VYPR

rpm package

suse/kernel-livepatch-SLE15-SP7-RT_Update_3&distro=SUSE Linux Enterprise Live Patching 15 SP7

pkg:rpm/suse/kernel-livepatch-SLE15-SP7-RT_Update_3&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP7

Vulnerabilities (270)

  • CVE-2025-40204Nov 12, 2025
    affected < 5-150700.2.1fixed 5-150700.2.1

    In the Linux kernel, the following vulnerability has been resolved: sctp: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this.

  • CVE-2025-40186Nov 12, 2025
    affected < 6-150700.2.1fixed 6-150700.2.1

    In the Linux kernel, the following vulnerability has been resolved: tcp: Don't call reqsk_fastopen_remove() in tcp_conn_request(). syzbot reported the splat below in tcp_conn_request(). [0] If a listener is close()d while a TFO socket is being processed in tcp_conn_request(),

  • CVE-2025-40129Nov 12, 2025
    affected < 6-150700.2.1fixed 6-150700.2.1

    In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix null pointer dereference on zero-length checksum In xdr_stream_decode_opaque_auth(), zero-length checksum.len causes checksum.data to be set to NULL. This triggers a NPD when accessing checksum.data

  • CVE-2023-53676Oct 7, 2025
    affected < 5-150700.2.1fixed 5-150700.2.1

    In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsi: Fix buffer overflow in lio_target_nacl_info_show() The function lio_target_nacl_info_show() uses sprintf() in a loop to print details for every iSCSI connection in a session without checkin

  • CVE-2025-39742MedSep 11, 2025
    affected < 6-150700.2.1fixed 6-150700.2.1

    In the Linux kernel, the following vulnerability has been resolved: RDMA: hfi1: fix possible divide-by-zero in find_hw_thread_mask() The function divides number of online CPUs by num_core_siblings, and later checks the divider by zero. This implies a possibility to get and divi

  • CVE-2025-39682HigSep 5, 2025
    affected < 5-150700.2.1fixed 5-150700.2.1

    In the Linux kernel, the following vulnerability has been resolved: tls: fix handling of zero-length records on the rx_list Each recvmsg() call must process either - only contiguous DATA records (any number of them) - one non-DATA record If the next record has different type

  • CVE-2025-38678Sep 3, 2025
    affected < 2-150700.2.1fixed 2-150700.2.1

    In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: reject duplicate device on updates A chain/flowtable update with duplicated devices in the same batch is possible. Unfortunately, netdev event path only removes the first device that is fo

  • CVE-2025-38664Aug 22, 2025
    affected < 3-150700.2.1fixed 3-150700.2.1

    In the Linux kernel, the following vulnerability has been resolved: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() Add check for the return value of devm_kmemdup() to prevent potential null pointer dereference.

  • CVE-2025-38618Aug 22, 2025
    affected < 3-150700.2.1fixed 3-150700.2.1

    In the Linux kernel, the following vulnerability has been resolved: vsock: Do not allow binding to VMADDR_PORT_ANY It is possible for a vsock to autobind to VMADDR_PORT_ANY. This can cause a use-after-free when a connection is made to the bound socket. The socket returned by ac

  • CVE-2025-38608Aug 19, 2025
    affected < 5-150700.2.1fixed 5-150700.2.1

    In the Linux kernel, the following vulnerability has been resolved: bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls When sending plaintext data, we initially calculated the corresponding ciphertext length. However, if we later reduced the plaintext data len

  • CVE-2025-38566Aug 19, 2025
    affected < 2-150700.2.1fixed 2-150700.2.1

    In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix handling of server side tls alerts Scott Mayhew discovered a security exploit in NFS over TLS in tls_alert_recv() due to its assumption it can read data from the msg iterator's kvec.. kTLS implemen

  • CVE-2025-38499MedAug 11, 2025
    affected < 2-150700.2.1fixed 2-150700.2.1

    In the Linux kernel, the following vulnerability has been resolved: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns What we want is to verify there is that clone won't expose something hidden by a mount we wouldn't be able to undo. "Wouldn't be

  • CVE-2025-38498MedJul 30, 2025
    affected < 1-150700.1.5.1fixed 1-150700.1.5.1

    In the Linux kernel, the following vulnerability has been resolved: do_change_type(): refuse to operate on unmounted/not ours mounts Ensure that propagation settings can only be changed for mounts located in the caller's mount namespace. This change aligns permission checking w

  • CVE-2025-38477MedJul 28, 2025
    affected < 1-150700.1.5.1fixed 1-150700.1.5.1

    In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_qfq: Fix race condition on qfq_aggregate A race condition can occur when 'agg' is modified in qfq_change_agg (called during qfq_enqueue) while other threads access it concurrently. For example, q

  • CVE-2025-38471HigJul 28, 2025
    affected < 1-150700.1.5.1fixed 1-150700.1.5.1

    In the Linux kernel, the following vulnerability has been resolved: tls: always refresh the queue when reading sock After recent changes in net-next TCP compacts skbs much more aggressively. This unearthed a bug in TLS where we may try to operate on an old skb when checking if

  • CVE-2025-38470MedJul 28, 2025
    affected < 1-150700.1.5.1fixed 1-150700.1.5.1

    In the Linux kernel, the following vulnerability has been resolved: net: vlan: fix VLAN 0 refcount imbalance of toggling filtering during runtime Assuming the "rx-vlan-filter" feature is enabled on a net device, the 8021q module will automatically add or remove VLAN 0 when the

  • CVE-2025-38468MedJul 28, 2025
    affected < 1-150700.1.5.1fixed 1-150700.1.5.1

    In the Linux kernel, the following vulnerability has been resolved: net/sched: Return NULL when htb_lookup_leaf encounters an empty rbtree htb_lookup_leaf has a BUG_ON that can trigger with the following: tc qdisc del dev lo root tc qdisc add dev lo root handle 1: htb default

  • CVE-2025-38497Jul 28, 2025
    affected < 1-150700.1.5.1fixed 1-150700.1.5.1

    In the Linux kernel, the following vulnerability has been resolved: usb: gadget: configfs: Fix OOB read on empty string write When writing an empty string to either 'qw_sign' or 'landingPage' sysfs attributes, the store functions attempt to access page[l - 1] before validating

  • CVE-2025-38496Jul 28, 2025
    affected < 1-150700.1.5.1fixed 1-150700.1.5.1

    In the Linux kernel, the following vulnerability has been resolved: dm-bufio: fix sched in atomic context If "try_verify_in_tasklet" is set for dm-verity, DM_BUFIO_CLIENT_NO_SLEEP is enabled for dm-bufio. However, when bufio tries to evict buffers, there is a chance to trigger

  • CVE-2025-38495Jul 28, 2025
    affected < 1-150700.1.5.1fixed 1-150700.1.5.1

    In the Linux kernel, the following vulnerability has been resolved: HID: core: ensure the allocated report buffer can contain the reserved report ID When the report ID is not used, the low level transport drivers expect the first byte to be 0. However, currently the allocated b

Page 1 of 14