rpm package
suse/kernel-livepatch-SLE15-SP7-RT_Update_8&distro=SUSE Linux Enterprise Live Patching 15 SP7
pkg:rpm/suse/kernel-livepatch-SLE15-SP7-RT_Update_8&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP7
Vulnerabilities (410)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-40274 | — | < 1-150700.1.3.1 | 1-150700.1.3.1 | Dec 6, 2025 | In the Linux kernel, the following vulnerability has been resolved: KVM: guest_memfd: Remove bindings on memslot deletion when gmem is dying When unbinding a memslot from a guest_memfd instance, remove the bindings even if the guest_memfd file is dying, i.e. even if its file re | ||
| CVE-2025-40273 | — | < 1-150700.1.3.1 | 1-150700.1.3.1 | Dec 6, 2025 | In the Linux kernel, the following vulnerability has been resolved: NFSD: free copynotify stateid in nfs4_free_ol_stateid() Typically copynotify stateid is freed either when parent's stateid is being close/freed or in nfsd4_laundromat if the stateid hasn't been used in a lease | ||
| CVE-2025-40272 | — | < 1-150700.1.3.1 | 1-150700.1.3.1 | Dec 6, 2025 | In the Linux kernel, the following vulnerability has been resolved: mm/secretmem: fix use-after-free race in fault handler When a page fault occurs in a secret memory file created with `memfd_secret(2)`, the kernel will allocate a new folio for it, mark the underlying page as n | ||
| CVE-2025-40271 | — | < 1-150700.1.3.1 | 1-150700.1.3.1 | Dec 6, 2025 | In the Linux kernel, the following vulnerability has been resolved: fs/proc: fix uaf in proc_readdir_de() Pde is erased from subdir rbtree through rb_erase(), but not set the node to EMPTY, which may result in uaf access. We should use RB_CLEAR_NODE() set the erased node to EM | ||
| CVE-2025-40269 | — | < 1-150700.1.3.1 | 1-150700.1.3.1 | Dec 6, 2025 | In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix potential overflow of PCM transfer buffer The PCM stream data in USB-audio driver is transferred over USB URB packet buffers, and each packet size is determined dynamically. The packet siz | ||
| CVE-2025-40268 | — | < 1-150700.1.3.1 | 1-150700.1.3.1 | Dec 6, 2025 | In the Linux kernel, the following vulnerability has been resolved: cifs: client: fix memory leak in smb3_fs_context_parse_param The user calls fsconfig twice, but when the program exits, free() only frees ctx->source for the second fsconfig, not the first. Regarding fc->source | ||
| CVE-2025-40263 | — | < 1-150700.1.3.1 | 1-150700.1.3.1 | Dec 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: Input: cros_ec_keyb - fix an invalid memory access If cros_ec_keyb_register_matrix() isn't called (due to `buttons_switches_only`) in cros_ec_keyb_probe(), `ckdev->idev` remains NULL. An invalid memory access | ||
| CVE-2025-40262 | — | < 1-150700.1.3.1 | 1-150700.1.3.1 | Dec 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: Input: imx_sc_key - fix memory corruption on unload This is supposed to be "priv" but we accidentally pass "&priv" which is an address in the stack and so it will lead to memory corruption when the imx_sc_key_a | ||
| CVE-2025-40258 | — | < 1-150700.1.3.1 | 1-150700.1.3.1 | Dec 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: mptcp: fix race condition in mptcp_schedule_work() syzbot reported use-after-free in mptcp_schedule_work() [1] Issue here is that mptcp_schedule_work() schedules a work, then gets a refcount on sk->sk_refcnt i | ||
| CVE-2025-40256 | — | < 1-150700.1.3.1 | 1-150700.1.3.1 | Dec 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: xfrm: also call xfrm_state_delete_tunnel at destroy time for states that were never added In commit b441cf3f8c4b ("xfrm: delete x->tunnel as we delete x"), I missed the case where state creation fails between f | ||
| CVE-2025-40252 | — | < 1-150700.1.3.1 | 1-150700.1.3.1 | Dec 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end() The loops in 'qede_tpa_cont()' and 'qede_tpa_end()', iterate over 'cqe->len_list[]' using only a zero-length terminator a | ||
| CVE-2025-40251 | Med | 5.5 | < 1-150700.1.3.1 | 1-150700.1.3.1 | Dec 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: devlink: rate: Unset parent pointer in devl_rate_nodes_destroy The function devl_rate_nodes_destroy is documented to "Unset parent for all rate objects". However, it was only calling the driver-specific `rate_l | |
| CVE-2025-40250 | — | < 1-150700.1.3.1 | 1-150700.1.3.1 | Dec 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Clean up only new IRQ glue on request_irq() failure The mlx5_irq_alloc() function can inadvertently free the entire rmap and end up in a crash[1] when the other threads tries to access this, when requ | ||
| CVE-2025-40248 | — | < 1-150700.1.3.1 | 1-150700.1.3.1 | Dec 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: vsock: Ignore signal/timeout on connect() if already established During connect(), acting on a signal/timeout by disconnecting an already established socket leads to several issues: 1. connect() invoking vsock | ||
| CVE-2025-40244 | — | < 1-150700.1.3.1 | 1-150700.1.3.1 | Dec 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent() The syzbot reported issue in __hfsplus_ext_cache_extent(): [ 70.194323][ T9350] BUG: KMSAN: uninit-value in __hfsplus_ext_cache_extent+0x | ||
| CVE-2025-40242 | — | < 1-150700.1.3.1 | 1-150700.1.3.1 | Dec 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix unlikely race in gdlm_put_lock In gdlm_put_lock(), there is a small window of time in which the DFL_UNMOUNT flag has been set but the lockspace hasn't been released, yet. In that window, dlm may stil | ||
| CVE-2025-40240 | — | < 1-150700.1.3.1 | 1-150700.1.3.1 | Dec 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: sctp: avoid NULL dereference when chunk data buffer is missing chunk->skb pointer is dereferenced in the if-block where it's supposed to be NULL only. chunk->skb can only be NULL if chunk->head_skb is not. Che | ||
| CVE-2025-40233 | — | < 1-150700.1.3.1 | 1-150700.1.3.1 | Dec 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: ocfs2: clear extent cache after moving/defragmenting extents The extent map cache can become stale when extents are moved or defragmented, causing subsequent operations to see outdated extent flags. This trigg | ||
| CVE-2025-40231 | — | < 1-150700.1.3.1 | 1-150700.1.3.1 | Dec 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: vsock: fix lock inversion in vsock_assign_transport() Syzbot reported a potential lock inversion deadlock between vsock_register_mutex and sk_lock-AF_VSOCK when vsock_linger() is called. The issue was introduc | ||
| CVE-2025-40225 | — | < 1-150700.1.3.1 | 1-150700.1.3.1 | Dec 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Fix kernel panic on partial unmap of a GPU VA region This commit address a kernel panic issue that can happen if Userspace tries to partially unmap a GPU virtual region (aka drm_gpuva). The VM_BIND |
- CVE-2025-40274Dec 6, 2025affected < 1-150700.1.3.1fixed 1-150700.1.3.1
In the Linux kernel, the following vulnerability has been resolved: KVM: guest_memfd: Remove bindings on memslot deletion when gmem is dying When unbinding a memslot from a guest_memfd instance, remove the bindings even if the guest_memfd file is dying, i.e. even if its file re
- CVE-2025-40273Dec 6, 2025affected < 1-150700.1.3.1fixed 1-150700.1.3.1
In the Linux kernel, the following vulnerability has been resolved: NFSD: free copynotify stateid in nfs4_free_ol_stateid() Typically copynotify stateid is freed either when parent's stateid is being close/freed or in nfsd4_laundromat if the stateid hasn't been used in a lease
- CVE-2025-40272Dec 6, 2025affected < 1-150700.1.3.1fixed 1-150700.1.3.1
In the Linux kernel, the following vulnerability has been resolved: mm/secretmem: fix use-after-free race in fault handler When a page fault occurs in a secret memory file created with `memfd_secret(2)`, the kernel will allocate a new folio for it, mark the underlying page as n
- CVE-2025-40271Dec 6, 2025affected < 1-150700.1.3.1fixed 1-150700.1.3.1
In the Linux kernel, the following vulnerability has been resolved: fs/proc: fix uaf in proc_readdir_de() Pde is erased from subdir rbtree through rb_erase(), but not set the node to EMPTY, which may result in uaf access. We should use RB_CLEAR_NODE() set the erased node to EM
- CVE-2025-40269Dec 6, 2025affected < 1-150700.1.3.1fixed 1-150700.1.3.1
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix potential overflow of PCM transfer buffer The PCM stream data in USB-audio driver is transferred over USB URB packet buffers, and each packet size is determined dynamically. The packet siz
- CVE-2025-40268Dec 6, 2025affected < 1-150700.1.3.1fixed 1-150700.1.3.1
In the Linux kernel, the following vulnerability has been resolved: cifs: client: fix memory leak in smb3_fs_context_parse_param The user calls fsconfig twice, but when the program exits, free() only frees ctx->source for the second fsconfig, not the first. Regarding fc->source
- CVE-2025-40263Dec 4, 2025affected < 1-150700.1.3.1fixed 1-150700.1.3.1
In the Linux kernel, the following vulnerability has been resolved: Input: cros_ec_keyb - fix an invalid memory access If cros_ec_keyb_register_matrix() isn't called (due to `buttons_switches_only`) in cros_ec_keyb_probe(), `ckdev->idev` remains NULL. An invalid memory access
- CVE-2025-40262Dec 4, 2025affected < 1-150700.1.3.1fixed 1-150700.1.3.1
In the Linux kernel, the following vulnerability has been resolved: Input: imx_sc_key - fix memory corruption on unload This is supposed to be "priv" but we accidentally pass "&priv" which is an address in the stack and so it will lead to memory corruption when the imx_sc_key_a
- CVE-2025-40258Dec 4, 2025affected < 1-150700.1.3.1fixed 1-150700.1.3.1
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix race condition in mptcp_schedule_work() syzbot reported use-after-free in mptcp_schedule_work() [1] Issue here is that mptcp_schedule_work() schedules a work, then gets a refcount on sk->sk_refcnt i
- CVE-2025-40256Dec 4, 2025affected < 1-150700.1.3.1fixed 1-150700.1.3.1
In the Linux kernel, the following vulnerability has been resolved: xfrm: also call xfrm_state_delete_tunnel at destroy time for states that were never added In commit b441cf3f8c4b ("xfrm: delete x->tunnel as we delete x"), I missed the case where state creation fails between f
- CVE-2025-40252Dec 4, 2025affected < 1-150700.1.3.1fixed 1-150700.1.3.1
In the Linux kernel, the following vulnerability has been resolved: net: qlogic/qede: fix potential out-of-bounds read in qede_tpa_cont() and qede_tpa_end() The loops in 'qede_tpa_cont()' and 'qede_tpa_end()', iterate over 'cqe->len_list[]' using only a zero-length terminator a
- affected < 1-150700.1.3.1fixed 1-150700.1.3.1
In the Linux kernel, the following vulnerability has been resolved: devlink: rate: Unset parent pointer in devl_rate_nodes_destroy The function devl_rate_nodes_destroy is documented to "Unset parent for all rate objects". However, it was only calling the driver-specific `rate_l
- CVE-2025-40250Dec 4, 2025affected < 1-150700.1.3.1fixed 1-150700.1.3.1
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Clean up only new IRQ glue on request_irq() failure The mlx5_irq_alloc() function can inadvertently free the entire rmap and end up in a crash[1] when the other threads tries to access this, when requ
- CVE-2025-40248Dec 4, 2025affected < 1-150700.1.3.1fixed 1-150700.1.3.1
In the Linux kernel, the following vulnerability has been resolved: vsock: Ignore signal/timeout on connect() if already established During connect(), acting on a signal/timeout by disconnecting an already established socket leads to several issues: 1. connect() invoking vsock
- CVE-2025-40244Dec 4, 2025affected < 1-150700.1.3.1fixed 1-150700.1.3.1
In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix KMSAN uninit-value issue in __hfsplus_ext_cache_extent() The syzbot reported issue in __hfsplus_ext_cache_extent(): [ 70.194323][ T9350] BUG: KMSAN: uninit-value in __hfsplus_ext_cache_extent+0x
- CVE-2025-40242Dec 4, 2025affected < 1-150700.1.3.1fixed 1-150700.1.3.1
In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix unlikely race in gdlm_put_lock In gdlm_put_lock(), there is a small window of time in which the DFL_UNMOUNT flag has been set but the lockspace hasn't been released, yet. In that window, dlm may stil
- CVE-2025-40240Dec 4, 2025affected < 1-150700.1.3.1fixed 1-150700.1.3.1
In the Linux kernel, the following vulnerability has been resolved: sctp: avoid NULL dereference when chunk data buffer is missing chunk->skb pointer is dereferenced in the if-block where it's supposed to be NULL only. chunk->skb can only be NULL if chunk->head_skb is not. Che
- CVE-2025-40233Dec 4, 2025affected < 1-150700.1.3.1fixed 1-150700.1.3.1
In the Linux kernel, the following vulnerability has been resolved: ocfs2: clear extent cache after moving/defragmenting extents The extent map cache can become stale when extents are moved or defragmented, causing subsequent operations to see outdated extent flags. This trigg
- CVE-2025-40231Dec 4, 2025affected < 1-150700.1.3.1fixed 1-150700.1.3.1
In the Linux kernel, the following vulnerability has been resolved: vsock: fix lock inversion in vsock_assign_transport() Syzbot reported a potential lock inversion deadlock between vsock_register_mutex and sk_lock-AF_VSOCK when vsock_linger() is called. The issue was introduc
- CVE-2025-40225Dec 4, 2025affected < 1-150700.1.3.1fixed 1-150700.1.3.1
In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Fix kernel panic on partial unmap of a GPU VA region This commit address a kernel panic issue that can happen if Userspace tries to partially unmap a GPU virtual region (aka drm_gpuva). The VM_BIND
Page 19 of 21