suse/kernel-obs-build&distro=SUSE Linux Enterprise Module for Development Tools 15 SP7

Vulnerabilities (2,262)

• CVE-2025-38174Jul 4, 2025
  affected < 6.4.0-150700.53.11.1fixed 6.4.0-150700.53.11.1

  In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Do not double dequeue a configuration request Some of our devices crash in tb_cfg_request_dequeue(): general protection fault, probably for non-canonical address 0xdead000000000122 CPU: 6 PID:

• CVE-2025-38124MedJul 3, 2025
  affected < 6.4.0-150700.53.11.1fixed 6.4.0-150700.53.11.1

  In the Linux kernel, the following vulnerability has been resolved: net: fix udp gso skb_segment after pull from frag_list Commit a1e40ac5b5e9 ("net: gso: fix udp gso fraglist segmentation after pull from frag_list") detected invalid geometry in frag_list skbs and redirects the

• CVE-2025-38111HigJul 3, 2025
  affected < 6.4.0-150700.53.11.1fixed 6.4.0-150700.53.11.1

  In the Linux kernel, the following vulnerability has been resolved: net/mdiobus: Fix potential out-of-bounds read/write access When using publicly available tools like 'mdio-tools' to read/write data from/to network interface and its PHY via mdiobus, there is no verification of

• CVE-2025-38100MedJul 3, 2025
  affected < 6.4.0-150700.53.11.1fixed 6.4.0-150700.53.11.1

  In the Linux kernel, the following vulnerability has been resolved: x86/iopl: Cure TIF_IO_BITMAP inconsistencies io_bitmap_exit() is invoked from exit_thread() when a task exists or when a fork fails. In the latter case the exit_thread() cleans up resources which were allocated

• CVE-2025-38173Jul 3, 2025
  affected < 6.4.0-150700.53.11.1fixed 6.4.0-150700.53.11.1

  In the Linux kernel, the following vulnerability has been resolved: crypto: marvell/cesa - Handle zero-length skcipher requests Do not access random memory for zero-length skcipher requests. Just return 0.

• CVE-2025-38166Jul 3, 2025
  affected < 6.4.0-150700.53.11.1fixed 6.4.0-150700.53.11.1

  In the Linux kernel, the following vulnerability has been resolved: bpf: fix ktls panic with sockmap [ 2172.936997] ------------[ cut here ]------------ [ 2172.936999] kernel BUG at lib/iov_iter.c:629! ...... [ 2172.944996] PKRU: 55555554 [ 2172.945155] Call Trace: [ 2172.94529

• CVE-2025-38165Jul 3, 2025
  affected < 6.4.0-150700.53.11.1fixed 6.4.0-150700.53.11.1

  In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix panic when calling skb_linearize The panic can be reproduced by executing the command: ./bench sockmap -c 2 -p 1 -a --rx-verdict-ingress --rx-strp 100000 Then a kernel panic was captured: '''

• CVE-2025-38162Jul 3, 2025
  affected < 6.4.0-150700.53.11.1fixed 6.4.0-150700.53.11.1

  In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo: prevent overflow in lookup table allocation When calculating the lookup table size, ensure the following multiplication does not overflow: - desc->field_len[] maximum value is U8_MAX

• CVE-2025-38161Jul 3, 2025
  affected < 6.4.0-150700.53.11.1fixed 6.4.0-150700.53.11.1

  In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix error flow upon firmware failure for RQ destruction Upon RQ destruction if the firmware command fails which is the last resource to be destroyed some SW resources were already cleaned regardless

• CVE-2025-38160Jul 3, 2025
  affected < 6.4.0-150700.53.16.1fixed 6.4.0-150700.53.16.1

  In the Linux kernel, the following vulnerability has been resolved: clk: bcm: rpi: Add NULL check in raspberrypi_clk_register() devm_kasprintf() returns NULL when memory allocation fails. Currently, raspberrypi_clk_register() does not check for this case, which results in a NUL

• CVE-2025-38159Jul 3, 2025
  affected < 6.4.0-150700.53.11.1fixed 6.4.0-150700.53.11.1

  In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds Set the size to 6 instead of 2, since 'para' array is passed to 'rtw_fw_bt_wifi_control(rtwdev, para[0], &para[1])', which reads 5 bytes:

• CVE-2025-38158Jul 3, 2025
  affected < 6.4.0-150700.53.11.1fixed 6.4.0-150700.53.11.1

  In the Linux kernel, the following vulnerability has been resolved: hisi_acc_vfio_pci: fix XQE dma address error The dma addresses of EQE and AEQE are wrong after migration and results in guest kernel-mode encryption services failure. Comparing the definition of hardware regis

• CVE-2025-38157Jul 3, 2025
  affected < 6.4.0-150700.53.11.1fixed 6.4.0-150700.53.11.1

  In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k_htc: Abort software beacon handling if disabled A malicious USB device can send a WMI_SWBA_EVENTID event from an ath9k_htc-managed device before beaconing has been enabled. This causes a device-by-z

• CVE-2025-38155Jul 3, 2025
  affected < 6.4.0-150700.53.11.1fixed 6.4.0-150700.53.11.1

  In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7915: Fix null-ptr-deref in mt7915_mmio_wed_init() devm_ioremap() returns NULL on error. Currently, mt7915_mmio_wed_init() does not check for this case, which results in a NULL pointer dereference

• CVE-2025-38154Jul 3, 2025
  affected < 6.4.0-150700.53.11.1fixed 6.4.0-150700.53.11.1

  In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Avoid using sk_socket after free when sending The sk->sk_socket is not locked or referenced in backlog thread, and during the call to skb_send_sock(), there is a race condition with the release of

• CVE-2025-38153Jul 3, 2025
  affected < 6.4.0-150700.53.11.1fixed 6.4.0-150700.53.11.1

  In the Linux kernel, the following vulnerability has been resolved: net: usb: aqc111: fix error handling of usbnet read calls Syzkaller, courtesy of syzbot, identified an error (see report [1]) in aqc111 driver, caused by incomplete sanitation of usb read calls' results. This p

• CVE-2025-38151Jul 3, 2025
  affected < 6.4.0-150700.53.11.1fixed 6.4.0-150700.53.11.1

  In the Linux kernel, the following vulnerability has been resolved: RDMA/cma: Fix hang when cma_netevent_callback fails to queue_work The cited commit fixed a crash when cma_netevent_callback was called for a cma_id while work on that id from a previous call had not yet started

• CVE-2025-38149Jul 3, 2025
  affected < 6.4.0-150700.53.11.1fixed 6.4.0-150700.53.11.1

  In the Linux kernel, the following vulnerability has been resolved: net: phy: clear phydev->devlink when the link is deleted There is a potential crash issue when disabling and re-enabling the network port. When disabling the network port, phy_detach() calls device_link_del() t

• CVE-2025-38148Jul 3, 2025
  affected < 6.4.0-150700.53.11.1fixed 6.4.0-150700.53.11.1

  In the Linux kernel, the following vulnerability has been resolved: net: phy: mscc: Fix memory leak when using one step timestamping Fix memory leak when running one-step timestamping. When running one-step sync timestamping, the HW is configured to insert the TX time into the

• CVE-2025-38147Jul 3, 2025
  affected < 6.4.0-150700.53.11.1fixed 6.4.0-150700.53.11.1

  In the Linux kernel, the following vulnerability has been resolved: calipso: Don't call calipso functions for AF_INET sk. syzkaller reported a null-ptr-deref in txopt_get(). [0] The offset 0x70 was of struct ipv6_txoptions in struct ipv6_pinfo, so struct ipv6_pinfo was NULL th