rpm package
suse/kernel-livepatch-SLE15-SP7_Update_16&distro=SUSE Linux Enterprise Live Patching 15 SP7
pkg:rpm/suse/kernel-livepatch-SLE15-SP7_Update_16&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP7
Vulnerabilities (103)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-46243 | Hig | 7.1 | < 1-150700.15.3.2 | 1-150700.15.3.2 | Jun 1, 2026 | In the Linux kernel, the following vulnerability has been resolved: smb: client: reject userspace cifs.spnego descriptions cifs.spnego key descriptions contain authority-bearing fields such as pid, uid, creduid, and upcall_target that cifs.upcall treats as kernel-originating in | |
| CVE-2026-46209 | Hig | 7.8 | < 1-150700.15.3.2 | 1-150700.15.3.2 | May 28, 2026 | In the Linux kernel, the following vulnerability has been resolved: drm/gem: Fix inconsistent plane dimension calculation in drm_gem_fb_init_with_funcs() drm_gem_fb_init_with_funcs() computes sub-sampled plane dimensions using plain integer division: unsigned int width = mo | |
| CVE-2026-46181 | Hig | 7.8 | < 1-150700.15.3.2 | 1-150700.15.3.2 | May 28, 2026 | In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx4: Fix mis-use of RCU in mlx4_srq_event() Sashiko points out the radix_tree itself is RCU safe, but nothing ever frees the mlx4_srq struct with RCU, and it isn't even accessed within the RCU critical se | |
| CVE-2026-46176 | Hig | 7.8 | < 1-150700.15.3.2 | 1-150700.15.3.2 | May 28, 2026 | In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix error path fall-through in mlx5_ib_dev_res_srq_init() mlx5_ib_dev_res_srq_init() allocates two SRQs, s0 and s1. When ib_create_srq() fails for s1, the error branch destroys s0 but falls through a | |
| CVE-2026-46159 | Med | 4.7 | < 1-150700.15.3.2 | 1-150700.15.3.2 | May 28, 2026 | In the Linux kernel, the following vulnerability has been resolved: btrfs: fix btrfs_ioctl_space_info() slot_count TOCTOU which can lead to info-leak btrfs_ioctl_space_info() has a TOCTOU race between two passes over the block group RAID type lists. The first pass counts entrie | |
| CVE-2026-46157 | Hig | 7.8 | < 1-150700.15.3.2 | 1-150700.15.3.2 | May 28, 2026 | In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: oss: Fix data race at accessing runtime.oss.trigger Currently the runtime.oss.trigger field may be accessed concurrently without protection, which may lead to the data race. And, in this case, it ma | |
| CVE-2026-46114 | Hig | 7.5 | < 1-150700.15.3.2 | 1-150700.15.3.2 | May 28, 2026 | In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Reject non-8-byte ATOMIC_WRITE payloads atomic_write_reply() at drivers/infiniband/sw/rxe/rxe_resp.c unconditionally dereferences 8 bytes at payload_addr(pkt): value = *(u64 *)payload_addr(pkt); | |
| CVE-2026-46113 | Hig | 8.8 | < 1-150700.15.3.2 | 1-150700.15.3.2 | May 28, 2026 | In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Fix shadow paging use-after-free due to unexpected GFN The shadow MMU computes GFNs for direct shadow pages using sp->gfn plus the SPTE index. This assumption breaks for shadow paging if the guest pag | |
| CVE-2026-46111 | Hig | 7.8 | < 1-150700.15.3.2 | 1-150700.15.3.2 | May 28, 2026 | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_conn: fix potential UAF in create_big_sync Add hci_conn_valid() check in create_big_sync() to detect stale connections before proceeding with BIG creation. Handle the resulting -ECANCELED in crea | |
| CVE-2026-46110 | Hig | 7.5 | < 1-150700.15.3.2 | 1-150700.15.3.2 | May 28, 2026 | In the Linux kernel, the following vulnerability has been resolved: net: stmmac: Prevent NULL deref when RX memory exhausted The CPU receives frames from the MAC through conventional DMA: the CPU allocates buffers for the MAC, then the MAC fills them and returns ownership to th | |
| CVE-2026-46094 | — | < 1-150700.15.3.2 | 1-150700.15.3.2 | May 27, 2026 | In the Linux kernel, the following vulnerability has been resolved: ext4: fix bounds check in check_xattrs() to prevent out-of-bounds access The bounds check for the next xattr entry in check_xattrs() uses (void *)next >= end, which allows next to point within sizeof(u32) bytes | ||
| CVE-2026-46090 | Hig | 7.8 | < 1-150700.15.3.2 | 1-150700.15.3.2 | May 27, 2026 | In the Linux kernel, the following vulnerability has been resolved: ALSA: aloop: Fix peer runtime UAF during format-change stop loopback_check_format() may stop the capture side when playback starts with parameters that no longer match a running capture stream. Commit 826af7fa6 | |
| CVE-2026-46083 | — | < 1-150700.15.3.2 | 1-150700.15.3.2 | May 27, 2026 | In the Linux kernel, the following vulnerability has been resolved: spi: fix resource leaks on device setup failure Make sure to call controller cleanup() if spi_setup() fails while registering a device to avoid leaking any resources allocated by setup(). | ||
| CVE-2026-46079 | — | < 1-150700.15.3.2 | 1-150700.15.3.2 | May 27, 2026 | In the Linux kernel, the following vulnerability has been resolved: rbd: fix null-ptr-deref when device_add_disk() fails do_rbd_add() publishes the device with device_add() before calling device_add_disk(). If device_add_disk() fails after device_add() succeeds, the error path | ||
| CVE-2026-46043 | Cri | 9.1 | < 1-150700.15.3.2 | 1-150700.15.3.2 | May 27, 2026 | In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Validate pad and ICRC before payload_size() in rxe_rcv rxe_rcv() currently checks only that the incoming packet is at least header_size(pkt) bytes long before payload_size() is used. However, payload | |
| CVE-2026-46024 | Hig | 7.5 | < 1-150700.15.3.2 | 1-150700.15.3.2 | May 27, 2026 | In the Linux kernel, the following vulnerability has been resolved: libceph: Prevent potential null-ptr-deref in ceph_handle_auth_reply() If a message of type CEPH_MSG_AUTH_REPLY contains a zero value for both protocol and result, this is currently not treated as an error. In c | |
| CVE-2026-46021 | Med | 5.5 | < 1-150700.15.3.2 | 1-150700.15.3.2 | May 27, 2026 | In the Linux kernel, the following vulnerability has been resolved: thermal: core: Fix thermal zone governor cleanup issues If thermal_zone_device_register_with_trips() fails after adding a thermal governor to the thermal zone being registered, the governor is not removed from | |
| CVE-2026-46004 | Hig | 7.8 | < 1-150700.15.3.2 | 1-150700.15.3.2 | May 27, 2026 | In the Linux kernel, the following vulnerability has been resolved: ALSA: caiaq: Handle probe errors properly The probe procedure of setup_card() in caiaq driver doesn't treat the error cases gracefully, e.g. the error from snd_card_register() calls snd_card_free() but continue | |
| CVE-2026-45984 | Hig | 7.8 | < 1-150700.15.3.2 | 1-150700.15.3.2 | May 27, 2026 | In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix use-after-free in iomap inline data write path The inline data buffer head (dibh) is being released prematurely in gfs2_iomap_begin() via release_metapath() while iomap->inline_data still points to di | |
| CVE-2026-45983 | Med | 5.5 | < 1-150700.15.3.2 | 1-150700.15.3.2 | May 27, 2026 | In the Linux kernel, the following vulnerability has been resolved: nfsd: never defer requests during idmap lookup During v4 request compound arg decoding, some ops (e.g. SETATTR) can trigger idmap lookup upcalls. When those upcall responses get delayed beyond the allowed time |
- affected < 1-150700.15.3.2fixed 1-150700.15.3.2
In the Linux kernel, the following vulnerability has been resolved: smb: client: reject userspace cifs.spnego descriptions cifs.spnego key descriptions contain authority-bearing fields such as pid, uid, creduid, and upcall_target that cifs.upcall treats as kernel-originating in
- affected < 1-150700.15.3.2fixed 1-150700.15.3.2
In the Linux kernel, the following vulnerability has been resolved: drm/gem: Fix inconsistent plane dimension calculation in drm_gem_fb_init_with_funcs() drm_gem_fb_init_with_funcs() computes sub-sampled plane dimensions using plain integer division: unsigned int width = mo
- affected < 1-150700.15.3.2fixed 1-150700.15.3.2
In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx4: Fix mis-use of RCU in mlx4_srq_event() Sashiko points out the radix_tree itself is RCU safe, but nothing ever frees the mlx4_srq struct with RCU, and it isn't even accessed within the RCU critical se
- affected < 1-150700.15.3.2fixed 1-150700.15.3.2
In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix error path fall-through in mlx5_ib_dev_res_srq_init() mlx5_ib_dev_res_srq_init() allocates two SRQs, s0 and s1. When ib_create_srq() fails for s1, the error branch destroys s0 but falls through a
- affected < 1-150700.15.3.2fixed 1-150700.15.3.2
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix btrfs_ioctl_space_info() slot_count TOCTOU which can lead to info-leak btrfs_ioctl_space_info() has a TOCTOU race between two passes over the block group RAID type lists. The first pass counts entrie
- affected < 1-150700.15.3.2fixed 1-150700.15.3.2
In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: oss: Fix data race at accessing runtime.oss.trigger Currently the runtime.oss.trigger field may be accessed concurrently without protection, which may lead to the data race. And, in this case, it ma
- affected < 1-150700.15.3.2fixed 1-150700.15.3.2
In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Reject non-8-byte ATOMIC_WRITE payloads atomic_write_reply() at drivers/infiniband/sw/rxe/rxe_resp.c unconditionally dereferences 8 bytes at payload_addr(pkt): value = *(u64 *)payload_addr(pkt);
- affected < 1-150700.15.3.2fixed 1-150700.15.3.2
In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Fix shadow paging use-after-free due to unexpected GFN The shadow MMU computes GFNs for direct shadow pages using sp->gfn plus the SPTE index. This assumption breaks for shadow paging if the guest pag
- affected < 1-150700.15.3.2fixed 1-150700.15.3.2
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_conn: fix potential UAF in create_big_sync Add hci_conn_valid() check in create_big_sync() to detect stale connections before proceeding with BIG creation. Handle the resulting -ECANCELED in crea
- affected < 1-150700.15.3.2fixed 1-150700.15.3.2
In the Linux kernel, the following vulnerability has been resolved: net: stmmac: Prevent NULL deref when RX memory exhausted The CPU receives frames from the MAC through conventional DMA: the CPU allocates buffers for the MAC, then the MAC fills them and returns ownership to th
- CVE-2026-46094May 27, 2026affected < 1-150700.15.3.2fixed 1-150700.15.3.2
In the Linux kernel, the following vulnerability has been resolved: ext4: fix bounds check in check_xattrs() to prevent out-of-bounds access The bounds check for the next xattr entry in check_xattrs() uses (void *)next >= end, which allows next to point within sizeof(u32) bytes
- affected < 1-150700.15.3.2fixed 1-150700.15.3.2
In the Linux kernel, the following vulnerability has been resolved: ALSA: aloop: Fix peer runtime UAF during format-change stop loopback_check_format() may stop the capture side when playback starts with parameters that no longer match a running capture stream. Commit 826af7fa6
- CVE-2026-46083May 27, 2026affected < 1-150700.15.3.2fixed 1-150700.15.3.2
In the Linux kernel, the following vulnerability has been resolved: spi: fix resource leaks on device setup failure Make sure to call controller cleanup() if spi_setup() fails while registering a device to avoid leaking any resources allocated by setup().
- CVE-2026-46079May 27, 2026affected < 1-150700.15.3.2fixed 1-150700.15.3.2
In the Linux kernel, the following vulnerability has been resolved: rbd: fix null-ptr-deref when device_add_disk() fails do_rbd_add() publishes the device with device_add() before calling device_add_disk(). If device_add_disk() fails after device_add() succeeds, the error path
- affected < 1-150700.15.3.2fixed 1-150700.15.3.2
In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Validate pad and ICRC before payload_size() in rxe_rcv rxe_rcv() currently checks only that the incoming packet is at least header_size(pkt) bytes long before payload_size() is used. However, payload
- affected < 1-150700.15.3.2fixed 1-150700.15.3.2
In the Linux kernel, the following vulnerability has been resolved: libceph: Prevent potential null-ptr-deref in ceph_handle_auth_reply() If a message of type CEPH_MSG_AUTH_REPLY contains a zero value for both protocol and result, this is currently not treated as an error. In c
- affected < 1-150700.15.3.2fixed 1-150700.15.3.2
In the Linux kernel, the following vulnerability has been resolved: thermal: core: Fix thermal zone governor cleanup issues If thermal_zone_device_register_with_trips() fails after adding a thermal governor to the thermal zone being registered, the governor is not removed from
- affected < 1-150700.15.3.2fixed 1-150700.15.3.2
In the Linux kernel, the following vulnerability has been resolved: ALSA: caiaq: Handle probe errors properly The probe procedure of setup_card() in caiaq driver doesn't treat the error cases gracefully, e.g. the error from snd_card_register() calls snd_card_free() but continue
- affected < 1-150700.15.3.2fixed 1-150700.15.3.2
In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix use-after-free in iomap inline data write path The inline data buffer head (dibh) is being released prematurely in gfs2_iomap_begin() via release_metapath() while iomap->inline_data still points to di
- affected < 1-150700.15.3.2fixed 1-150700.15.3.2
In the Linux kernel, the following vulnerability has been resolved: nfsd: never defer requests during idmap lookup During v4 request compound arg decoding, some ops (e.g. SETATTR) can trigger idmap lookup upcalls. When those upcall responses get delayed beyond the allowed time
Page 1 of 6