rpm package
suse/kernel-livepatch-SLE15-SP7_Update_4&distro=SUSE Linux Enterprise Live Patching 15 SP7
pkg:rpm/suse/kernel-livepatch-SLE15-SP7_Update_4&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP7
Vulnerabilities (129)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-38571 | — | < 1-150700.15.3.2 | 1-150700.15.3.2 | Aug 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix client side handling of tls alerts A security exploit was discovered in NFS over TLS in tls_alert_recv due to its assumption that there is valid data in the msghdr's iterator's kvec. Instead, this | ||
| CVE-2025-38568 | — | < 1-150700.15.3.2 | 1-150700.15.3.2 | Aug 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: net/sched: mqprio: fix stack out-of-bounds write in tc entry parsing TCA_MQPRIO_TC_ENTRY_INDEX is validated using NLA_POLICY_MAX(NLA_U32, TC_QOPT_MAX_QUEUE), which allows the value TC_QOPT_MAX_QUEUE (16). This | ||
| CVE-2025-38566 | — | < 1-150700.15.3.2 | 1-150700.15.3.2 | Aug 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix handling of server side tls alerts Scott Mayhew discovered a security exploit in NFS over TLS in tls_alert_recv() due to its assumption it can read data from the msg iterator's kvec.. kTLS implemen | ||
| CVE-2025-38565 | — | < 1-150700.15.3.2 | 1-150700.15.3.2 | Aug 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: perf/core: Exit early on perf_mmap() fail When perf_mmap() fails to allocate a buffer, it still invokes the event_mapped() callback of the related event. On X86 this might increase the perf_rdpmc_allowed refere | ||
| CVE-2025-38563 | — | < 1-150700.15.3.2 | 1-150700.15.3.2 | Aug 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: perf/core: Prevent VMA split of buffer mappings The perf mmap code is careful about mmap()'ing the user page with the ringbuffer and additionally the auxiliary buffer, when the event supports it. Once the first | ||
| CVE-2025-38560 | — | < 1-150700.15.3.2 | 1-150700.15.3.2 | Aug 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: x86/sev: Evict cache lines during SNP memory validation An SNP cache coherency vulnerability requires a cache line eviction mitigation when validating memory after a page state change to private. The specific m | ||
| CVE-2025-38555 | — | < 1-150700.15.3.2 | 1-150700.15.3.2 | Aug 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: usb: gadget : fix use-after-free in composite_dev_cleanup() 1. In func configfs_composite_bind() -> composite_os_desc_req_prepare(): if kmalloc fails, the pointer cdev->os_desc_req will be freed but not set to | ||
| CVE-2025-38553 | — | < 1-150700.15.3.2 | 1-150700.15.3.2 | Aug 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: net/sched: Restrict conditions for adding duplicating netems to qdisc tree netem_enqueue's duplication prevention logic breaks when a netem resides in a qdisc tree with other netems - this can lead to a soft lo | ||
| CVE-2023-3867 | — | < 1-150700.15.3.2 | 1-150700.15.3.2 | Aug 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix out of bounds read in smb2_sess_setup ksmbd does not consider the case of that smb2 session setup is in compound request. If this is the second payload of the compound, OOB read issue occurs while pr | ||
| CVE-2023-4130 | — | < 1-150700.15.3.2 | 1-150700.15.3.2 | Aug 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix wrong next length validation of ea buffer in smb2_set_ea() There are multiple smb2_ea_info buffers in FILE_FULL_EA_INFORMATION request from client. ksmbd find next smb2_ea_info using ->NextEntryOffse | ||
| CVE-2023-4515 | — | < 1-150700.15.3.2 | 1-150700.15.3.2 | Aug 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate command request size In commit 2b9b8f3b68ed ("ksmbd: validate command payload size"), except for SMB2_OPLOCK_BREAK_HE command, the request size of other commands is not checked, it's not expecte | ||
| CVE-2025-38531 | Med | 5.5 | < 1-150700.15.3.2 | 1-150700.15.3.2 | Aug 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: iio: common: st_sensors: Fix use of uninitialize device structs Throughout the various probe functions &indio_dev->dev is used before it is initialized. This caused a kernel panic in st_sensors_power_enable() w | |
| CVE-2025-38550 | — | < 1-150700.15.3.2 | 1-150700.15.3.2 | Aug 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: ipv6: mcast: Delay put pmc->idev in mld_del_delrec() pmc->idev is still used in ip6_mc_clear_src(), so as mld_clear_delrec() does, the reference should be put after ip6_mc_clear_src() return. | ||
| CVE-2025-38548 | — | < 1-150700.15.3.2 | 1-150700.15.3.2 | Aug 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: hwmon: (corsair-cpro) Validate the size of the received input buffer Add buffer_recv_size to store the size of the received bytes. Validate buffer_recv_size in send_usb_cmd(). | ||
| CVE-2025-38546 | — | < 1-150700.15.3.2 | 1-150700.15.3.2 | Aug 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: atm: clip: Fix memory leak of struct clip_vcc. ioctl(ATMARP_MKIP) allocates struct clip_vcc and set it to vcc->user_back. The code assumes that vcc_destroy_socket() passes NULL skb to vcc->push() when the sock | ||
| CVE-2025-38543 | — | < 1-150700.15.3.2 | 1-150700.15.3.2 | Aug 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: drm/tegra: nvdec: Fix dma_alloc_coherent error check Check for NULL return value with dma_alloc_coherent, in line with Robin's fix for vic.c in 'drm/tegra: vic: Fix DMA API misuse'. | ||
| CVE-2025-38541 | — | < 1-150700.15.3.2 | 1-150700.15.3.2 | Aug 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7925: Fix null-ptr-deref in mt7925_thermal_init() devm_kasprintf() returns NULL on error. Currently, mt7925_thermal_init() does not check for this case, which results in a NULL pointer dereference | ||
| CVE-2025-38540 | — | < 1-150700.15.3.2 | 1-150700.15.3.2 | Aug 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras The Chicony Electronics HP 5MP Cameras (USB ID 04F2:B824 & 04F2:B82C) report a HID sensor interface that is not actually implemented. Attempting t | ||
| CVE-2025-38538 | — | < 1-150700.15.3.2 | 1-150700.15.3.2 | Aug 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: dmaengine: nbpfaxi: Fix memory corruption in probe() The nbpf->chan[] array is allocated earlier in the nbpf_probe() function and it has "num_channels" elements. These three loops iterate one element farther t | ||
| CVE-2025-38537 | — | < 1-150700.15.3.2 | 1-150700.15.3.2 | Aug 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: net: phy: Don't register LEDs for genphy If a PHY has no driver, the genphy driver is probed/removed directly in phy_attach/detach. If the PHY's ofnode has an "leds" subnode, then the LEDs will be (un)registere |
- CVE-2025-38571Aug 19, 2025affected < 1-150700.15.3.2fixed 1-150700.15.3.2
In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix client side handling of tls alerts A security exploit was discovered in NFS over TLS in tls_alert_recv due to its assumption that there is valid data in the msghdr's iterator's kvec. Instead, this
- CVE-2025-38568Aug 19, 2025affected < 1-150700.15.3.2fixed 1-150700.15.3.2
In the Linux kernel, the following vulnerability has been resolved: net/sched: mqprio: fix stack out-of-bounds write in tc entry parsing TCA_MQPRIO_TC_ENTRY_INDEX is validated using NLA_POLICY_MAX(NLA_U32, TC_QOPT_MAX_QUEUE), which allows the value TC_QOPT_MAX_QUEUE (16). This
- CVE-2025-38566Aug 19, 2025affected < 1-150700.15.3.2fixed 1-150700.15.3.2
In the Linux kernel, the following vulnerability has been resolved: sunrpc: fix handling of server side tls alerts Scott Mayhew discovered a security exploit in NFS over TLS in tls_alert_recv() due to its assumption it can read data from the msg iterator's kvec.. kTLS implemen
- CVE-2025-38565Aug 19, 2025affected < 1-150700.15.3.2fixed 1-150700.15.3.2
In the Linux kernel, the following vulnerability has been resolved: perf/core: Exit early on perf_mmap() fail When perf_mmap() fails to allocate a buffer, it still invokes the event_mapped() callback of the related event. On X86 this might increase the perf_rdpmc_allowed refere
- CVE-2025-38563Aug 19, 2025affected < 1-150700.15.3.2fixed 1-150700.15.3.2
In the Linux kernel, the following vulnerability has been resolved: perf/core: Prevent VMA split of buffer mappings The perf mmap code is careful about mmap()'ing the user page with the ringbuffer and additionally the auxiliary buffer, when the event supports it. Once the first
- CVE-2025-38560Aug 19, 2025affected < 1-150700.15.3.2fixed 1-150700.15.3.2
In the Linux kernel, the following vulnerability has been resolved: x86/sev: Evict cache lines during SNP memory validation An SNP cache coherency vulnerability requires a cache line eviction mitigation when validating memory after a page state change to private. The specific m
- CVE-2025-38555Aug 19, 2025affected < 1-150700.15.3.2fixed 1-150700.15.3.2
In the Linux kernel, the following vulnerability has been resolved: usb: gadget : fix use-after-free in composite_dev_cleanup() 1. In func configfs_composite_bind() -> composite_os_desc_req_prepare(): if kmalloc fails, the pointer cdev->os_desc_req will be freed but not set to
- CVE-2025-38553Aug 19, 2025affected < 1-150700.15.3.2fixed 1-150700.15.3.2
In the Linux kernel, the following vulnerability has been resolved: net/sched: Restrict conditions for adding duplicating netems to qdisc tree netem_enqueue's duplication prevention logic breaks when a netem resides in a qdisc tree with other netems - this can lead to a soft lo
- CVE-2023-3867Aug 16, 2025affected < 1-150700.15.3.2fixed 1-150700.15.3.2
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix out of bounds read in smb2_sess_setup ksmbd does not consider the case of that smb2 session setup is in compound request. If this is the second payload of the compound, OOB read issue occurs while pr
- CVE-2023-4130Aug 16, 2025affected < 1-150700.15.3.2fixed 1-150700.15.3.2
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix wrong next length validation of ea buffer in smb2_set_ea() There are multiple smb2_ea_info buffers in FILE_FULL_EA_INFORMATION request from client. ksmbd find next smb2_ea_info using ->NextEntryOffse
- CVE-2023-4515Aug 16, 2025affected < 1-150700.15.3.2fixed 1-150700.15.3.2
In the Linux kernel, the following vulnerability has been resolved: ksmbd: validate command request size In commit 2b9b8f3b68ed ("ksmbd: validate command payload size"), except for SMB2_OPLOCK_BREAK_HE command, the request size of other commands is not checked, it's not expecte
- affected < 1-150700.15.3.2fixed 1-150700.15.3.2
In the Linux kernel, the following vulnerability has been resolved: iio: common: st_sensors: Fix use of uninitialize device structs Throughout the various probe functions &indio_dev->dev is used before it is initialized. This caused a kernel panic in st_sensors_power_enable() w
- CVE-2025-38550Aug 16, 2025affected < 1-150700.15.3.2fixed 1-150700.15.3.2
In the Linux kernel, the following vulnerability has been resolved: ipv6: mcast: Delay put pmc->idev in mld_del_delrec() pmc->idev is still used in ip6_mc_clear_src(), so as mld_clear_delrec() does, the reference should be put after ip6_mc_clear_src() return.
- CVE-2025-38548Aug 16, 2025affected < 1-150700.15.3.2fixed 1-150700.15.3.2
In the Linux kernel, the following vulnerability has been resolved: hwmon: (corsair-cpro) Validate the size of the received input buffer Add buffer_recv_size to store the size of the received bytes. Validate buffer_recv_size in send_usb_cmd().
- CVE-2025-38546Aug 16, 2025affected < 1-150700.15.3.2fixed 1-150700.15.3.2
In the Linux kernel, the following vulnerability has been resolved: atm: clip: Fix memory leak of struct clip_vcc. ioctl(ATMARP_MKIP) allocates struct clip_vcc and set it to vcc->user_back. The code assumes that vcc_destroy_socket() passes NULL skb to vcc->push() when the sock
- CVE-2025-38543Aug 16, 2025affected < 1-150700.15.3.2fixed 1-150700.15.3.2
In the Linux kernel, the following vulnerability has been resolved: drm/tegra: nvdec: Fix dma_alloc_coherent error check Check for NULL return value with dma_alloc_coherent, in line with Robin's fix for vic.c in 'drm/tegra: vic: Fix DMA API misuse'.
- CVE-2025-38541Aug 16, 2025affected < 1-150700.15.3.2fixed 1-150700.15.3.2
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7925: Fix null-ptr-deref in mt7925_thermal_init() devm_kasprintf() returns NULL on error. Currently, mt7925_thermal_init() does not check for this case, which results in a NULL pointer dereference
- CVE-2025-38540Aug 16, 2025affected < 1-150700.15.3.2fixed 1-150700.15.3.2
In the Linux kernel, the following vulnerability has been resolved: HID: quirks: Add quirk for 2 Chicony Electronics HP 5MP Cameras The Chicony Electronics HP 5MP Cameras (USB ID 04F2:B824 & 04F2:B82C) report a HID sensor interface that is not actually implemented. Attempting t
- CVE-2025-38538Aug 16, 2025affected < 1-150700.15.3.2fixed 1-150700.15.3.2
In the Linux kernel, the following vulnerability has been resolved: dmaengine: nbpfaxi: Fix memory corruption in probe() The nbpf->chan[] array is allocated earlier in the nbpf_probe() function and it has "num_channels" elements. These three loops iterate one element farther t
- CVE-2025-38537Aug 16, 2025affected < 1-150700.15.3.2fixed 1-150700.15.3.2
In the Linux kernel, the following vulnerability has been resolved: net: phy: Don't register LEDs for genphy If a PHY has no driver, the genphy driver is probed/removed directly in phy_attach/detach. If the PHY's ofnode has an "leds" subnode, then the LEDs will be (un)registere
Page 4 of 7