rpm package
suse/kernel-livepatch-SLE15-SP7-RT_Update_4&distro=SUSE Linux Enterprise Live Patching 15 SP7
pkg:rpm/suse/kernel-livepatch-SLE15-SP7-RT_Update_4&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP7
Vulnerabilities (111)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-38624 | — | < 1-150700.1.3.2 | 1-150700.1.3.2 | Aug 22, 2025 | In the Linux kernel, the following vulnerability has been resolved: PCI: pnv_php: Clean up allocated IRQs on unplug When the root of a nested PCIe bridge configuration is unplugged, the pnv_php driver leaked the allocated IRQ resources for the child bridges' hotplug event notif | ||
| CVE-2025-38621 | — | < 1-150700.1.3.2 | 1-150700.1.3.2 | Aug 22, 2025 | In the Linux kernel, the following vulnerability has been resolved: md: make rdev_addable usable for rcu mode Our testcase trigger panic: BUG: kernel NULL pointer dereference, address: 00000000000000e0 ... Oops: Oops: 0000 [#1] SMP NOPTI CPU: 2 UID: 0 PID: 85 Comm: kworker/2:1 | ||
| CVE-2025-38618 | — | < 1-150700.1.3.2 | 1-150700.1.3.2 | Aug 22, 2025 | In the Linux kernel, the following vulnerability has been resolved: vsock: Do not allow binding to VMADDR_PORT_ANY It is possible for a vsock to autobind to VMADDR_PORT_ANY. This can cause a use-after-free when a connection is made to the bound socket. The socket returned by ac | ||
| CVE-2025-38617 | — | < 1-150700.1.3.2 | 1-150700.1.3.2 | Aug 22, 2025 | In the Linux kernel, the following vulnerability has been resolved: net/packet: fix a race in packet_set_ring() and packet_notifier() When packet_set_ring() releases po->bind_lock, another thread can run packet_notifier() and process an NETDEV_UP event. This race and the fix a | ||
| CVE-2025-38616 | — | < 4-150700.2.1 | 4-150700.2.1 | Aug 22, 2025 | In the Linux kernel, the following vulnerability has been resolved: tls: handle data disappearing from under the TLS ULP TLS expects that it owns the receive queue of the TCP socket. This cannot be guaranteed in case the reader of the TCP socket entered before the TLS ULP was i | ||
| CVE-2024-58239 | — | < 1-150700.1.3.2 | 1-150700.1.3.2 | Aug 22, 2025 | In the Linux kernel, the following vulnerability has been resolved: tls: stop recv() if initial process_rx_list gave us non-DATA If we have a non-DATA record on the rx_list and another record of the same type still on the queue, we will end up merging them: - process_rx_list c | ||
| CVE-2025-38612 | — | < 1-150700.1.3.2 | 1-150700.1.3.2 | Aug 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: staging: fbtft: fix potential memory leak in fbtft_framebuffer_alloc() In the error paths after fb_info structure is successfully allocated, the memory allocated in fb_deferred_io_init() for info->pagerefs is n | ||
| CVE-2025-38610 | — | < 1-150700.1.3.2 | 1-150700.1.3.2 | Aug 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: powercap: dtpm_cpu: Fix NULL pointer dereference in get_pd_power_uw() The get_pd_power_uw() function can crash with a NULL pointer dereference when em_cpu_get() returns NULL. This occurs when a CPU becomes impo | ||
| CVE-2025-38609 | — | < 1-150700.1.3.2 | 1-150700.1.3.2 | Aug 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: Check governor before using governor->name Commit 96ffcdf239de ("PM / devfreq: Remove redundant governor_name from struct devfreq") removes governor_name and uses governor->name to replace it. But | ||
| CVE-2025-38608 | — | < 1-150700.1.3.2 | 1-150700.1.3.2 | Aug 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls When sending plaintext data, we initially calculated the corresponding ciphertext length. However, if we later reduced the plaintext data len | ||
| CVE-2025-38605 | — | < 1-150700.1.3.2 | 1-150700.1.3.2 | Aug 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Pass ab pointer directly to ath12k_dp_tx_get_encap_type() In ath12k_dp_tx_get_encap_type(), the arvif parameter is only used to retrieve the ab pointer. In vdev delete sequence the arvif->ar could | ||
| CVE-2025-38604 | — | < 1-150700.1.3.2 | 1-150700.1.3.2 | Aug 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: wifi: rtl818x: Kill URBs before clearing tx status queue In rtl8187_stop() move the call of usb_kill_anchored_urbs() before clearing b_tx_status.queue. This change prevents callbacks from using already freed sk | ||
| CVE-2025-38602 | — | < 1-150700.1.3.2 | 1-150700.1.3.2 | Aug 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: iwlwifi: Add missing check for alloc_ordered_workqueue Add check for the return value of alloc_ordered_workqueue since it may return NULL pointer. | ||
| CVE-2025-38601 | — | < 1-150700.1.3.2 | 1-150700.1.3.2 | Aug 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: clear initialized flag for deinit-ed srng lists In a number of cases we see kernel panics on resume due to ath11k kernel page fault, which happens under the following circumstances: 1) First ath1 | ||
| CVE-2025-38591 | — | < 1-150700.1.3.2 | 1-150700.1.3.2 | Aug 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: bpf: Reject narrower access to pointer ctx fields The following BPF program, simplified from a syzkaller repro, causes a kernel warning: r0 = *(u8 *)(r1 + 169); exit; With pointer field sk being at of | ||
| CVE-2025-38588 | — | < 1-150700.1.3.2 | 1-150700.1.3.2 | Aug 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent infinite loop in rt6_nlmsg_size() While testing prior patch, I was able to trigger an infinite loop in rt6_nlmsg_size() in the following place: list_for_each_entry_rcu(sibling, &f6i->fib6_sibling | ||
| CVE-2025-38587 | — | < 1-150700.1.3.2 | 1-150700.1.3.2 | Aug 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: ipv6: fix possible infinite loop in fib6_info_uses_dev() fib6_info_uses_dev() seems to rely on RCU without an explicit protection. Like the prior fix in rt6_nlmsg_size(), we need to make sure fib6_del_route() | ||
| CVE-2025-38585 | — | < 1-150700.1.3.2 | 1-150700.1.3.2 | Aug 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: staging: media: atomisp: Fix stack buffer overflow in gmin_get_var_int() When gmin_get_config_var() calls efi.get_variable() and the EFI variable is larger than the expected buffer size, two behaviors combine t | ||
| CVE-2025-38583 | — | < 1-150700.1.3.2 | 1-150700.1.3.2 | Aug 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: clk: xilinx: vcu: unregister pll_post only if registered correctly If registration of pll_post is failed, it will be set to NULL or ERR, unregistering same will fail with following call trace: Unable to handle | ||
| CVE-2025-38582 | — | < 1-150700.1.3.2 | 1-150700.1.3.2 | Aug 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix double destruction of rsv_qp rsv_qp may be double destroyed in error flow, first in free_mr_init(), and then in hns_roce_exit(). Fix it by moving the free_mr_init() call into hns_roce_v2_init(). |
- CVE-2025-38624Aug 22, 2025affected < 1-150700.1.3.2fixed 1-150700.1.3.2
In the Linux kernel, the following vulnerability has been resolved: PCI: pnv_php: Clean up allocated IRQs on unplug When the root of a nested PCIe bridge configuration is unplugged, the pnv_php driver leaked the allocated IRQ resources for the child bridges' hotplug event notif
- CVE-2025-38621Aug 22, 2025affected < 1-150700.1.3.2fixed 1-150700.1.3.2
In the Linux kernel, the following vulnerability has been resolved: md: make rdev_addable usable for rcu mode Our testcase trigger panic: BUG: kernel NULL pointer dereference, address: 00000000000000e0 ... Oops: Oops: 0000 [#1] SMP NOPTI CPU: 2 UID: 0 PID: 85 Comm: kworker/2:1
- CVE-2025-38618Aug 22, 2025affected < 1-150700.1.3.2fixed 1-150700.1.3.2
In the Linux kernel, the following vulnerability has been resolved: vsock: Do not allow binding to VMADDR_PORT_ANY It is possible for a vsock to autobind to VMADDR_PORT_ANY. This can cause a use-after-free when a connection is made to the bound socket. The socket returned by ac
- CVE-2025-38617Aug 22, 2025affected < 1-150700.1.3.2fixed 1-150700.1.3.2
In the Linux kernel, the following vulnerability has been resolved: net/packet: fix a race in packet_set_ring() and packet_notifier() When packet_set_ring() releases po->bind_lock, another thread can run packet_notifier() and process an NETDEV_UP event. This race and the fix a
- CVE-2025-38616Aug 22, 2025affected < 4-150700.2.1fixed 4-150700.2.1
In the Linux kernel, the following vulnerability has been resolved: tls: handle data disappearing from under the TLS ULP TLS expects that it owns the receive queue of the TCP socket. This cannot be guaranteed in case the reader of the TCP socket entered before the TLS ULP was i
- CVE-2024-58239Aug 22, 2025affected < 1-150700.1.3.2fixed 1-150700.1.3.2
In the Linux kernel, the following vulnerability has been resolved: tls: stop recv() if initial process_rx_list gave us non-DATA If we have a non-DATA record on the rx_list and another record of the same type still on the queue, we will end up merging them: - process_rx_list c
- CVE-2025-38612Aug 19, 2025affected < 1-150700.1.3.2fixed 1-150700.1.3.2
In the Linux kernel, the following vulnerability has been resolved: staging: fbtft: fix potential memory leak in fbtft_framebuffer_alloc() In the error paths after fb_info structure is successfully allocated, the memory allocated in fb_deferred_io_init() for info->pagerefs is n
- CVE-2025-38610Aug 19, 2025affected < 1-150700.1.3.2fixed 1-150700.1.3.2
In the Linux kernel, the following vulnerability has been resolved: powercap: dtpm_cpu: Fix NULL pointer dereference in get_pd_power_uw() The get_pd_power_uw() function can crash with a NULL pointer dereference when em_cpu_get() returns NULL. This occurs when a CPU becomes impo
- CVE-2025-38609Aug 19, 2025affected < 1-150700.1.3.2fixed 1-150700.1.3.2
In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: Check governor before using governor->name Commit 96ffcdf239de ("PM / devfreq: Remove redundant governor_name from struct devfreq") removes governor_name and uses governor->name to replace it. But
- CVE-2025-38608Aug 19, 2025affected < 1-150700.1.3.2fixed 1-150700.1.3.2
In the Linux kernel, the following vulnerability has been resolved: bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls When sending plaintext data, we initially calculated the corresponding ciphertext length. However, if we later reduced the plaintext data len
- CVE-2025-38605Aug 19, 2025affected < 1-150700.1.3.2fixed 1-150700.1.3.2
In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Pass ab pointer directly to ath12k_dp_tx_get_encap_type() In ath12k_dp_tx_get_encap_type(), the arvif parameter is only used to retrieve the ab pointer. In vdev delete sequence the arvif->ar could
- CVE-2025-38604Aug 19, 2025affected < 1-150700.1.3.2fixed 1-150700.1.3.2
In the Linux kernel, the following vulnerability has been resolved: wifi: rtl818x: Kill URBs before clearing tx status queue In rtl8187_stop() move the call of usb_kill_anchored_urbs() before clearing b_tx_status.queue. This change prevents callbacks from using already freed sk
- CVE-2025-38602Aug 19, 2025affected < 1-150700.1.3.2fixed 1-150700.1.3.2
In the Linux kernel, the following vulnerability has been resolved: iwlwifi: Add missing check for alloc_ordered_workqueue Add check for the return value of alloc_ordered_workqueue since it may return NULL pointer.
- CVE-2025-38601Aug 19, 2025affected < 1-150700.1.3.2fixed 1-150700.1.3.2
In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: clear initialized flag for deinit-ed srng lists In a number of cases we see kernel panics on resume due to ath11k kernel page fault, which happens under the following circumstances: 1) First ath1
- CVE-2025-38591Aug 19, 2025affected < 1-150700.1.3.2fixed 1-150700.1.3.2
In the Linux kernel, the following vulnerability has been resolved: bpf: Reject narrower access to pointer ctx fields The following BPF program, simplified from a syzkaller repro, causes a kernel warning: r0 = *(u8 *)(r1 + 169); exit; With pointer field sk being at of
- CVE-2025-38588Aug 19, 2025affected < 1-150700.1.3.2fixed 1-150700.1.3.2
In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent infinite loop in rt6_nlmsg_size() While testing prior patch, I was able to trigger an infinite loop in rt6_nlmsg_size() in the following place: list_for_each_entry_rcu(sibling, &f6i->fib6_sibling
- CVE-2025-38587Aug 19, 2025affected < 1-150700.1.3.2fixed 1-150700.1.3.2
In the Linux kernel, the following vulnerability has been resolved: ipv6: fix possible infinite loop in fib6_info_uses_dev() fib6_info_uses_dev() seems to rely on RCU without an explicit protection. Like the prior fix in rt6_nlmsg_size(), we need to make sure fib6_del_route()
- CVE-2025-38585Aug 19, 2025affected < 1-150700.1.3.2fixed 1-150700.1.3.2
In the Linux kernel, the following vulnerability has been resolved: staging: media: atomisp: Fix stack buffer overflow in gmin_get_var_int() When gmin_get_config_var() calls efi.get_variable() and the EFI variable is larger than the expected buffer size, two behaviors combine t
- CVE-2025-38583Aug 19, 2025affected < 1-150700.1.3.2fixed 1-150700.1.3.2
In the Linux kernel, the following vulnerability has been resolved: clk: xilinx: vcu: unregister pll_post only if registered correctly If registration of pll_post is failed, it will be set to NULL or ERR, unregistering same will fail with following call trace: Unable to handle
- CVE-2025-38582Aug 19, 2025affected < 1-150700.1.3.2fixed 1-150700.1.3.2
In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix double destruction of rsv_qp rsv_qp may be double destroyed in error flow, first in free_mr_init(), and then in hns_roce_exit(). Fix it by moving the free_mr_init() call into hns_roce_v2_init().
Page 2 of 6