rpm package
suse/kernel-livepatch-SLE15-SP7_Update_1&distro=SUSE Linux Enterprise Live Patching 15 SP7
pkg:rpm/suse/kernel-livepatch-SLE15-SP7_Update_1&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP7
Vulnerabilities (371)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-22094 | — | < 1-150700.15.3.1 | 1-150700.15.3.1 | Apr 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: powerpc/perf: Fix ref-counting on the PMU 'vpa_pmu' Commit 176cda0619b6 ("powerpc/perf: Add perf interface to expose vpa counters") introduced 'vpa_pmu' to expose Book3s-HV nested APIv2 provided L1<->L2 context | ||
| CVE-2025-22093 | — | < 1-150700.15.3.1 | 1-150700.15.3.1 | Apr 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: avoid NPD when ASIC does not support DMUB ctx->dmub_srv will de NULL if the ASIC does not support DMUB, which is tested in dm_dmub_sw_init. However, it will be dereferenced in dmub_hw_lock_mgr | ||
| CVE-2025-22091 | — | < 1-150700.15.3.1 | 1-150700.15.3.1 | Apr 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix page_size variable overflow Change all variables storing mlx5_umem_mkc_find_best_pgsz() result to unsigned long to support values larger than 31 and avoid overflow. For example: If we try to reg | ||
| CVE-2025-22090 | — | < 1-150700.15.3.1 | 1-150700.15.3.1 | Apr 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: x86/mm/pat: Fix VM_PAT handling when fork() fails in copy_page_range() If track_pfn_copy() fails, we already added the dst VMA to the maple tree. As fork() fails, we'll cleanup the maple tree, and stumble over | ||
| CVE-2025-22088 | — | < 1-150700.15.3.1 | 1-150700.15.3.1 | Apr 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: RDMA/erdma: Prevent use-after-free in erdma_accept_newconn() After the erdma_cep_put(new_cep) being called, new_cep will be freed, and the following dereference will cause a UAF problem. Fix this issue. | ||
| CVE-2025-22086 | — | < 1-150700.15.3.1 | 1-150700.15.3.1 | Apr 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow When cur_qp isn't NULL, in order to avoid fetching the QP from the radix tree again we check if the next cqe QP is identical to the one we already have. The bu | ||
| CVE-2025-22085 | — | < 1-150700.15.3.1 | 1-150700.15.3.1 | Apr 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Fix use-after-free when rename device name Syzbot reported a slab-use-after-free with the following call trace: ================================================================== BUG: KASAN: slab-us | ||
| CVE-2025-22080 | — | < 1-150700.15.3.1 | 1-150700.15.3.1 | Apr 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Prevent integer overflow in hdr_first_de() The "de_off" and "used" variables come from the disk so they both need to check. The problem is that on 32bit systems if they're both greater than UINT_MAX | ||
| CVE-2025-22075 | — | < 1-150700.15.3.1 | 1-150700.15.3.1 | Apr 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: rtnetlink: Allocate vfinfo size for VF GUIDs when supported Commit 30aad41721e0 ("net/core: Add support for getting VF GUIDs") added support for getting VF port and node GUIDs in netlink ifinfo messages, but th | ||
| CVE-2025-22070 | — | < 1-150700.15.3.1 | 1-150700.15.3.1 | Apr 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: fs/9p: fix NULL pointer dereference on mkdir When a 9p tree was mounted with option 'posixacl', parent directory had a default ACL set for its subdirectories, e.g.: setfacl -m default:group:simpsons:rwx pare | ||
| CVE-2025-22065 | — | < 1-150700.15.3.1 | 1-150700.15.3.1 | Apr 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: idpf: fix adapter NULL pointer dereference on reboot With SRIOV enabled, idpf ends up calling into idpf_remove() twice. First via idpf_shutdown() and then again when idpf_remove() calls into sriov_disable(), be | ||
| CVE-2025-22064 | — | < 1-150700.15.3.1 | 1-150700.15.3.1 | Apr 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: don't unregister hook when table is dormant When nf_tables_updchain encounters an error, hook registration needs to be rolled back. This should only be done if the hook has been registere | ||
| CVE-2025-22063 | — | < 1-150700.15.3.1 | 1-150700.15.3.1 | Apr 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets When calling netlbl_conn_setattr(), addr->sa_family is used to determine the function behavior. If sk is an IPv4 socket, but the connect fu | ||
| CVE-2025-22062 | — | < 1-150700.15.3.1 | 1-150700.15.3.1 | Apr 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: sctp: add mutual exclusion in proc_sctp_do_udp_port() We must serialize calls to sctp_udp_sock_stop() and sctp_udp_sock_start() or risk a crash as syzbot reported: Oops: general protection fault, probably for | ||
| CVE-2025-22060 | — | < 1-150700.15.3.1 | 1-150700.15.3.1 | Apr 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: net: mvpp2: Prevent parser TCAM memory corruption Protect the parser TCAM/SRAM memory, and the cached (shadow) SRAM information, from concurrent modifications. Both the TCAM and SRAM tables are indirectly acce | ||
| CVE-2025-22058 | — | < 1-150700.15.3.1 | 1-150700.15.3.1 | Apr 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: udp: Fix memory accounting leak. Matt Dowling reported a weird UDP memory usage issue. Under normal operation, the UDP memory usage reported in /proc/net/sockstat remains close to zero. However, it occasional | ||
| CVE-2025-22057 | — | < 1-150700.15.3.1 | 1-150700.15.3.1 | Apr 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: net: decrease cached dst counters in dst_release Upstream fix ac888d58869b ("net: do not delay dst_entries_add() in dst_release()") moved decrementing the dst count from dst_destroy to dst_release to avoid acce | ||
| CVE-2025-22056 | — | < 1-150700.15.3.1 | 1-150700.15.3.1 | Apr 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_tunnel: fix geneve_opt type confusion addition When handling multiple NFTA_TUNNEL_KEY_OPTS_GENEVE attributes, the parsing logic should place every geneve_opt structure one by one compactly. Hence | ||
| CVE-2025-22053 | — | < 1-150700.15.3.1 | 1-150700.15.3.1 | Apr 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: net: ibmveth: make veth_pool_store stop hanging v2: - Created a single error handling unlock and exit in veth_pool_store - Greatly expanded commit message with previous explanatory-only text Summary: Use rtnl_ | ||
| CVE-2025-22050 | — | < 1-150700.15.3.1 | 1-150700.15.3.1 | Apr 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: usbnet:fix NPE during rx_complete Missing usbnet_going_away Check in Critical Path. The usb_submit_urb function lacks a usbnet_going_away validation, whereas __usbnet_queue_skb includes this check. This incons |
- CVE-2025-22094Apr 16, 2025affected < 1-150700.15.3.1fixed 1-150700.15.3.1
In the Linux kernel, the following vulnerability has been resolved: powerpc/perf: Fix ref-counting on the PMU 'vpa_pmu' Commit 176cda0619b6 ("powerpc/perf: Add perf interface to expose vpa counters") introduced 'vpa_pmu' to expose Book3s-HV nested APIv2 provided L1<->L2 context
- CVE-2025-22093Apr 16, 2025affected < 1-150700.15.3.1fixed 1-150700.15.3.1
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: avoid NPD when ASIC does not support DMUB ctx->dmub_srv will de NULL if the ASIC does not support DMUB, which is tested in dm_dmub_sw_init. However, it will be dereferenced in dmub_hw_lock_mgr
- CVE-2025-22091Apr 16, 2025affected < 1-150700.15.3.1fixed 1-150700.15.3.1
In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix page_size variable overflow Change all variables storing mlx5_umem_mkc_find_best_pgsz() result to unsigned long to support values larger than 31 and avoid overflow. For example: If we try to reg
- CVE-2025-22090Apr 16, 2025affected < 1-150700.15.3.1fixed 1-150700.15.3.1
In the Linux kernel, the following vulnerability has been resolved: x86/mm/pat: Fix VM_PAT handling when fork() fails in copy_page_range() If track_pfn_copy() fails, we already added the dst VMA to the maple tree. As fork() fails, we'll cleanup the maple tree, and stumble over
- CVE-2025-22088Apr 16, 2025affected < 1-150700.15.3.1fixed 1-150700.15.3.1
In the Linux kernel, the following vulnerability has been resolved: RDMA/erdma: Prevent use-after-free in erdma_accept_newconn() After the erdma_cep_put(new_cep) being called, new_cep will be freed, and the following dereference will cause a UAF problem. Fix this issue.
- CVE-2025-22086Apr 16, 2025affected < 1-150700.15.3.1fixed 1-150700.15.3.1
In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix mlx5_poll_one() cur_qp update flow When cur_qp isn't NULL, in order to avoid fetching the QP from the radix tree again we check if the next cqe QP is identical to the one we already have. The bu
- CVE-2025-22085Apr 16, 2025affected < 1-150700.15.3.1fixed 1-150700.15.3.1
In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Fix use-after-free when rename device name Syzbot reported a slab-use-after-free with the following call trace: ================================================================== BUG: KASAN: slab-us
- CVE-2025-22080Apr 16, 2025affected < 1-150700.15.3.1fixed 1-150700.15.3.1
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Prevent integer overflow in hdr_first_de() The "de_off" and "used" variables come from the disk so they both need to check. The problem is that on 32bit systems if they're both greater than UINT_MAX
- CVE-2025-22075Apr 16, 2025affected < 1-150700.15.3.1fixed 1-150700.15.3.1
In the Linux kernel, the following vulnerability has been resolved: rtnetlink: Allocate vfinfo size for VF GUIDs when supported Commit 30aad41721e0 ("net/core: Add support for getting VF GUIDs") added support for getting VF port and node GUIDs in netlink ifinfo messages, but th
- CVE-2025-22070Apr 16, 2025affected < 1-150700.15.3.1fixed 1-150700.15.3.1
In the Linux kernel, the following vulnerability has been resolved: fs/9p: fix NULL pointer dereference on mkdir When a 9p tree was mounted with option 'posixacl', parent directory had a default ACL set for its subdirectories, e.g.: setfacl -m default:group:simpsons:rwx pare
- CVE-2025-22065Apr 16, 2025affected < 1-150700.15.3.1fixed 1-150700.15.3.1
In the Linux kernel, the following vulnerability has been resolved: idpf: fix adapter NULL pointer dereference on reboot With SRIOV enabled, idpf ends up calling into idpf_remove() twice. First via idpf_shutdown() and then again when idpf_remove() calls into sriov_disable(), be
- CVE-2025-22064Apr 16, 2025affected < 1-150700.15.3.1fixed 1-150700.15.3.1
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: don't unregister hook when table is dormant When nf_tables_updchain encounters an error, hook registration needs to be rolled back. This should only be done if the hook has been registere
- CVE-2025-22063Apr 16, 2025affected < 1-150700.15.3.1fixed 1-150700.15.3.1
In the Linux kernel, the following vulnerability has been resolved: netlabel: Fix NULL pointer exception caused by CALIPSO on IPv4 sockets When calling netlbl_conn_setattr(), addr->sa_family is used to determine the function behavior. If sk is an IPv4 socket, but the connect fu
- CVE-2025-22062Apr 16, 2025affected < 1-150700.15.3.1fixed 1-150700.15.3.1
In the Linux kernel, the following vulnerability has been resolved: sctp: add mutual exclusion in proc_sctp_do_udp_port() We must serialize calls to sctp_udp_sock_stop() and sctp_udp_sock_start() or risk a crash as syzbot reported: Oops: general protection fault, probably for
- CVE-2025-22060Apr 16, 2025affected < 1-150700.15.3.1fixed 1-150700.15.3.1
In the Linux kernel, the following vulnerability has been resolved: net: mvpp2: Prevent parser TCAM memory corruption Protect the parser TCAM/SRAM memory, and the cached (shadow) SRAM information, from concurrent modifications. Both the TCAM and SRAM tables are indirectly acce
- CVE-2025-22058Apr 16, 2025affected < 1-150700.15.3.1fixed 1-150700.15.3.1
In the Linux kernel, the following vulnerability has been resolved: udp: Fix memory accounting leak. Matt Dowling reported a weird UDP memory usage issue. Under normal operation, the UDP memory usage reported in /proc/net/sockstat remains close to zero. However, it occasional
- CVE-2025-22057Apr 16, 2025affected < 1-150700.15.3.1fixed 1-150700.15.3.1
In the Linux kernel, the following vulnerability has been resolved: net: decrease cached dst counters in dst_release Upstream fix ac888d58869b ("net: do not delay dst_entries_add() in dst_release()") moved decrementing the dst count from dst_destroy to dst_release to avoid acce
- CVE-2025-22056Apr 16, 2025affected < 1-150700.15.3.1fixed 1-150700.15.3.1
In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_tunnel: fix geneve_opt type confusion addition When handling multiple NFTA_TUNNEL_KEY_OPTS_GENEVE attributes, the parsing logic should place every geneve_opt structure one by one compactly. Hence
- CVE-2025-22053Apr 16, 2025affected < 1-150700.15.3.1fixed 1-150700.15.3.1
In the Linux kernel, the following vulnerability has been resolved: net: ibmveth: make veth_pool_store stop hanging v2: - Created a single error handling unlock and exit in veth_pool_store - Greatly expanded commit message with previous explanatory-only text Summary: Use rtnl_
- CVE-2025-22050Apr 16, 2025affected < 1-150700.15.3.1fixed 1-150700.15.3.1
In the Linux kernel, the following vulnerability has been resolved: usbnet:fix NPE during rx_complete Missing usbnet_going_away Check in Critical Path. The usb_submit_urb function lacks a usbnet_going_away validation, whereas __usbnet_queue_skb includes this check. This incons
Page 7 of 19