rpm package
suse/kernel-livepatch-SLE15-SP7_Update_5&distro=SUSE Linux Enterprise Live Patching 15 SP7
pkg:rpm/suse/kernel-livepatch-SLE15-SP7_Update_5&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP7
Vulnerabilities (115)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-39677 | — | < 1-150700.15.3.1 | 1-150700.15.3.1 | Sep 5, 2025 | In the Linux kernel, the following vulnerability has been resolved: net/sched: Fix backlog accounting in qdisc_dequeue_internal This issue applies for the following qdiscs: hhf, fq, fq_codel, and fq_pie, and occurs in their change handlers when adjusting to the new limit. The p | ||
| CVE-2025-38721 | Med | 5.5 | < 1-150700.15.3.1 | 1-150700.15.3.1 | Sep 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: fix refcount leak on table dump There is a reference count leak in ctnetlink_dump_table(): if (res < 0) { nf_conntrack_get(&ct->ct_general); // HERE c | |
| CVE-2025-38710 | Med | 5.5 | < 1-150700.15.3.1 | 1-150700.15.3.1 | Sep 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: gfs2: Validate i_depth for exhash directories A fuzzer test introduced corruption that ends up with a depth of 0 in dir_e_read(), causing an undefined shift by 32 at: index = hash >> (32 - dip->i_depth); As | |
| CVE-2025-38701 | Med | 5.5 | < 1-150700.15.3.1 | 1-150700.15.3.1 | Sep 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr A syzbot fuzzed image triggered a BUG_ON in ext4_update_inline_data() when an inode had the INLINE_DATA_FL flag set but was missing the system.data e | |
| CVE-2025-38684 | Med | 5.5 | < 1-150700.15.3.1 | 1-150700.15.3.1 | Sep 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: net/sched: ets: use old 'nbands' while purging unused classes Shuang reported sch_ets test-case [1] crashing in ets_class_qlen_notify() after recent changes from Lion [2]. The problem is: in ets_qdisc_change() | |
| CVE-2025-38679 | Hig | 7.1 | < 1-150700.15.3.1 | 1-150700.15.3.1 | Sep 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: media: venus: Fix OOB read due to missing payload bound check Currently, The event_seq_changed() handler processes a variable number of properties sent by the firmware. The number of properties is indicated by | |
| CVE-2025-38730 | — | < 1-150700.15.3.1 | 1-150700.15.3.1 | Sep 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: io_uring/net: commit partial buffers on retry Ring provided buffers are potentially only valid within the single execution context in which they were acquired. io_uring deals with this and invalidates them on r | ||
| CVE-2025-38722 | — | < 1-150700.15.3.1 | 1-150700.15.3.1 | Sep 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: habanalabs: fix UAF in export_dmabuf() As soon as we'd inserted a file reference into descriptor table, another thread could close it. That's fine for the case when all we are doing is returning that descripto | ||
| CVE-2025-38709 | — | < 1-150700.15.3.1 | 1-150700.15.3.1 | Sep 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: loop: Avoid updating block size under exclusive owner Syzbot came up with a reproducer where a loop device block size is changed underneath a mounted filesystem. This causes a mismatch between the block device | ||
| CVE-2025-38705 | — | < 1-150700.15.3.1 | 1-150700.15.3.1 | Sep 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: fix null pointer access Writing a string without delimiters (' ', '\n', '\0') to the under gpu_od/fan_ctrl sysfs or pp_power_profile_mode for the CUSTOM profile will result in a null pointer derefer | ||
| CVE-2025-38703 | — | < 1-150700.15.3.1 | 1-150700.15.3.1 | Sep 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: drm/xe: Make dma-fences compliant with the safe access rules Xe can free some of the data pointed to by the dma-fences it exports. Most notably the timeline name can get freed if userspace closes the associated | ||
| CVE-2025-38678 | — | < 1-150700.15.3.1 | 1-150700.15.3.1 | Sep 3, 2025 | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: reject duplicate device on updates A chain/flowtable update with duplicated devices in the same batch is possible. Unfortunately, netdev event path only removes the first device that is fo | ||
| CVE-2025-38676 | Hig | 7.8 | < 1-150700.15.3.1 | 1-150700.15.3.1 | Aug 26, 2025 | In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Avoid stack buffer overflow from kernel cmdline While the kernel command line is considered trusted in most environments, avoid writing 1 byte past the end of "acpiid" if the "str" argument is maximu | |
| CVE-2025-38668 | — | < 1-150700.15.3.1 | 1-150700.15.3.1 | Aug 22, 2025 | In the Linux kernel, the following vulnerability has been resolved: regulator: core: fix NULL dereference on unbind due to stale coupling data Failing to reset coupling_desc.n_coupled after freeing coupled_rdevs can lead to NULL pointer dereference when regulators are accessed | ||
| CVE-2025-38664 | — | < 1-150700.15.3.1 | 1-150700.15.3.1 | Aug 22, 2025 | In the Linux kernel, the following vulnerability has been resolved: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() Add check for the return value of devm_kmemdup() to prevent potential null pointer dereference. | ||
| CVE-2025-38660 | — | < 1-150700.15.3.1 | 1-150700.15.3.1 | Aug 22, 2025 | In the Linux kernel, the following vulnerability has been resolved: [ceph] parse_longname(): strrchr() expects NUL-terminated string ... and parse_longname() is not guaranteed that. That's the reason why it uses kmemdup_nul() to build the argument for kstrtou64(); the problem | ||
| CVE-2025-38659 | — | < 1-150700.15.3.1 | 1-150700.15.3.1 | Aug 22, 2025 | In the Linux kernel, the following vulnerability has been resolved: gfs2: No more self recovery When a node withdraws and it turns out that it is the only node that has the filesystem mounted, gfs2 currently tries to replay the local journal to bring the filesystem back into a | ||
| CVE-2025-38645 | — | < 1-150700.15.3.1 | 1-150700.15.3.1 | Aug 22, 2025 | In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Check device memory pointer before usage Add a NULL check before accessing device memory to prevent a crash if dev->dm allocation in mlx5_init_once() fails. | ||
| CVE-2025-38643 | — | < 1-150700.15.3.1 | 1-150700.15.3.1 | Aug 22, 2025 | In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: Add missing lock in cfg80211_check_and_end_cac() Callers of wdev_chandef() must hold the wiphy mutex. But the worker cfg80211_propagate_cac_done_wk() never takes the lock. Which triggers the wa | ||
| CVE-2025-38640 | — | < 1-150700.15.3.1 | 1-150700.15.3.1 | Aug 22, 2025 | In the Linux kernel, the following vulnerability has been resolved: bpf: Disable migration in nf_hook_run_bpf(). syzbot reported that the netfilter bpf prog can be called without migration disabled in xmit path. Then the assertion in __bpf_prog_run() fails, triggering the spla |
- CVE-2025-39677Sep 5, 2025affected < 1-150700.15.3.1fixed 1-150700.15.3.1
In the Linux kernel, the following vulnerability has been resolved: net/sched: Fix backlog accounting in qdisc_dequeue_internal This issue applies for the following qdiscs: hhf, fq, fq_codel, and fq_pie, and occurs in their change handlers when adjusting to the new limit. The p
- affected < 1-150700.15.3.1fixed 1-150700.15.3.1
In the Linux kernel, the following vulnerability has been resolved: netfilter: ctnetlink: fix refcount leak on table dump There is a reference count leak in ctnetlink_dump_table(): if (res < 0) { nf_conntrack_get(&ct->ct_general); // HERE c
- affected < 1-150700.15.3.1fixed 1-150700.15.3.1
In the Linux kernel, the following vulnerability has been resolved: gfs2: Validate i_depth for exhash directories A fuzzer test introduced corruption that ends up with a depth of 0 in dir_e_read(), causing an undefined shift by 32 at: index = hash >> (32 - dip->i_depth); As
- affected < 1-150700.15.3.1fixed 1-150700.15.3.1
In the Linux kernel, the following vulnerability has been resolved: ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr A syzbot fuzzed image triggered a BUG_ON in ext4_update_inline_data() when an inode had the INLINE_DATA_FL flag set but was missing the system.data e
- affected < 1-150700.15.3.1fixed 1-150700.15.3.1
In the Linux kernel, the following vulnerability has been resolved: net/sched: ets: use old 'nbands' while purging unused classes Shuang reported sch_ets test-case [1] crashing in ets_class_qlen_notify() after recent changes from Lion [2]. The problem is: in ets_qdisc_change()
- affected < 1-150700.15.3.1fixed 1-150700.15.3.1
In the Linux kernel, the following vulnerability has been resolved: media: venus: Fix OOB read due to missing payload bound check Currently, The event_seq_changed() handler processes a variable number of properties sent by the firmware. The number of properties is indicated by
- CVE-2025-38730Sep 4, 2025affected < 1-150700.15.3.1fixed 1-150700.15.3.1
In the Linux kernel, the following vulnerability has been resolved: io_uring/net: commit partial buffers on retry Ring provided buffers are potentially only valid within the single execution context in which they were acquired. io_uring deals with this and invalidates them on r
- CVE-2025-38722Sep 4, 2025affected < 1-150700.15.3.1fixed 1-150700.15.3.1
In the Linux kernel, the following vulnerability has been resolved: habanalabs: fix UAF in export_dmabuf() As soon as we'd inserted a file reference into descriptor table, another thread could close it. That's fine for the case when all we are doing is returning that descripto
- CVE-2025-38709Sep 4, 2025affected < 1-150700.15.3.1fixed 1-150700.15.3.1
In the Linux kernel, the following vulnerability has been resolved: loop: Avoid updating block size under exclusive owner Syzbot came up with a reproducer where a loop device block size is changed underneath a mounted filesystem. This causes a mismatch between the block device
- CVE-2025-38705Sep 4, 2025affected < 1-150700.15.3.1fixed 1-150700.15.3.1
In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: fix null pointer access Writing a string without delimiters (' ', '\n', '\0') to the under gpu_od/fan_ctrl sysfs or pp_power_profile_mode for the CUSTOM profile will result in a null pointer derefer
- CVE-2025-38703Sep 4, 2025affected < 1-150700.15.3.1fixed 1-150700.15.3.1
In the Linux kernel, the following vulnerability has been resolved: drm/xe: Make dma-fences compliant with the safe access rules Xe can free some of the data pointed to by the dma-fences it exports. Most notably the timeline name can get freed if userspace closes the associated
- CVE-2025-38678Sep 3, 2025affected < 1-150700.15.3.1fixed 1-150700.15.3.1
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: reject duplicate device on updates A chain/flowtable update with duplicated devices in the same batch is possible. Unfortunately, netdev event path only removes the first device that is fo
- affected < 1-150700.15.3.1fixed 1-150700.15.3.1
In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Avoid stack buffer overflow from kernel cmdline While the kernel command line is considered trusted in most environments, avoid writing 1 byte past the end of "acpiid" if the "str" argument is maximu
- CVE-2025-38668Aug 22, 2025affected < 1-150700.15.3.1fixed 1-150700.15.3.1
In the Linux kernel, the following vulnerability has been resolved: regulator: core: fix NULL dereference on unbind due to stale coupling data Failing to reset coupling_desc.n_coupled after freeing coupled_rdevs can lead to NULL pointer dereference when regulators are accessed
- CVE-2025-38664Aug 22, 2025affected < 1-150700.15.3.1fixed 1-150700.15.3.1
In the Linux kernel, the following vulnerability has been resolved: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() Add check for the return value of devm_kmemdup() to prevent potential null pointer dereference.
- CVE-2025-38660Aug 22, 2025affected < 1-150700.15.3.1fixed 1-150700.15.3.1
In the Linux kernel, the following vulnerability has been resolved: [ceph] parse_longname(): strrchr() expects NUL-terminated string ... and parse_longname() is not guaranteed that. That's the reason why it uses kmemdup_nul() to build the argument for kstrtou64(); the problem
- CVE-2025-38659Aug 22, 2025affected < 1-150700.15.3.1fixed 1-150700.15.3.1
In the Linux kernel, the following vulnerability has been resolved: gfs2: No more self recovery When a node withdraws and it turns out that it is the only node that has the filesystem mounted, gfs2 currently tries to replay the local journal to bring the filesystem back into a
- CVE-2025-38645Aug 22, 2025affected < 1-150700.15.3.1fixed 1-150700.15.3.1
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Check device memory pointer before usage Add a NULL check before accessing device memory to prevent a crash if dev->dm allocation in mlx5_init_once() fails.
- CVE-2025-38643Aug 22, 2025affected < 1-150700.15.3.1fixed 1-150700.15.3.1
In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: Add missing lock in cfg80211_check_and_end_cac() Callers of wdev_chandef() must hold the wiphy mutex. But the worker cfg80211_propagate_cac_done_wk() never takes the lock. Which triggers the wa
- CVE-2025-38640Aug 22, 2025affected < 1-150700.15.3.1fixed 1-150700.15.3.1
In the Linux kernel, the following vulnerability has been resolved: bpf: Disable migration in nf_hook_run_bpf(). syzbot reported that the netfilter bpf prog can be called without migration disabled in xmit path. Then the assertion in __bpf_prog_run() fails, triggering the spla
Page 4 of 6