rpm package

suse/kernel-livepatch-SLE15-SP7-RT_Update_9&distro=SUSE Linux Enterprise Live Patching 15 SP7

pkg:rpm/suse/kernel-livepatch-SLE15-SP7-RT_Update_9&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP7

Vulnerabilities (174)

CVE	CVSS	Affected versions	Fixed in	Published	Description
CVE-2025-68764	—	< 1-150700.1.3.2	1-150700.1.3.2	Jan 5, 2026	In the Linux kernel, the following vulnerability has been resolved: NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags When a filesystem is being automounted, it needs to preserve the user-set superblock mount options, such as the "ro" flag.
CVE-2025-68733	—	< 1-150700.1.3.2	1-150700.1.3.2	Dec 24, 2025	In the Linux kernel, the following vulnerability has been resolved: smack: fix bug: unprivileged task can create labels If an unprivileged task is allowed to relabel itself (/smack/relabel-self is not empty), it can freely create new labels by writing their names into own /proc
CVE-2025-68728	—	< 1-150700.1.3.2	1-150700.1.3.2	Dec 24, 2025	In the Linux kernel, the following vulnerability has been resolved: ntfs3: fix uninit memory after failed mi_read in mi_format_new Fix a KMSAN un-init bug found by syzkaller. ntfs_get_bh() expects a buffer from sb_getblk(), that buffer may not be uptodate. We do not bring the
CVE-2025-68727	—	< 1-150700.1.3.2	1-150700.1.3.2	Dec 24, 2025	In the Linux kernel, the following vulnerability has been resolved: ntfs3: Fix uninit buffer allocated by __getname() Fix uninit errors caused after buffer allocation given to 'de'; by initializing the buffer with zeroes. The fix was found by using KMSAN.
CVE-2025-68379	—	< 1-150700.1.3.2	1-150700.1.3.2	Dec 24, 2025	In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix null deref on srq->rq.queue after resize failure A NULL pointer dereference can occur in rxe_srq_chk_attr() when ibv_modify_srq() is invoked twice in succession under certain error conditions. The
CVE-2025-68372	—	< 1-150700.1.3.2	1-150700.1.3.2	Dec 24, 2025	In the Linux kernel, the following vulnerability has been resolved: nbd: defer config put in recv_work There is one uaf issue in recv_work when running NBD_CLEAR_SOCK and NBD_CMD_RECONFIGURE: nbd_genl_connect // conf_ref=2 (connect and recv_work A) nbd_open // co
CVE-2025-68367	—	< 1-150700.1.3.2	1-150700.1.3.2	Dec 24, 2025	In the Linux kernel, the following vulnerability has been resolved: macintosh/mac_hid: fix race condition in mac_hid_toggle_emumouse The following warning appears when running syzkaller, and this issue also exists in the mainline code. ------------[ cut here ]------------ li
CVE-2025-68366	—	< 1-150700.1.3.2	1-150700.1.3.2	Dec 24, 2025	In the Linux kernel, the following vulnerability has been resolved: nbd: defer config unlock in nbd_genl_connect There is one use-after-free warning when running NBD_CMD_CONNECT and NBD_CLEAR_SOCK: nbd_genl_connect nbd_alloc_and_init_config // config_refs=1 nbd_start_devic
CVE-2025-68363	—	< 1-150700.1.3.2	1-150700.1.3.2	Dec 24, 2025	In the Linux kernel, the following vulnerability has been resolved: bpf: Check skb->transport_header is set in bpf_skb_check_mtu The bpf_skb_check_mtu helper needs to use skb->transport_header when the BPF_MTU_CHK_SEGS flag is used: bpf_skb_check_mtu(skb, ifindex, &mtu_len, 0
CVE-2025-68349	—	< 1-150700.1.3.2	1-150700.1.3.2	Dec 24, 2025	In the Linux kernel, the following vulnerability has been resolved: NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid Fixes a crash when layout is null during this call stack: write_inode -> nfs4_write_inode -> pnfs_layoutcommit_inode pnfs
CVE-2023-54013	—	< 1-150700.1.3.2	1-150700.1.3.2	Dec 24, 2025	In the Linux kernel, the following vulnerability has been resolved: interconnect: Fix locking for runpm vs reclaim For cases where icc_bw_set() can be called in callbaths that could deadlock against shrinker/reclaim, such as runpm resume, we need to decouple the icc locking. I
CVE-2025-68725	—	< 1-150700.1.3.2	1-150700.1.3.2	Dec 24, 2025	In the Linux kernel, the following vulnerability has been resolved: bpf: Do not let BPF test infra emit invalid GSO types to stack Yinhao et al. reported that their fuzzer tool was able to trigger a skb_warn_bad_offload() from netif_skb_features() -> gso_features_check(). When
CVE-2025-68365	—	< 1-150700.1.3.2	1-150700.1.3.2	Dec 24, 2025	In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Initialize allocated memory before use KMSAN reports: Multiple uninitialized values detected: - KMSAN: uninit-value in ntfs_read_hdr (3) - KMSAN: uninit-value in bcmp (3) Memory is allocated by __ge
CVE-2025-68337	—	< 1-150700.1.3.2	1-150700.1.3.2	Dec 22, 2025	In the Linux kernel, the following vulnerability has been resolved: jbd2: avoid bug_on in jbd2_journal_get_create_access() when file system corrupted There's issue when file system corrupted: ------------[ cut here ]------------ kernel BUG at fs/jbd2/transaction.c:1289! Oops: i
CVE-2025-68327	—	< 1-150700.1.3.2	1-150700.1.3.2	Dec 22, 2025	In the Linux kernel, the following vulnerability has been resolved: usb: renesas_usbhs: Fix synchronous external abort on unbind A synchronous external abort occurs on the Renesas RZ/G3S SoC if unbind is executed after the configuration sequence described above: modprobe usb_f
CVE-2025-68325	—	< 1-150700.1.3.2	1-150700.1.3.2	Dec 18, 2025	In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_cake: Fix incorrect qlen reduction in cake_drop In cake_drop(), qdisc_tree_reduce_backlog() is used to update the qlen and backlog of the qdisc hierarchy. Its caller, cake_enqueue(), assumes that
CVE-2025-68320	—	< 1-150700.1.3.2	1-150700.1.3.2	Dec 16, 2025	In the Linux kernel, the following vulnerability has been resolved: lan966x: Fix sleeping in atomic context The following warning was seen when we try to connect using ssh to the device. BUG: sleeping function called from invalid context at kernel/locking/mutex.c:575 in_atomic
CVE-2025-68301	—	< 1-150700.1.3.2	1-150700.1.3.2	Dec 16, 2025	In the Linux kernel, the following vulnerability has been resolved: net: atlantic: fix fragment overflow handling in RX path The atlantic driver can receive packets with more than MAX_SKB_FRAGS (17) fragments when handling large multi-descriptor packets. This causes an out-of-b
CVE-2025-68297	—	< 1-150700.1.3.2	1-150700.1.3.2	Dec 16, 2025	In the Linux kernel, the following vulnerability has been resolved: ceph: fix crash in process_v2_sparse_read() for encrypted directories The crash in process_v2_sparse_read() for fscrypt-encrypted directories has been reported. Issue takes place for Ceph msgr2 protocol in secu
CVE-2025-68296	—	< 1-150700.1.3.2	1-150700.1.3.2	Dec 16, 2025	In the Linux kernel, the following vulnerability has been resolved: drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup Protect vga_switcheroo_client_fb_set() with console lock. Avoids OOB access in fbcon_remap_all(). Without holding the console lock the call races

CVE-2025-68764Jan 5, 2026
affected < 1-150700.1.3.2fixed 1-150700.1.3.2
In the Linux kernel, the following vulnerability has been resolved: NFS: Automounted filesystems should inherit ro,noexec,nodev,sync flags When a filesystem is being automounted, it needs to preserve the user-set superblock mount options, such as the "ro" flag.
CVE-2025-68733Dec 24, 2025
affected < 1-150700.1.3.2fixed 1-150700.1.3.2
In the Linux kernel, the following vulnerability has been resolved: smack: fix bug: unprivileged task can create labels If an unprivileged task is allowed to relabel itself (/smack/relabel-self is not empty), it can freely create new labels by writing their names into own /proc
CVE-2025-68728Dec 24, 2025
affected < 1-150700.1.3.2fixed 1-150700.1.3.2
In the Linux kernel, the following vulnerability has been resolved: ntfs3: fix uninit memory after failed mi_read in mi_format_new Fix a KMSAN un-init bug found by syzkaller. ntfs_get_bh() expects a buffer from sb_getblk(), that buffer may not be uptodate. We do not bring the
CVE-2025-68727Dec 24, 2025
affected < 1-150700.1.3.2fixed 1-150700.1.3.2
In the Linux kernel, the following vulnerability has been resolved: ntfs3: Fix uninit buffer allocated by __getname() Fix uninit errors caused after buffer allocation given to 'de'; by initializing the buffer with zeroes. The fix was found by using KMSAN.
CVE-2025-68379Dec 24, 2025
affected < 1-150700.1.3.2fixed 1-150700.1.3.2
In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix null deref on srq->rq.queue after resize failure A NULL pointer dereference can occur in rxe_srq_chk_attr() when ibv_modify_srq() is invoked twice in succession under certain error conditions. The
CVE-2025-68372Dec 24, 2025
affected < 1-150700.1.3.2fixed 1-150700.1.3.2
In the Linux kernel, the following vulnerability has been resolved: nbd: defer config put in recv_work There is one uaf issue in recv_work when running NBD_CLEAR_SOCK and NBD_CMD_RECONFIGURE: nbd_genl_connect // conf_ref=2 (connect and recv_work A) nbd_open // co
CVE-2025-68367Dec 24, 2025
affected < 1-150700.1.3.2fixed 1-150700.1.3.2
In the Linux kernel, the following vulnerability has been resolved: macintosh/mac_hid: fix race condition in mac_hid_toggle_emumouse The following warning appears when running syzkaller, and this issue also exists in the mainline code. ------------[ cut here ]------------ li
CVE-2025-68366Dec 24, 2025
affected < 1-150700.1.3.2fixed 1-150700.1.3.2
In the Linux kernel, the following vulnerability has been resolved: nbd: defer config unlock in nbd_genl_connect There is one use-after-free warning when running NBD_CMD_CONNECT and NBD_CLEAR_SOCK: nbd_genl_connect nbd_alloc_and_init_config // config_refs=1 nbd_start_devic
CVE-2025-68363Dec 24, 2025
affected < 1-150700.1.3.2fixed 1-150700.1.3.2
In the Linux kernel, the following vulnerability has been resolved: bpf: Check skb->transport_header is set in bpf_skb_check_mtu The bpf_skb_check_mtu helper needs to use skb->transport_header when the BPF_MTU_CHK_SEGS flag is used: bpf_skb_check_mtu(skb, ifindex, &mtu_len, 0
CVE-2025-68349Dec 24, 2025
affected < 1-150700.1.3.2fixed 1-150700.1.3.2
In the Linux kernel, the following vulnerability has been resolved: NFSv4/pNFS: Clear NFS_INO_LAYOUTCOMMIT in pnfs_mark_layout_stateid_invalid Fixes a crash when layout is null during this call stack: write_inode -> nfs4_write_inode -> pnfs_layoutcommit_inode pnfs
CVE-2023-54013Dec 24, 2025
affected < 1-150700.1.3.2fixed 1-150700.1.3.2
In the Linux kernel, the following vulnerability has been resolved: interconnect: Fix locking for runpm vs reclaim For cases where icc_bw_set() can be called in callbaths that could deadlock against shrinker/reclaim, such as runpm resume, we need to decouple the icc locking. I
CVE-2025-68725Dec 24, 2025
affected < 1-150700.1.3.2fixed 1-150700.1.3.2
In the Linux kernel, the following vulnerability has been resolved: bpf: Do not let BPF test infra emit invalid GSO types to stack Yinhao et al. reported that their fuzzer tool was able to trigger a skb_warn_bad_offload() from netif_skb_features() -> gso_features_check(). When
CVE-2025-68365Dec 24, 2025
affected < 1-150700.1.3.2fixed 1-150700.1.3.2
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Initialize allocated memory before use KMSAN reports: Multiple uninitialized values detected: - KMSAN: uninit-value in ntfs_read_hdr (3) - KMSAN: uninit-value in bcmp (3) Memory is allocated by __ge
CVE-2025-68337Dec 22, 2025
affected < 1-150700.1.3.2fixed 1-150700.1.3.2
In the Linux kernel, the following vulnerability has been resolved: jbd2: avoid bug_on in jbd2_journal_get_create_access() when file system corrupted There's issue when file system corrupted: ------------[ cut here ]------------ kernel BUG at fs/jbd2/transaction.c:1289! Oops: i
CVE-2025-68327Dec 22, 2025
affected < 1-150700.1.3.2fixed 1-150700.1.3.2
In the Linux kernel, the following vulnerability has been resolved: usb: renesas_usbhs: Fix synchronous external abort on unbind A synchronous external abort occurs on the Renesas RZ/G3S SoC if unbind is executed after the configuration sequence described above: modprobe usb_f
CVE-2025-68325Dec 18, 2025
affected < 1-150700.1.3.2fixed 1-150700.1.3.2
In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_cake: Fix incorrect qlen reduction in cake_drop In cake_drop(), qdisc_tree_reduce_backlog() is used to update the qlen and backlog of the qdisc hierarchy. Its caller, cake_enqueue(), assumes that
CVE-2025-68320Dec 16, 2025
affected < 1-150700.1.3.2fixed 1-150700.1.3.2
In the Linux kernel, the following vulnerability has been resolved: lan966x: Fix sleeping in atomic context The following warning was seen when we try to connect using ssh to the device. BUG: sleeping function called from invalid context at kernel/locking/mutex.c:575 in_atomic
CVE-2025-68301Dec 16, 2025
affected < 1-150700.1.3.2fixed 1-150700.1.3.2
In the Linux kernel, the following vulnerability has been resolved: net: atlantic: fix fragment overflow handling in RX path The atlantic driver can receive packets with more than MAX_SKB_FRAGS (17) fragments when handling large multi-descriptor packets. This causes an out-of-b
CVE-2025-68297Dec 16, 2025
affected < 1-150700.1.3.2fixed 1-150700.1.3.2
In the Linux kernel, the following vulnerability has been resolved: ceph: fix crash in process_v2_sparse_read() for encrypted directories The crash in process_v2_sparse_read() for fscrypt-encrypted directories has been reported. Issue takes place for Ceph msgr2 protocol in secu
CVE-2025-68296Dec 16, 2025
affected < 1-150700.1.3.2fixed 1-150700.1.3.2
In the Linux kernel, the following vulnerability has been resolved: drm, fbcon, vga_switcheroo: Avoid race condition in fbcon setup Protect vga_switcheroo_client_fb_set() with console lock. Avoids OOB access in fbcon_remap_all(). Without holding the console lock the call races

Page 6 of 9