suse/kernel-obs-build&distro=SUSE Linux Enterprise Module for Development Tools 15 SP7

Vulnerabilities (2,262)

• CVE-2025-38488Jul 28, 2025
  affected < 6.4.0-150700.53.19.1fixed 6.4.0-150700.53.19.1

  In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free in crypt_message when using async crypto The CVE-2024-50047 fix removed asynchronous crypto handling from crypt_message(), assuming all crypto operations are synchronous. However

• CVE-2025-38487Jul 28, 2025
  affected < 6.4.0-150700.53.11.1fixed 6.4.0-150700.53.11.1

  In the Linux kernel, the following vulnerability has been resolved: soc: aspeed: lpc-snoop: Don't disable channels that aren't enabled Mitigate e.g. the following: # echo 1e789080.lpc-snoop > /sys/bus/platform/drivers/aspeed-lpc-snoop/unbind ... [ 120.363594] Unab

• CVE-2025-38485Jul 28, 2025
  affected < 6.4.0-150700.53.11.1fixed 6.4.0-150700.53.11.1

  In the Linux kernel, the following vulnerability has been resolved: iio: accel: fxls8962af: Fix use after free in fxls8962af_fifo_flush fxls8962af_fifo_flush() uses indio_dev->active_scan_mask (with iio_for_each_active_channel()) without making sure the indio_dev stays in buffe

• CVE-2025-38483Jul 28, 2025
  affected < 6.4.0-150700.53.11.1fixed 6.4.0-150700.53.11.1

  In the Linux kernel, the following vulnerability has been resolved: comedi: das16m1: Fix bit shift out of bounds When checking for a supported IRQ number, the following test is used: /* only irqs 2, 3, 4, 5, 6, 7, 10, 11, 12, 14, and 15 are valid */ if ((1 << it->options[1])

• CVE-2025-38482Jul 28, 2025
  affected < 6.4.0-150700.53.11.1fixed 6.4.0-150700.53.11.1

  In the Linux kernel, the following vulnerability has been resolved: comedi: das6402: Fix bit shift out of bounds When checking for a supported IRQ number, the following test is used: /* IRQs 2,3,5,6,7, 10,11,15 are valid for "enhanced" mode */ if ((1 << it->options[1]) & 0x8

• CVE-2025-38481Jul 28, 2025
  affected < 6.4.0-150700.53.11.1fixed 6.4.0-150700.53.11.1

  In the Linux kernel, the following vulnerability has been resolved: comedi: Fail COMEDI_INSNLIST ioctl if n_insns is too large The handling of the `COMEDI_INSNLIST` ioctl allocates a kernel buffer to hold the array of `struct comedi_insn`, getting the length from the `n_insns`

• CVE-2025-38480Jul 28, 2025
  affected < 6.4.0-150700.53.11.1fixed 6.4.0-150700.53.11.1

  In the Linux kernel, the following vulnerability has been resolved: comedi: Fix use of uninitialized data in insn_rw_emulate_bits() For Comedi `INSN_READ` and `INSN_WRITE` instructions on "digital" subdevices (subdevice types `COMEDI_SUBD_DI`, `COMEDI_SUBD_DO`, and `COMEDI_SUBD

• CVE-2025-38478Jul 28, 2025
  affected < 6.4.0-150700.53.11.1fixed 6.4.0-150700.53.11.1

  In the Linux kernel, the following vulnerability has been resolved: comedi: Fix initialization of data for instructions that write to subdevice Some Comedi subdevice instruction handlers are known to access instruction data elements beyond the first `insn->n` elements in some c

• CVE-2025-38476Jul 28, 2025
  affected < 6.4.0-150700.53.11.1fixed 6.4.0-150700.53.11.1

  In the Linux kernel, the following vulnerability has been resolved: rpl: Fix use-after-free in rpl_do_srh_inline(). Running lwt_dst_cache_ref_loop.sh in selftest with KASAN triggers the splat below [0]. rpl_do_srh_inline() fetches ipv6_hdr(skb) and accesses it after skb_cow_he

• CVE-2025-38475Jul 28, 2025
  affected < 6.4.0-150700.53.11.1fixed 6.4.0-150700.53.11.1

  In the Linux kernel, the following vulnerability has been resolved: smc: Fix various oops due to inet_sock type confusion. syzbot reported weird splats [0][1] in cipso_v4_sock_setattr() while freeing inet_sk(sk)->inet_opt. The address was freed multiple times even though it wa

• CVE-2025-38474Jul 28, 2025
  affected < 6.4.0-150700.53.11.1fixed 6.4.0-150700.53.11.1

  In the Linux kernel, the following vulnerability has been resolved: usb: net: sierra: check for no status endpoint The driver checks for having three endpoints and having bulk in and out endpoints, but not that the third endpoint is interrupt input. Rectify the omission.

• CVE-2025-38473Jul 28, 2025
  affected < 6.4.0-150700.53.11.1fixed 6.4.0-150700.53.11.1

  In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix null-ptr-deref in l2cap_sock_resume_cb() syzbot reported null-ptr-deref in l2cap_sock_resume_cb(). [0] l2cap_sock_resume_cb() has a similar problem that was fixed by commit 1bff51ea59a9 ("Blueto

• CVE-2025-38472Jul 28, 2025
  affected < 6.4.0-150700.53.16.1fixed 6.4.0-150700.53.16.1

  In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conntrack: fix crash due to removal of uninitialised entry A crash in conntrack was reported while trying to unlink the conntrack entry from the hash bucket list: [exception RIP: __nf_ct_delet

• CVE-2025-38466MedJul 25, 2025
  affected < 6.4.0-150700.53.19.1fixed 6.4.0-150700.53.19.1

  In the Linux kernel, the following vulnerability has been resolved: perf: Revert to requiring CAP_SYS_ADMIN for uprobes Jann reports that uprobes can be used destructively when used in the middle of an instruction. The kernel only verifies there is a valid instruction at the re

• CVE-2025-38465MedJul 25, 2025
  affected < 6.4.0-150700.53.11.1fixed 6.4.0-150700.53.11.1

  In the Linux kernel, the following vulnerability has been resolved: netlink: Fix wraparounds of sk->sk_rmem_alloc. Netlink has this pattern in some places if (atomic_read(&sk->sk_rmem_alloc) > sk->sk_rcvbuf) atomic_add(skb->truesize, &sk->sk_rmem_alloc); , which has the

• CVE-2025-38457MedJul 25, 2025
  affected < 6.4.0-150700.53.11.1fixed 6.4.0-150700.53.11.1

  In the Linux kernel, the following vulnerability has been resolved: net/sched: Abort __tc_modify_qdisc if parent class does not exist Lion's patch [1] revealed an ancient bug in the qdisc API. Whenever a user creates/modifies a qdisc specifying as a parent another qdisc, the qd

• CVE-2025-38467Jul 25, 2025
  affected < 6.4.0-150700.53.11.1fixed 6.4.0-150700.53.11.1

  In the Linux kernel, the following vulnerability has been resolved: drm/exynos: exynos7_drm_decon: add vblank check in IRQ handling If there's support for another console device (such as a TTY serial), the kernel occasionally panics during boot. The panic message and a relevant

• CVE-2025-38464Jul 25, 2025
  affected < 6.4.0-150700.53.16.1fixed 6.4.0-150700.53.16.1

  In the Linux kernel, the following vulnerability has been resolved: tipc: Fix use-after-free in tipc_conn_close(). syzbot reported a null-ptr-deref in tipc_conn_close() during netns dismantle. [0] tipc_topsrv_stop() iterates tipc_net(net)->topsrv->conn_idr and calls tipc_conn_

• CVE-2025-38463Jul 25, 2025
  affected < 6.4.0-150700.53.11.1fixed 6.4.0-150700.53.11.1

  In the Linux kernel, the following vulnerability has been resolved: tcp: Correct signedness in skb remaining space calculation Syzkaller reported a bug [1] where sk->sk_forward_alloc can overflow. When we send data, if an skb exists at the tail of the write queue, the kernel w

• CVE-2025-38462Jul 25, 2025
  affected < 6.4.0-150700.53.11.1fixed 6.4.0-150700.53.11.1

  In the Linux kernel, the following vulnerability has been resolved: vsock: Fix transport_{g2h,h2g} TOCTOU vsock_find_cid() and vsock_dev_do_ioctl() may race with module unload. transport_{g2h,h2g} may become NULL after the NULL check. Introduce vsock_transport_local_cid() to p