8 ("net: ad
CVE-2024-58070Mar 6, 2025
affected < 1-150700.1.3.1fixed 1-150700.1.3.1
In the Linux kernel, the following vulnerability has been resolved: bpf: bpf_local_storage: Always use bpf_mem_alloc in PREEMPT_RT In PREEMPT_RT, kmalloc(GFP_ATOMIC) is still not safe in non preemptible context. bpf_mem_alloc must be used in PREEMPT_RT. This patch is to enforce
CVE-2025-21814MedFeb 27, 2025
affected < 1-150700.1.3.1fixed 1-150700.1.3.1
In the Linux kernel, the following vulnerability has been resolved: ptp: Ensure info->enable callback is always set The ioctl and sysfs handlers unconditionally call the ->enable callback. Not all drivers implement that callback, leading to NULL dereferences. Example of affecte
CVE-2025-21787MedFeb 27, 2025
affected < 1-150700.1.3.1fixed 1-150700.1.3.1
In the Linux kernel, the following vulnerability has been resolved: team: better TEAM_OPTION_TYPE_STRING validation syzbot reported following splat [1] Make sure user-provided data contains one nul byte. [1] BUG: KMSAN: uninit-value in string_nocheck lib/vsprintf.c:633 [inli

Page 7 of 9