rpm package
suse/kernel-livepatch-SLE15-SP7_Update_2&distro=SUSE Linux Enterprise Live Patching 15 SP7
pkg:rpm/suse/kernel-livepatch-SLE15-SP7_Update_2&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP7
Vulnerabilities (284)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-23144 | — | < 1-150700.15.3.1 | 1-150700.15.3.1 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: backlight: led_bl: Hold led_access lock when calling led_sysfs_disable() Lockdep detects the following issue on led-backlight removal: [ 142.315935] ------------[ cut here ]------------ [ 142.315954] WARN | ||
| CVE-2025-23142 | — | < 1-150700.15.3.1 | 1-150700.15.3.1 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: sctp: detect and prevent references to a freed transport in sendmsg sctp_sendmsg() re-uses associations and transports when possible by doing a lookup based on the socket endpoint and the message destination ad | ||
| CVE-2025-23141 | — | < 1-150700.15.3.1 | 1-150700.15.3.1 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Acquire SRCU in KVM_GET_MP_STATE to protect guest memory accesses Acquire a lock on kvm->srcu when userspace is getting MP state to handle a rather extreme edge case where "accepting" APIC events, i.e | ||
| CVE-2024-58099 | — | < 1-150700.15.3.1 | 1-150700.15.3.1 | Apr 29, 2025 | In the Linux kernel, the following vulnerability has been resolved: vmxnet3: Fix packet corruption in vmxnet3_xdp_xmit_frame Andrew and Nikolay reported connectivity issues with Cilium's service load-balancing in case of vmxnet3. If a BPF program for native XDP adds an encapsu | ||
| CVE-2025-40014 | — | < 1-150700.15.3.1 | 1-150700.15.3.1 | Apr 18, 2025 | In the Linux kernel, the following vulnerability has been resolved: objtool, spi: amd: Fix out-of-bounds stack access in amd_set_spi_freq() If speed_hz < AMD_SPI_MIN_HZ, amd_set_spi_freq() iterates over the entire amd_spi_freq array without breaking out early, causing 'i' to go | ||
| CVE-2025-39735 | — | < 1-150700.15.3.1 | 1-150700.15.3.1 | Apr 18, 2025 | In the Linux kernel, the following vulnerability has been resolved: jfs: fix slab-out-of-bounds read in ea_get() During the "size_check" label in ea_get(), the code checks if the extended attribute list (xattr) size matches ea_size. If not, it logs "ea_get: invalid extended att | ||
| CVE-2025-38240 | — | < 1-150700.15.3.1 | 1-150700.15.3.1 | Apr 18, 2025 | In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: dp: drm_err => dev_err in HPD path to avoid NULL ptr The function mtk_dp_wait_hpd_asserted() may be called before the `mtk_dp->drm_dev` pointer is assigned in mtk_dp_bridge_attach(). Specifically | ||
| CVE-2025-38104 | — | < 1-150700.15.3.1 | 1-150700.15.3.1 | Apr 18, 2025 | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion in SRIOV RLCG Register Access is a way for virtual functions to safely access GPU registers in a virtualized environm | ||
| CVE-2025-37925 | — | < 1-150700.15.3.1 | 1-150700.15.3.1 | Apr 18, 2025 | In the Linux kernel, the following vulnerability has been resolved: jfs: reject on-disk inodes of an unsupported type Syzbot has reported the following BUG: kernel BUG at fs/inode.c:668! Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI CPU: 3 UID: 0 PID: 139 Comm: jfsComm | ||
| CVE-2025-22083 | Hig | 7.8 | < 1-150700.15.3.1 | 1-150700.15.3.1 | Apr 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: vhost-scsi: Fix handling of multiple calls to vhost_scsi_set_endpoint If vhost_scsi_set_endpoint is called multiple times without a vhost_scsi_clear_endpoint between them, we can hit multiple bugs found by Haor | |
| CVE-2025-22124 | — | < 1-150700.15.3.1 | 1-150700.15.3.1 | Apr 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: md/md-bitmap: fix wrong bitmap_limit for clustermd when write sb In clustermd, separate write-intent-bitmaps are used for each cluster node: 0 4k 8k 12 | ||
| CVE-2025-22120 | — | < 1-150700.15.3.1 | 1-150700.15.3.1 | Apr 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: ext4: goto right label 'out_mmap_sem' in ext4_setattr() Otherwise, if ext4_inode_attach_jinode() fails, a hung task will happen because filemap_invalidate_unlock() isn't called to unlock mapping->invalidate_loc | ||
| CVE-2025-22119 | — | < 1-150700.15.3.1 | 1-150700.15.3.1 | Apr 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: init wiphy_work before allocating rfkill fails syzbort reported a uninitialize wiphy_work_lock in cfg80211_dev_free. [1] After rfkill allocation fails, the wiphy release process will be perform | ||
| CVE-2025-22113 | — | < 1-150700.15.3.1 | 1-150700.15.3.1 | Apr 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: ext4: avoid journaling sb update on error if journal is destroying Presently we always BUG_ON if trying to start a transaction on a journal marked with JBD2_UNMOUNT, since this should never happen. However, whi | ||
| CVE-2025-22111 | — | < 1-150700.15.3.1 | 1-150700.15.3.1 | Apr 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: net: Remove RTNL dance for SIOCBRADDIF and SIOCBRDELIF. SIOCBRDELIF is passed to dev_ioctl() first and later forwarded to br_ioctl_call(), which causes unnecessary RTNL dance and the splat below [0] under RTNL | ||
| CVE-2025-22095 | — | < 1-150700.15.3.1 | 1-150700.15.3.1 | Apr 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: PCI: brcmstb: Fix error path after a call to regulator_bulk_get() If the regulator_bulk_get() returns an error and no regulators are created, we need to set their number to zero. If we don't do this and the PC | ||
| CVE-2025-22089 | — | < 1-150700.15.3.1 | 1-150700.15.3.1 | Apr 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Don't expose hw_counters outside of init net namespace Commit 467f432a521a ("RDMA/core: Split port and device counter sysfs attributes") accidentally almost exposed hw counters to non-init net namesp | ||
| CVE-2025-22066 | — | < 1-150700.15.3.1 | 1-150700.15.3.1 | Apr 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: ASoC: imx-card: Add NULL check in imx_card_probe() devm_kasprintf() returns NULL when memory allocation fails. Currently, imx_card_probe() does not check for this case, which results in a NULL pointer dereferen | ||
| CVE-2025-22035 | — | < 1-150700.15.3.1 | 1-150700.15.3.1 | Apr 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: tracing: Fix use-after-free in print_graph_function_flags during tracer switching Kairui reported a UAF issue in print_graph_function_flags() during ftrace stress testing [1]. This issue can be reproduced if pu | ||
| CVE-2025-22023 | — | < 1-150700.15.3.1 | 1-150700.15.3.1 | Apr 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Don't skip on Stopped - Length Invalid Up until commit d56b0b2ab142 ("usb: xhci: ensure skipped isoc TDs are returned when isoc ring is stopped") in v6.11, the driver didn't skip missed isochronous T |
- CVE-2025-23144May 1, 2025affected < 1-150700.15.3.1fixed 1-150700.15.3.1
In the Linux kernel, the following vulnerability has been resolved: backlight: led_bl: Hold led_access lock when calling led_sysfs_disable() Lockdep detects the following issue on led-backlight removal: [ 142.315935] ------------[ cut here ]------------ [ 142.315954] WARN
- CVE-2025-23142May 1, 2025affected < 1-150700.15.3.1fixed 1-150700.15.3.1
In the Linux kernel, the following vulnerability has been resolved: sctp: detect and prevent references to a freed transport in sendmsg sctp_sendmsg() re-uses associations and transports when possible by doing a lookup based on the socket endpoint and the message destination ad
- CVE-2025-23141May 1, 2025affected < 1-150700.15.3.1fixed 1-150700.15.3.1
In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Acquire SRCU in KVM_GET_MP_STATE to protect guest memory accesses Acquire a lock on kvm->srcu when userspace is getting MP state to handle a rather extreme edge case where "accepting" APIC events, i.e
- CVE-2024-58099Apr 29, 2025affected < 1-150700.15.3.1fixed 1-150700.15.3.1
In the Linux kernel, the following vulnerability has been resolved: vmxnet3: Fix packet corruption in vmxnet3_xdp_xmit_frame Andrew and Nikolay reported connectivity issues with Cilium's service load-balancing in case of vmxnet3. If a BPF program for native XDP adds an encapsu
- CVE-2025-40014Apr 18, 2025affected < 1-150700.15.3.1fixed 1-150700.15.3.1
In the Linux kernel, the following vulnerability has been resolved: objtool, spi: amd: Fix out-of-bounds stack access in amd_set_spi_freq() If speed_hz < AMD_SPI_MIN_HZ, amd_set_spi_freq() iterates over the entire amd_spi_freq array without breaking out early, causing 'i' to go
- CVE-2025-39735Apr 18, 2025affected < 1-150700.15.3.1fixed 1-150700.15.3.1
In the Linux kernel, the following vulnerability has been resolved: jfs: fix slab-out-of-bounds read in ea_get() During the "size_check" label in ea_get(), the code checks if the extended attribute list (xattr) size matches ea_size. If not, it logs "ea_get: invalid extended att
- CVE-2025-38240Apr 18, 2025affected < 1-150700.15.3.1fixed 1-150700.15.3.1
In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: dp: drm_err => dev_err in HPD path to avoid NULL ptr The function mtk_dp_wait_hpd_asserted() may be called before the `mtk_dp->drm_dev` pointer is assigned in mtk_dp_bridge_attach(). Specifically
- CVE-2025-38104Apr 18, 2025affected < 1-150700.15.3.1fixed 1-150700.15.3.1
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Replace Mutex with Spinlock for RLCG register access to avoid Priority Inversion in SRIOV RLCG Register Access is a way for virtual functions to safely access GPU registers in a virtualized environm
- CVE-2025-37925Apr 18, 2025affected < 1-150700.15.3.1fixed 1-150700.15.3.1
In the Linux kernel, the following vulnerability has been resolved: jfs: reject on-disk inodes of an unsupported type Syzbot has reported the following BUG: kernel BUG at fs/inode.c:668! Oops: invalid opcode: 0000 [#1] PREEMPT SMP KASAN PTI CPU: 3 UID: 0 PID: 139 Comm: jfsComm
- affected < 1-150700.15.3.1fixed 1-150700.15.3.1
In the Linux kernel, the following vulnerability has been resolved: vhost-scsi: Fix handling of multiple calls to vhost_scsi_set_endpoint If vhost_scsi_set_endpoint is called multiple times without a vhost_scsi_clear_endpoint between them, we can hit multiple bugs found by Haor
- CVE-2025-22124Apr 16, 2025affected < 1-150700.15.3.1fixed 1-150700.15.3.1
In the Linux kernel, the following vulnerability has been resolved: md/md-bitmap: fix wrong bitmap_limit for clustermd when write sb In clustermd, separate write-intent-bitmaps are used for each cluster node: 0 4k 8k 12
- CVE-2025-22120Apr 16, 2025affected < 1-150700.15.3.1fixed 1-150700.15.3.1
In the Linux kernel, the following vulnerability has been resolved: ext4: goto right label 'out_mmap_sem' in ext4_setattr() Otherwise, if ext4_inode_attach_jinode() fails, a hung task will happen because filemap_invalidate_unlock() isn't called to unlock mapping->invalidate_loc
- CVE-2025-22119Apr 16, 2025affected < 1-150700.15.3.1fixed 1-150700.15.3.1
In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: init wiphy_work before allocating rfkill fails syzbort reported a uninitialize wiphy_work_lock in cfg80211_dev_free. [1] After rfkill allocation fails, the wiphy release process will be perform
- CVE-2025-22113Apr 16, 2025affected < 1-150700.15.3.1fixed 1-150700.15.3.1
In the Linux kernel, the following vulnerability has been resolved: ext4: avoid journaling sb update on error if journal is destroying Presently we always BUG_ON if trying to start a transaction on a journal marked with JBD2_UNMOUNT, since this should never happen. However, whi
- CVE-2025-22111Apr 16, 2025affected < 1-150700.15.3.1fixed 1-150700.15.3.1
In the Linux kernel, the following vulnerability has been resolved: net: Remove RTNL dance for SIOCBRADDIF and SIOCBRDELIF. SIOCBRDELIF is passed to dev_ioctl() first and later forwarded to br_ioctl_call(), which causes unnecessary RTNL dance and the splat below [0] under RTNL
- CVE-2025-22095Apr 16, 2025affected < 1-150700.15.3.1fixed 1-150700.15.3.1
In the Linux kernel, the following vulnerability has been resolved: PCI: brcmstb: Fix error path after a call to regulator_bulk_get() If the regulator_bulk_get() returns an error and no regulators are created, we need to set their number to zero. If we don't do this and the PC
- CVE-2025-22089Apr 16, 2025affected < 1-150700.15.3.1fixed 1-150700.15.3.1
In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Don't expose hw_counters outside of init net namespace Commit 467f432a521a ("RDMA/core: Split port and device counter sysfs attributes") accidentally almost exposed hw counters to non-init net namesp
- CVE-2025-22066Apr 16, 2025affected < 1-150700.15.3.1fixed 1-150700.15.3.1
In the Linux kernel, the following vulnerability has been resolved: ASoC: imx-card: Add NULL check in imx_card_probe() devm_kasprintf() returns NULL when memory allocation fails. Currently, imx_card_probe() does not check for this case, which results in a NULL pointer dereferen
- CVE-2025-22035Apr 16, 2025affected < 1-150700.15.3.1fixed 1-150700.15.3.1
In the Linux kernel, the following vulnerability has been resolved: tracing: Fix use-after-free in print_graph_function_flags during tracer switching Kairui reported a UAF issue in print_graph_function_flags() during ftrace stress testing [1]. This issue can be reproduced if pu
- CVE-2025-22023Apr 16, 2025affected < 1-150700.15.3.1fixed 1-150700.15.3.1
In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Don't skip on Stopped - Length Invalid Up until commit d56b0b2ab142 ("usb: xhci: ensure skipped isoc TDs are returned when isoc ring is stopped") in v6.11, the driver didn't skip missed isochronous T
Page 12 of 15