rpm package
suse/kernel-livepatch-SLE15-SP7_Update_6&distro=SUSE Linux Enterprise Live Patching 15 SP7
pkg:rpm/suse/kernel-livepatch-SLE15-SP7_Update_6&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP7
Vulnerabilities (465)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-39684 | Med | 5.5 | < 1-150700.15.3.1 | 1-150700.15.3.1 | Sep 5, 2025 | In the Linux kernel, the following vulnerability has been resolved: comedi: Fix use of uninitialized memory in do_insn_ioctl() and do_insnlist_ioctl() syzbot reports a KMSAN kernel-infoleak in `do_insn_ioctl()`. A kernel buffer is allocated to hold `insn->n` samples (each of w | |
| CVE-2025-39683 | Hig | 7.1 | < 1-150700.15.3.1 | 1-150700.15.3.1 | Sep 5, 2025 | In the Linux kernel, the following vulnerability has been resolved: tracing: Limit access to parser->buffer when trace_get_user failed When the length of the string written to set_ftrace_filter exceeds FTRACE_BUFF_MAX, the following KASAN alarm will be triggered: BUG: KASAN: s | |
| CVE-2025-39679 | Med | 5.5 | < 1-150700.15.3.1 | 1-150700.15.3.1 | Sep 5, 2025 | In the Linux kernel, the following vulnerability has been resolved: drm/nouveau/nvif: Fix potential memory leak in nvif_vmm_ctor(). When the nvif_vmm_type is invalid, we will return error directly without freeing the args in nvif_vmm_ctor(), which leading a memory leak. Fix it | |
| CVE-2025-39676 | Med | 5.5 | < 1-150700.15.3.1 | 1-150700.15.3.1 | Sep 5, 2025 | In the Linux kernel, the following vulnerability has been resolved: scsi: qla4xxx: Prevent a potential error pointer dereference The qla4xxx_get_ep_fwdb() function is supposed to return NULL on error, but qla4xxx_ep_connect() returns error pointers. Propagating the error point | |
| CVE-2025-39675 | Med | 5.5 | < 1-150700.15.3.1 | 1-150700.15.3.1 | Sep 5, 2025 | In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add null pointer check in mod_hdcp_hdcp1_create_session() The function mod_hdcp_hdcp1_create_session() calls the function get_first_active_display(), but does not check its return value. The re | |
| CVE-2025-39673 | Med | 4.7 | < 1-150700.15.3.1 | 1-150700.15.3.1 | Sep 5, 2025 | In the Linux kernel, the following vulnerability has been resolved: ppp: fix race conditions in ppp_fill_forward_path ppp_fill_forward_path() has two race conditions: 1. The ppp->channels list can change between list_empty() and list_first_entry(), as ppp_lock() is not held | |
| CVE-2025-38736 | Hig | 7.1 | < 1-150700.15.3.1 | 1-150700.15.3.1 | Sep 5, 2025 | In the Linux kernel, the following vulnerability has been resolved: net: usb: asix_devices: Fix PHY address mask in MDIO bus initialization Syzbot reported shift-out-of-bounds exception on MDIO bus initialization. The PHY address should be masked to 5 bits (0-31). Without this | |
| CVE-2025-38735 | Med | 5.5 | < 1-150700.15.3.1 | 1-150700.15.3.1 | Sep 5, 2025 | In the Linux kernel, the following vulnerability has been resolved: gve: prevent ethtool ops after shutdown A crash can occur if an ethtool operation is invoked after shutdown() is called. shutdown() is invoked during system shutdown to stop DMA operations without performing e | |
| CVE-2025-38734 | Hig | 7.8 | < 1-150700.15.3.1 | 1-150700.15.3.1 | Sep 5, 2025 | In the Linux kernel, the following vulnerability has been resolved: net/smc: fix UAF on smcsk after smc_listen_out() BPF CI testing report a UAF issue: [ 16.446633] BUG: kernel NULL pointer dereference, address: 000000000000003 0 [ 16.447134] #PF: supervisor read acce | |
| CVE-2025-38729 | Hig | 7.8 | < 1-150700.15.3.1 | 1-150700.15.3.1 | Sep 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Validate UAC3 power domain descriptors, too UAC3 power domain descriptors need to be verified with its variable bLength for avoiding the unexpected OOB accesses by malicious firmware, too. | |
| CVE-2025-38727 | Med | 5.5 | < 1-150700.15.3.1 | 1-150700.15.3.1 | Sep 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: netlink: avoid infinite retry looping in netlink_unicast() netlink_attachskb() checks for the socket's read memory allocation constraints. Firstly, it has: rmem < READ_ONCE(sk->sk_rcvbuf) to check if the ju | |
| CVE-2025-38725 | Med | 5.5 | < 1-150700.15.3.1 | 1-150700.15.3.1 | Sep 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: net: usb: asix_devices: add phy_mask for ax88772 mdio bus Without setting phy_mask for ax88772 mdio bus, current driver may create at most 32 mdio phy devices with phy address range from 0x00 ~ 0x1f. DLink DUB- | |
| CVE-2025-38724 | Hig | 7.8 | < 1-150700.15.3.1 | 1-150700.15.3.1 | Sep 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() Lei Lu recently reported that nfsd4_setclientid_confirm() did not check the return value from get_client_locked(). a SETCLIENTID_CONFIRM c | |
| CVE-2025-38718 | Hig | 7.8 | < 1-150700.15.3.1 | 1-150700.15.3.1 | Sep 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: sctp: linearize cloned gso packets in sctp_rcv A cloned head skb still shares these frag skbs in fraglist with the original head skb. It's not safe to access these frag skbs. syzbot reported two use-of-uniniti | |
| CVE-2025-38715 | Hig | 7.1 | < 1-150700.15.3.1 | 1-150700.15.3.1 | Sep 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: hfs: fix slab-out-of-bounds in hfs_bnode_read() This patch introduces is_bnode_offset_valid() method that checks the requested offset value. Also, it introduces check_and_correct_requested_length() method that | |
| CVE-2025-38714 | Hig | 7.1 | < 1-150700.15.3.1 | 1-150700.15.3.1 | Sep 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix slab-out-of-bounds in hfsplus_bnode_read() The hfsplus_bnode_read() method can trigger the issue: [ 174.852007][ T9784] ================================================================== [ 174.8 | |
| CVE-2025-38713 | Hig | 7.1 | < 1-150700.15.3.1 | 1-150700.15.3.1 | Sep 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() The hfsplus_readdir() method is capable to crash by calling hfsplus_uni2asc(): [ 667.121659][ T9805] ================================================= | |
| CVE-2025-38712 | Med | 5.5 | < 1-150700.15.3.1 | 1-150700.15.3.1 | Sep 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: hfsplus: don't use BUG_ON() in hfsplus_create_attributes_file() When the volume header contains erroneous values that do not reflect the actual state of the filesystem, hfsplus_fill_super() assumes that the att | |
| CVE-2025-38706 | Med | 5.5 | < 1-150700.15.3.1 | 1-150700.15.3.1 | Sep 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: ASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime() snd_soc_remove_pcm_runtime() might be called with rtd == NULL which will leads to null pointer dereference. This was reproduced with topology lo | |
| CVE-2025-38702 | Hig | 7.8 | < 1-150700.15.3.1 | 1-150700.15.3.1 | Sep 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: fbdev: fix potential buffer overflow in do_register_framebuffer() The current implementation may lead to buffer overflow when: 1. Unregistration creates NULL gaps in registered_fb[] 2. All array slots become |
- affected < 1-150700.15.3.1fixed 1-150700.15.3.1
In the Linux kernel, the following vulnerability has been resolved: comedi: Fix use of uninitialized memory in do_insn_ioctl() and do_insnlist_ioctl() syzbot reports a KMSAN kernel-infoleak in `do_insn_ioctl()`. A kernel buffer is allocated to hold `insn->n` samples (each of w
- affected < 1-150700.15.3.1fixed 1-150700.15.3.1
In the Linux kernel, the following vulnerability has been resolved: tracing: Limit access to parser->buffer when trace_get_user failed When the length of the string written to set_ftrace_filter exceeds FTRACE_BUFF_MAX, the following KASAN alarm will be triggered: BUG: KASAN: s
- affected < 1-150700.15.3.1fixed 1-150700.15.3.1
In the Linux kernel, the following vulnerability has been resolved: drm/nouveau/nvif: Fix potential memory leak in nvif_vmm_ctor(). When the nvif_vmm_type is invalid, we will return error directly without freeing the args in nvif_vmm_ctor(), which leading a memory leak. Fix it
- affected < 1-150700.15.3.1fixed 1-150700.15.3.1
In the Linux kernel, the following vulnerability has been resolved: scsi: qla4xxx: Prevent a potential error pointer dereference The qla4xxx_get_ep_fwdb() function is supposed to return NULL on error, but qla4xxx_ep_connect() returns error pointers. Propagating the error point
- affected < 1-150700.15.3.1fixed 1-150700.15.3.1
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add null pointer check in mod_hdcp_hdcp1_create_session() The function mod_hdcp_hdcp1_create_session() calls the function get_first_active_display(), but does not check its return value. The re
- affected < 1-150700.15.3.1fixed 1-150700.15.3.1
In the Linux kernel, the following vulnerability has been resolved: ppp: fix race conditions in ppp_fill_forward_path ppp_fill_forward_path() has two race conditions: 1. The ppp->channels list can change between list_empty() and list_first_entry(), as ppp_lock() is not held
- affected < 1-150700.15.3.1fixed 1-150700.15.3.1
In the Linux kernel, the following vulnerability has been resolved: net: usb: asix_devices: Fix PHY address mask in MDIO bus initialization Syzbot reported shift-out-of-bounds exception on MDIO bus initialization. The PHY address should be masked to 5 bits (0-31). Without this
- affected < 1-150700.15.3.1fixed 1-150700.15.3.1
In the Linux kernel, the following vulnerability has been resolved: gve: prevent ethtool ops after shutdown A crash can occur if an ethtool operation is invoked after shutdown() is called. shutdown() is invoked during system shutdown to stop DMA operations without performing e
- affected < 1-150700.15.3.1fixed 1-150700.15.3.1
In the Linux kernel, the following vulnerability has been resolved: net/smc: fix UAF on smcsk after smc_listen_out() BPF CI testing report a UAF issue: [ 16.446633] BUG: kernel NULL pointer dereference, address: 000000000000003 0 [ 16.447134] #PF: supervisor read acce
- affected < 1-150700.15.3.1fixed 1-150700.15.3.1
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Validate UAC3 power domain descriptors, too UAC3 power domain descriptors need to be verified with its variable bLength for avoiding the unexpected OOB accesses by malicious firmware, too.
- affected < 1-150700.15.3.1fixed 1-150700.15.3.1
In the Linux kernel, the following vulnerability has been resolved: netlink: avoid infinite retry looping in netlink_unicast() netlink_attachskb() checks for the socket's read memory allocation constraints. Firstly, it has: rmem < READ_ONCE(sk->sk_rcvbuf) to check if the ju
- affected < 1-150700.15.3.1fixed 1-150700.15.3.1
In the Linux kernel, the following vulnerability has been resolved: net: usb: asix_devices: add phy_mask for ax88772 mdio bus Without setting phy_mask for ax88772 mdio bus, current driver may create at most 32 mdio phy devices with phy address range from 0x00 ~ 0x1f. DLink DUB-
- affected < 1-150700.15.3.1fixed 1-150700.15.3.1
In the Linux kernel, the following vulnerability has been resolved: nfsd: handle get_client_locked() failure in nfsd4_setclientid_confirm() Lei Lu recently reported that nfsd4_setclientid_confirm() did not check the return value from get_client_locked(). a SETCLIENTID_CONFIRM c
- affected < 1-150700.15.3.1fixed 1-150700.15.3.1
In the Linux kernel, the following vulnerability has been resolved: sctp: linearize cloned gso packets in sctp_rcv A cloned head skb still shares these frag skbs in fraglist with the original head skb. It's not safe to access these frag skbs. syzbot reported two use-of-uniniti
- affected < 1-150700.15.3.1fixed 1-150700.15.3.1
In the Linux kernel, the following vulnerability has been resolved: hfs: fix slab-out-of-bounds in hfs_bnode_read() This patch introduces is_bnode_offset_valid() method that checks the requested offset value. Also, it introduces check_and_correct_requested_length() method that
- affected < 1-150700.15.3.1fixed 1-150700.15.3.1
In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix slab-out-of-bounds in hfsplus_bnode_read() The hfsplus_bnode_read() method can trigger the issue: [ 174.852007][ T9784] ================================================================== [ 174.8
- affected < 1-150700.15.3.1fixed 1-150700.15.3.1
In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() The hfsplus_readdir() method is capable to crash by calling hfsplus_uni2asc(): [ 667.121659][ T9805] =================================================
- affected < 1-150700.15.3.1fixed 1-150700.15.3.1
In the Linux kernel, the following vulnerability has been resolved: hfsplus: don't use BUG_ON() in hfsplus_create_attributes_file() When the volume header contains erroneous values that do not reflect the actual state of the filesystem, hfsplus_fill_super() assumes that the att
- affected < 1-150700.15.3.1fixed 1-150700.15.3.1
In the Linux kernel, the following vulnerability has been resolved: ASoC: core: Check for rtd == NULL in snd_soc_remove_pcm_runtime() snd_soc_remove_pcm_runtime() might be called with rtd == NULL which will leads to null pointer dereference. This was reproduced with topology lo
- affected < 1-150700.15.3.1fixed 1-150700.15.3.1
In the Linux kernel, the following vulnerability has been resolved: fbdev: fix potential buffer overflow in do_register_framebuffer() The current implementation may lead to buffer overflow when: 1. Unregistration creates NULL gaps in registered_fb[] 2. All array slots become
Page 22 of 24