rpm package
suse/kernel-livepatch-SLE15-SP7-RT_Update_11&distro=SUSE Linux Enterprise Live Patching 15 SP7
pkg:rpm/suse/kernel-livepatch-SLE15-SP7-RT_Update_11&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP7
Vulnerabilities (40)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-71268 | Med | 5.5 | < 1-150700.1.3.1 | 1-150700.1.3.1 | Mar 18, 2026 | In the Linux kernel, the following vulnerability has been resolved: btrfs: fix reservation leak in some error paths when inserting inline extent If we fail to allocate a path or join a transaction, we return from __cow_file_range_inline() without freeing the reserved qgroup dat | |
| CVE-2026-23259 | — | < 1-150700.1.3.1 | 1-150700.1.3.1 | Mar 18, 2026 | In the Linux kernel, the following vulnerability has been resolved: io_uring/rw: free potentially allocated iovec on cache put failure If a read/write request goes through io_req_rw_cleanup() and has an allocated iovec attached and fails to put to the rw_cache, then it may end | ||
| CVE-2026-23243 | Hig | 7.8 | < 1-150700.1.3.1 | 1-150700.1.3.1 | Mar 18, 2026 | In the Linux kernel, the following vulnerability has been resolved: RDMA/umad: Reject negative data_len in ib_umad_write ib_umad_write computes data_len from user-controlled count and the MAD header sizes. With a mismatched user MAD header size and RMPP header length, data_len | |
| CVE-2026-23242 | Hig | 7.5 | < 1-150700.1.3.1 | 1-150700.1.3.1 | Mar 18, 2026 | In the Linux kernel, the following vulnerability has been resolved: RDMA/siw: Fix potential NULL pointer dereference in header processing If siw_get_hdr() returns -EINVAL before set_rx_fpdu_context(), qp->rx_fpdu can be NULL. The error path in siw_tcp_rx_data() dereferences qp- | |
| CVE-2026-23231 | Hig | 7.8 | < 1-150700.1.3.1 | 1-150700.1.3.1 | Mar 4, 2026 | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fix use-after-free in nf_tables_addchain() nf_tables_addchain() publishes the chain to table->chains via list_add_tail_rcu() (in nft_chain_add()) before registering hooks. If nf_tables_reg | |
| CVE-2025-71231 | — | < 1-150700.1.3.1 | 1-150700.1.3.1 | Feb 18, 2026 | In the Linux kernel, the following vulnerability has been resolved: crypto: iaa - Fix out-of-bounds index in find_empty_iaa_compression_mode The local variable 'i' is initialized with -EINVAL, but the for loop immediately overwrites it and -EINVAL is never returned. If no empt | ||
| CVE-2026-23216 | — | < 1-150700.1.3.1 | 1-150700.1.3.1 | Feb 18, 2026 | In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count() In iscsit_dec_conn_usage_count(), the function calls complete() while holding the conn->conn_usage_lock. As soon as complete() is invoked | ||
| CVE-2026-23215 | — | < 1-150700.1.3.1 | 1-150700.1.3.1 | Feb 18, 2026 | In the Linux kernel, the following vulnerability has been resolved: x86/vmware: Fix hypercall clobbers Fedora QA reported the following panic: BUG: unable to handle page fault for address: 0000000040003e54 #PF: supervisor write access in kernel mode #PF: error_code(0x000 | ||
| CVE-2026-23193 | Hig | 8.8 | < 1-150700.1.3.1 | 1-150700.1.3.1 | Feb 14, 2026 | In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count() In iscsit_dec_session_usage_count(), the function calls complete() while holding the sess->session_usage_lock. Similar to the connecti | |
| CVE-2026-23201 | — | < 1-150700.1.3.1 | 1-150700.1.3.1 | Feb 14, 2026 | In the Linux kernel, the following vulnerability has been resolved: ceph: fix oops due to invalid pointer for kfree() in parse_longname() This fixes a kernel oops when reading ceph snapshot directories (.snap), for example by simply running `ls /mnt/my_ceph/.snap`. The variabl | ||
| CVE-2026-23187 | — | < 1-150700.1.3.1 | 1-150700.1.3.1 | Feb 14, 2026 | In the Linux kernel, the following vulnerability has been resolved: pmdomain: imx8m-blk-ctrl: fix out-of-range access of bc->domains Fix out-of-range access of bc->domains in imx8m_blk_ctrl_remove(). | ||
| CVE-2026-23136 | Hig | 7.5 | < 1-150700.1.3.1 | 1-150700.1.3.1 | Feb 14, 2026 | In the Linux kernel, the following vulnerability has been resolved: libceph: reset sparse-read state in osd_fault() When a fault occurs, the connection is abandoned, reestablished, and any pending operations are retried. The OSD client tracks the progress of a sparse-read reply | |
| CVE-2026-23140 | — | < 1-150700.1.3.1 | 1-150700.1.3.1 | Feb 14, 2026 | In the Linux kernel, the following vulnerability has been resolved: bpf, test_run: Subtract size of xdp_frame from allowed metadata size The xdp_frame structure takes up part of the XDP frame headroom, limiting the size of the metadata. However, in bpf_test_run, we don't take t | ||
| CVE-2026-23120 | — | < 1-150700.1.3.1 | 1-150700.1.3.1 | Feb 14, 2026 | In the Linux kernel, the following vulnerability has been resolved: l2tp: avoid one data-race in l2tp_tunnel_del_work() We should read sk->sk_socket only when dealing with kernel sockets. syzbot reported the following data-race: BUG: KCSAN: data-race in l2tp_tunnel_del_work / | ||
| CVE-2026-23103 | Hig | 7.8 | < 1-150700.1.3.1 | 1-150700.1.3.1 | Feb 4, 2026 | In the Linux kernel, the following vulnerability has been resolved: ipvlan: Make the addrs_lock be per port Make the addrs_lock be per port, not per ipvlan dev. Initial code seems to be written in the assumption, that any address change must occur under RTNL. But it is not so | |
| CVE-2026-23047 | — | < 1-150700.1.3.1 | 1-150700.1.3.1 | Feb 4, 2026 | In the Linux kernel, the following vulnerability has been resolved: libceph: make calc_target() set t->paused, not just clear it Currently calc_target() clears t->paused if the request shouldn't be paused anymore, but doesn't ever set t->paused even though it's able to determin | ||
| CVE-2026-23030 | — | < 1-150700.1.3.1 | 1-150700.1.3.1 | Jan 31, 2026 | In the Linux kernel, the following vulnerability has been resolved: phy: rockchip: inno-usb2: Fix a double free bug in rockchip_usb2phy_probe() The for_each_available_child_of_node() calls of_node_put() to release child_np in each success loop. After breaking from the loop with | ||
| CVE-2025-68794 | — | < 1-150700.1.3.1 | 1-150700.1.3.1 | Jan 13, 2026 | In the Linux kernel, the following vulnerability has been resolved: iomap: adjust read range correctly for non-block-aligned positions iomap_adjust_read_range() assumes that the position and length passed in are block-aligned. This is not always the case however, as shown in th | ||
| CVE-2025-39998 | — | < 1-150700.1.3.1 | 1-150700.1.3.1 | Oct 15, 2025 | In the Linux kernel, the following vulnerability has been resolved: scsi: target: target_core_configfs: Add length check to avoid buffer overflow A buffer overflow arises from the usage of snprintf to write into the buffer "buf" in target_lu_gp_members_show function located in | ||
| CVE-2024-38542 | — | < 1-150700.1.3.1 | 1-150700.1.3.1 | Jun 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: RDMA/mana_ib: boundary check before installing cq callbacks Add a boundary check inside mana_ib_install_cq_cb to prevent index overflow. |
- affected < 1-150700.1.3.1fixed 1-150700.1.3.1
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix reservation leak in some error paths when inserting inline extent If we fail to allocate a path or join a transaction, we return from __cow_file_range_inline() without freeing the reserved qgroup dat
- CVE-2026-23259Mar 18, 2026affected < 1-150700.1.3.1fixed 1-150700.1.3.1
In the Linux kernel, the following vulnerability has been resolved: io_uring/rw: free potentially allocated iovec on cache put failure If a read/write request goes through io_req_rw_cleanup() and has an allocated iovec attached and fails to put to the rw_cache, then it may end
- affected < 1-150700.1.3.1fixed 1-150700.1.3.1
In the Linux kernel, the following vulnerability has been resolved: RDMA/umad: Reject negative data_len in ib_umad_write ib_umad_write computes data_len from user-controlled count and the MAD header sizes. With a mismatched user MAD header size and RMPP header length, data_len
- affected < 1-150700.1.3.1fixed 1-150700.1.3.1
In the Linux kernel, the following vulnerability has been resolved: RDMA/siw: Fix potential NULL pointer dereference in header processing If siw_get_hdr() returns -EINVAL before set_rx_fpdu_context(), qp->rx_fpdu can be NULL. The error path in siw_tcp_rx_data() dereferences qp-
- affected < 1-150700.1.3.1fixed 1-150700.1.3.1
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fix use-after-free in nf_tables_addchain() nf_tables_addchain() publishes the chain to table->chains via list_add_tail_rcu() (in nft_chain_add()) before registering hooks. If nf_tables_reg
- CVE-2025-71231Feb 18, 2026affected < 1-150700.1.3.1fixed 1-150700.1.3.1
In the Linux kernel, the following vulnerability has been resolved: crypto: iaa - Fix out-of-bounds index in find_empty_iaa_compression_mode The local variable 'i' is initialized with -EINVAL, but the for loop immediately overwrites it and -EINVAL is never returned. If no empt
- CVE-2026-23216Feb 18, 2026affected < 1-150700.1.3.1fixed 1-150700.1.3.1
In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix use-after-free in iscsit_dec_conn_usage_count() In iscsit_dec_conn_usage_count(), the function calls complete() while holding the conn->conn_usage_lock. As soon as complete() is invoked
- CVE-2026-23215Feb 18, 2026affected < 1-150700.1.3.1fixed 1-150700.1.3.1
In the Linux kernel, the following vulnerability has been resolved: x86/vmware: Fix hypercall clobbers Fedora QA reported the following panic: BUG: unable to handle page fault for address: 0000000040003e54 #PF: supervisor write access in kernel mode #PF: error_code(0x000
- affected < 1-150700.1.3.1fixed 1-150700.1.3.1
In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix use-after-free in iscsit_dec_session_usage_count() In iscsit_dec_session_usage_count(), the function calls complete() while holding the sess->session_usage_lock. Similar to the connecti
- CVE-2026-23201Feb 14, 2026affected < 1-150700.1.3.1fixed 1-150700.1.3.1
In the Linux kernel, the following vulnerability has been resolved: ceph: fix oops due to invalid pointer for kfree() in parse_longname() This fixes a kernel oops when reading ceph snapshot directories (.snap), for example by simply running `ls /mnt/my_ceph/.snap`. The variabl
- CVE-2026-23187Feb 14, 2026affected < 1-150700.1.3.1fixed 1-150700.1.3.1
In the Linux kernel, the following vulnerability has been resolved: pmdomain: imx8m-blk-ctrl: fix out-of-range access of bc->domains Fix out-of-range access of bc->domains in imx8m_blk_ctrl_remove().
- affected < 1-150700.1.3.1fixed 1-150700.1.3.1
In the Linux kernel, the following vulnerability has been resolved: libceph: reset sparse-read state in osd_fault() When a fault occurs, the connection is abandoned, reestablished, and any pending operations are retried. The OSD client tracks the progress of a sparse-read reply
- CVE-2026-23140Feb 14, 2026affected < 1-150700.1.3.1fixed 1-150700.1.3.1
In the Linux kernel, the following vulnerability has been resolved: bpf, test_run: Subtract size of xdp_frame from allowed metadata size The xdp_frame structure takes up part of the XDP frame headroom, limiting the size of the metadata. However, in bpf_test_run, we don't take t
- CVE-2026-23120Feb 14, 2026affected < 1-150700.1.3.1fixed 1-150700.1.3.1
In the Linux kernel, the following vulnerability has been resolved: l2tp: avoid one data-race in l2tp_tunnel_del_work() We should read sk->sk_socket only when dealing with kernel sockets. syzbot reported the following data-race: BUG: KCSAN: data-race in l2tp_tunnel_del_work /
- affected < 1-150700.1.3.1fixed 1-150700.1.3.1
In the Linux kernel, the following vulnerability has been resolved: ipvlan: Make the addrs_lock be per port Make the addrs_lock be per port, not per ipvlan dev. Initial code seems to be written in the assumption, that any address change must occur under RTNL. But it is not so
- CVE-2026-23047Feb 4, 2026affected < 1-150700.1.3.1fixed 1-150700.1.3.1
In the Linux kernel, the following vulnerability has been resolved: libceph: make calc_target() set t->paused, not just clear it Currently calc_target() clears t->paused if the request shouldn't be paused anymore, but doesn't ever set t->paused even though it's able to determin
- CVE-2026-23030Jan 31, 2026affected < 1-150700.1.3.1fixed 1-150700.1.3.1
In the Linux kernel, the following vulnerability has been resolved: phy: rockchip: inno-usb2: Fix a double free bug in rockchip_usb2phy_probe() The for_each_available_child_of_node() calls of_node_put() to release child_np in each success loop. After breaking from the loop with
- CVE-2025-68794Jan 13, 2026affected < 1-150700.1.3.1fixed 1-150700.1.3.1
In the Linux kernel, the following vulnerability has been resolved: iomap: adjust read range correctly for non-block-aligned positions iomap_adjust_read_range() assumes that the position and length passed in are block-aligned. This is not always the case however, as shown in th
- CVE-2025-39998Oct 15, 2025affected < 1-150700.1.3.1fixed 1-150700.1.3.1
In the Linux kernel, the following vulnerability has been resolved: scsi: target: target_core_configfs: Add length check to avoid buffer overflow A buffer overflow arises from the usage of snprintf to write into the buffer "buf" in target_lu_gp_members_show function located in
- CVE-2024-38542Jun 19, 2024affected < 1-150700.1.3.1fixed 1-150700.1.3.1
In the Linux kernel, the following vulnerability has been resolved: RDMA/mana_ib: boundary check before installing cq callbacks Add a boundary check inside mana_ib_install_cq_cb to prevent index overflow.
Page 2 of 2