VYPR

rpm package

suse/kernel-livepatch-SLE15-SP7-RT_Update_1&distro=SUSE Linux Enterprise Live Patching 15 SP7

pkg:rpm/suse/kernel-livepatch-SLE15-SP7-RT_Update_1&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP7

Vulnerabilities (167)

  • CVE-2026-46323HigJun 9, 2026
    affected < 18-150700.2.1fixed 18-150700.2.1

    In the Linux kernel, the following vulnerability has been resolved: net: gro: don't merge zcopy skbs skb_gro_receive() can currently copy frags between the source and GRO skb, without checking the zerocopy status, and in particular the SKBFL_MANAGED_FRAG_REFS flag. When SKBFL_

  • CVE-2026-43503HigMay 23, 2026
    affected < 18-150700.2.1fixed 18-150700.2.1

    In the Linux kernel, the following vulnerability has been resolved: net: skbuff: propagate shared-frag marker through frag-transfer helpers Two frag-transfer helpers (__pskb_copy_fclone() and skb_shift()) fail to propagate the SKBFL_SHARED_FRAG bit in skb_shinfo()->flags when m

  • CVE-2026-31694HigMay 1, 2026
    affected < 18-150700.2.1fixed 18-150700.2.1

    In the Linux kernel, the following vulnerability has been resolved: fuse: reject oversized dirents in page cache fuse_add_dirent_to_cache() computes a serialized dirent size from the server-controlled namelen field and copies the dirent into a single page-cache page. The existi

  • CVE-2026-31504HigApr 22, 2026
    affected < 18-150700.2.1fixed 18-150700.2.1

    In the Linux kernel, the following vulnerability has been resolved: net: fix fanout UAF in packet_release() via NETDEV_UP race `packet_release()` has a race window where `NETDEV_UP` can re-register a socket into a fanout group's `arr[]` array. The re-registration is not cleaned

  • CVE-2026-31402CriApr 3, 2026
    affected < 18-150700.2.1fixed 18-150700.2.1

    In the Linux kernel, the following vulnerability has been resolved: nfsd: fix heap overflow in NFSv4.0 LOCK replay cache The NFSv4.0 replay cache uses a fixed 112-byte inline buffer (rp_ibuf[NFSD4_REPLAY_ISIZE]) to store encoded operation responses. This size was calculated bas

  • CVE-2026-23278HigMar 20, 2026
    affected < 18-150700.2.1fixed 18-150700.2.1

    In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: always walk all pending catchall elements During transaction processing we might have more than one catchall element: 1 live catchall element and 1 pending element that is coming as part o

  • CVE-2026-23209HigFeb 14, 2026
    affected < 13-150700.2.1fixed 13-150700.2.1

    In the Linux kernel, the following vulnerability has been resolved: macvlan: fix error recovery in macvlan_common_newlink() valis provided a nice repro to crash the kernel: ip link add p1 type veth peer p2 ip link set address 00:00:00:00:00:20 dev p1 ip link set up dev p1 ip l

  • CVE-2026-23111HigFeb 13, 2026
    affected < 13-150700.2.1fixed 13-150700.2.1

    In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fix inverted genmask check in nft_map_catchall_activate() nft_map_catchall_activate() has an inverted element activity check compared to its non-catchall counterpart nft_mapelem_activate()

  • CVE-2026-23074HigFeb 4, 2026
    affected < 13-150700.2.1fixed 13-150700.2.1

    In the Linux kernel, the following vulnerability has been resolved: net/sched: Enforce that teql can only be used as root qdisc Design intent of teql is that it is only supposed to be used as root qdisc. We need to check for that constraint. Although not important, I will desc

  • CVE-2026-22999HigJan 25, 2026
    affected < 13-150700.2.1fixed 13-150700.2.1

    In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_qfq: do not free existing class in qfq_change_class() Fixes qfq_change_class() error case. cl->qdisc and cl should only be freed if a new class and qdisc were allocated, or we risk various UAF.

  • CVE-2025-71120Jan 14, 2026
    affected < 13-150700.2.1fixed 13-150700.2.1

    In the Linux kernel, the following vulnerability has been resolved: SUNRPC: svcauth_gss: avoid NULL deref on zero length gss_token in gss_read_proxy_verf A zero length gss_token results in pages == 0 and in_token->pages[0] is NULL. The code unconditionally evaluates page_addres

  • CVE-2025-68813Jan 13, 2026
    affected < 12-150700.2.1fixed 12-150700.2.1

    In the Linux kernel, the following vulnerability has been resolved: ipvs: fix ipv4 null-ptr-deref in route error path The IPv4 code path in __ip_vs_get_out_rt() calls dst_link_failure() without ensuring skb->dev is set, leading to a NULL pointer dereference in fib_compute_spec_

  • CVE-2025-71085Jan 13, 2026
    affected < 12-150700.2.1fixed 12-150700.2.1

    In the Linux kernel, the following vulnerability has been resolved: ipv6: BUG() in pskb_expand_head() as part of calipso_skbuff_setattr() There exists a kernel oops caused by a BUG_ON(nhead < 0) at net/core/skbuff.c:2232 in pskb_expand_head(). This bug is triggered as part of t

  • CVE-2025-68285Dec 16, 2025
    affected < 12-150700.2.1fixed 12-150700.2.1

    In the Linux kernel, the following vulnerability has been resolved: libceph: fix potential use-after-free in have_mon_and_osd_map() The wait loop in __ceph_open_session() can race with the client receiving a new monmap or osdmap shortly after the initial map is received. Both

  • CVE-2025-68284Dec 16, 2025
    affected < 12-150700.2.1fixed 12-150700.2.1

    In the Linux kernel, the following vulnerability has been resolved: libceph: prevent potential out-of-bounds writes in handle_auth_session_key() The len field originates from untrusted network packets. Boundary checks have been added to prevent potential out-of-bounds writes wh

  • CVE-2025-40297Dec 8, 2025
    affected < 12-150700.2.1fixed 12-150700.2.1

    In the Linux kernel, the following vulnerability has been resolved: net: bridge: fix use-after-free due to MST port state bypass syzbot reported[1] a use-after-free when deleting an expired fdb. It is due to a race condition between learning still happening and a port being del

  • CVE-2025-40284Dec 6, 2025
    affected < 12-150700.2.1fixed 12-150700.2.1

    In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: cancel mesh send timer when hdev removed mesh_send_done timer is not canceled when hdev is removed, which causes crash if the timer triggers after hdev is gone. Cancel the timer when MGMT remo

  • CVE-2025-40258Dec 4, 2025
    affected < 12-150700.2.1fixed 12-150700.2.1

    In the Linux kernel, the following vulnerability has been resolved: mptcp: fix race condition in mptcp_schedule_work() syzbot reported use-after-free in mptcp_schedule_work() [1] Issue here is that mptcp_schedule_work() schedules a work, then gets a refcount on sk->sk_refcnt i

  • CVE-2025-40204Nov 12, 2025
    affected < 9-150700.2.1fixed 9-150700.2.1

    In the Linux kernel, the following vulnerability has been resolved: sctp: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this.

  • CVE-2025-40186Nov 12, 2025
    affected < 10-150700.2.1fixed 10-150700.2.1

    In the Linux kernel, the following vulnerability has been resolved: tcp: Don't call reqsk_fastopen_remove() in tcp_conn_request(). syzbot reported the splat below in tcp_conn_request(). [0] If a listener is close()d while a TFO socket is being processed in tcp_conn_request(),

Page 1 of 9