suse/kernel-rt&distro=SUSE Linux Enterprise Micro 5.3

Vulnerabilities (2,986)

• CVE-2025-38684MedSep 4, 2025
  affected < 5.14.21-150400.15.145.1fixed 5.14.21-150400.15.145.1

  In the Linux kernel, the following vulnerability has been resolved: net/sched: ets: use old 'nbands' while purging unused classes Shuang reported sch_ets test-case [1] crashing in ets_class_qlen_notify() after recent changes from Lion [2]. The problem is: in ets_qdisc_change()

• CVE-2025-38678Sep 3, 2025
  affected < 5.14.21-150400.15.133.1fixed 5.14.21-150400.15.133.1

  In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: reject duplicate device on updates A chain/flowtable update with duplicated devices in the same batch is possible. Unfortunately, netdev event path only removes the first device that is fo

• CVE-2024-58240HigAug 28, 2025
  affected < 5.14.21-150400.15.133.1fixed 5.14.21-150400.15.133.1

  In the Linux kernel, the following vulnerability has been resolved: tls: separate no-async decryption request handling from async If we're not doing async, the handling is much simpler. There's no reference counting, we just need to wait for the completion to wake us up and ret

• CVE-2025-38659MedAug 22, 2025
  affected < 5.14.21-150400.15.133.1fixed 5.14.21-150400.15.133.1

  In the Linux kernel, the following vulnerability has been resolved: gfs2: No more self recovery When a node withdraws and it turns out that it is the only node that has the filesystem mounted, gfs2 currently tries to replay the local journal to bring the filesystem back into a

• CVE-2025-38664Aug 22, 2025
  affected < 5.14.21-150400.15.133.1fixed 5.14.21-150400.15.133.1

  In the Linux kernel, the following vulnerability has been resolved: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() Add check for the return value of devm_kmemdup() to prevent potential null pointer dereference.

• CVE-2025-38644Aug 22, 2025
  affected < 5.14.21-150400.15.130.1fixed 5.14.21-150400.15.130.1

  In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: reject TDLS operations when station is not associated syzbot triggered a WARN in ieee80211_tdls_oper() by sending NL80211_TDLS_ENABLE_LINK immediately after NL80211_CMD_CONNECT, before associati

• CVE-2025-38618Aug 22, 2025
  affected < 5.14.21-150400.15.130.1fixed 5.14.21-150400.15.130.1

  In the Linux kernel, the following vulnerability has been resolved: vsock: Do not allow binding to VMADDR_PORT_ANY It is possible for a vsock to autobind to VMADDR_PORT_ANY. This can cause a use-after-free when a connection is made to the bound socket. The socket returned by ac

• CVE-2025-38617Aug 22, 2025
  affected < 5.14.21-150400.15.130.1fixed 5.14.21-150400.15.130.1

  In the Linux kernel, the following vulnerability has been resolved: net/packet: fix a race in packet_set_ring() and packet_notifier() When packet_set_ring() releases po->bind_lock, another thread can run packet_notifier() and process an NETDEV_UP event. This race and the fix a

• CVE-2024-58239Aug 22, 2025
  affected < 5.14.21-150400.15.130.1fixed 5.14.21-150400.15.130.1

  In the Linux kernel, the following vulnerability has been resolved: tls: stop recv() if initial process_rx_list gave us non-DATA If we have a non-DATA record on the rx_list and another record of the same type still on the queue, we will end up merging them: - process_rx_list c

• CVE-2025-38608Aug 19, 2025
  affected < 5.14.21-150400.15.130.1fixed 5.14.21-150400.15.130.1

  In the Linux kernel, the following vulnerability has been resolved: bpf, ktls: Fix data corruption when using bpf_msg_pop_data() in ktls When sending plaintext data, we initially calculated the corresponding ciphertext length. However, if we later reduced the plaintext data len

• CVE-2025-38572Aug 19, 2025
  affected < 5.14.21-150400.15.133.1fixed 5.14.21-150400.15.133.1

  In the Linux kernel, the following vulnerability has been resolved: ipv6: reject malicious packets in ipv6_gso_segment() syzbot was able to craft a packet with very long IPv6 extension headers leading to an overflow of skb->transport_header. This 16bit field has a limited rang

• CVE-2025-38565Aug 19, 2025
  affected < 5.14.21-150400.15.145.1fixed 5.14.21-150400.15.145.1

  In the Linux kernel, the following vulnerability has been resolved: perf/core: Exit early on perf_mmap() fail When perf_mmap() fails to allocate a buffer, it still invokes the event_mapped() callback of the related event. On X86 this might increase the perf_rdpmc_allowed refere

• CVE-2025-38563Aug 19, 2025
  affected < 5.14.21-150400.15.130.1fixed 5.14.21-150400.15.130.1

  In the Linux kernel, the following vulnerability has been resolved: perf/core: Prevent VMA split of buffer mappings The perf mmap code is careful about mmap()'ing the user page with the ringbuffer and additionally the auxiliary buffer, when the event supports it. Once the first

• CVE-2025-38560Aug 19, 2025
  affected < 5.14.21-150400.15.130.1fixed 5.14.21-150400.15.130.1

  In the Linux kernel, the following vulnerability has been resolved: x86/sev: Evict cache lines during SNP memory validation An SNP cache coherency vulnerability requires a cache line eviction mitigation when validating memory after a page state change to private. The specific m

• CVE-2025-38555Aug 19, 2025
  affected < 5.14.21-150400.15.130.1fixed 5.14.21-150400.15.130.1

  In the Linux kernel, the following vulnerability has been resolved: usb: gadget : fix use-after-free in composite_dev_cleanup() 1. In func configfs_composite_bind() -> composite_os_desc_req_prepare(): if kmalloc fails, the pointer cdev->os_desc_req will be freed but not set to

• CVE-2025-38553Aug 19, 2025
  affected < 5.14.21-150400.15.133.1fixed 5.14.21-150400.15.133.1

  In the Linux kernel, the following vulnerability has been resolved: net/sched: Restrict conditions for adding duplicating netems to qdisc tree netem_enqueue's duplication prevention logic breaks when a netem resides in a qdisc tree with other netems - this can lead to a soft lo

• CVE-2025-38546Aug 16, 2025
  affected < 5.14.21-150400.15.130.1fixed 5.14.21-150400.15.130.1

  In the Linux kernel, the following vulnerability has been resolved: atm: clip: Fix memory leak of struct clip_vcc. ioctl(ATMARP_MKIP) allocates struct clip_vcc and set it to vcc->user_back. The code assumes that vcc_destroy_socket() passes NULL skb to vcc->push() when the sock

• CVE-2025-38499MedAug 11, 2025
  affected < 5.14.21-150400.15.130.1fixed 5.14.21-150400.15.130.1

  In the Linux kernel, the following vulnerability has been resolved: clone_private_mnt(): make sure that caller has CAP_SYS_ADMIN in the right userns What we want is to verify there is that clone won't expose something hidden by a mount we wouldn't be able to undo. "Wouldn't be

• CVE-2022-50233Aug 9, 2025
  affected < 5.14.21-150400.15.133.1fixed 5.14.21-150400.15.133.1

  In the Linux kernel, the following vulnerability has been resolved: Bluetooth: eir: Fix using strlen with hdev->{dev_name,short_name} Both dev_name and short_name are not guaranteed to be NULL terminated so this instead use strnlen and then attempt to determine if the resulting

• CVE-2025-38498MedJul 30, 2025
  affected < 5.14.21-150400.15.130.1fixed 5.14.21-150400.15.130.1

  In the Linux kernel, the following vulnerability has been resolved: do_change_type(): refuse to operate on unmounted/not ours mounts Ensure that propagation settings can only be changed for mounts located in the caller's mount namespace. This change aligns permission checking w