rpm package
suse/kernel-rt&distro=SUSE Linux Enterprise Micro 5.3
pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.3
Vulnerabilities (2,986)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-37932 | — | < 5.14.21-150400.15.124.1 | 5.14.21-150400.15.124.1 | May 20, 2025 | In the Linux kernel, the following vulnerability has been resolved: sch_htb: make htb_qlen_notify() idempotent htb_qlen_notify() always deactivates the HTB class and in fact could trigger a warning if it is already deactivated. Therefore, it is not idempotent and not friendly t | ||
| CVE-2025-37890 | — | < 5.14.21-150400.15.124.1 | 5.14.21-150400.15.124.1 | May 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc As described in Gerrard's report [1], we have a UAF case when an hfsc class has a netem child qdisc. The crux of the issue is that hfs | ||
| CVE-2024-28956 | Med | 5.6 | < 5.14.21-150400.15.142.1 | 5.14.21-150400.15.142.1 | May 13, 2025 | Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | |
| CVE-2023-53145 | — | < 5.14.21-150400.15.121.1 | 5.14.21-150400.15.121.1 | May 10, 2025 | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition In btsdio_probe, the data->work is bound with btsdio_work. It will be started in btsdio_send_frame. If the btsdio_remove runs wi | ||
| CVE-2025-37885 | — | < 5.14.21-150400.15.133.1 | 5.14.21-150400.15.133.1 | May 9, 2025 | In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Reset IRTE to host control if *new* route isn't postable Restore an IRTE back to host control (remapped or posted MSI mode) if the *new* GSI route prevents posting the IRQ directly to a vCPU, regardle | ||
| CVE-2025-37823 | — | < 5.14.21-150400.15.124.1 | 5.14.21-150400.15.124.1 | May 8, 2025 | In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too Similarly to the previous patch, we need to safe guard hfsc_dequeue() too. But for this one, we don't have a reliable reproducer. | ||
| CVE-2023-53143 | — | < 5.14.21-150400.15.121.1 | 5.14.21-150400.15.121.1 | May 2, 2025 | In the Linux kernel, the following vulnerability has been resolved: ext4: fix another off-by-one fsmap error on 1k block filesystems Apparently syzbot figured out that issuing this FSMAP call: struct fsmap_head cmd = { .fmh_count = ...; .fmh_keys = { { .fmr_device = /* ext | ||
| CVE-2023-53142 | — | < 5.14.21-150400.15.121.1 | 5.14.21-150400.15.121.1 | May 2, 2025 | In the Linux kernel, the following vulnerability has been resolved: ice: copy last block omitted in ice_get_module_eeprom() ice_get_module_eeprom() is broken since commit e9c9692c8a81 ("ice: Reimplement module reads used by ethtool") In this refactor, ice_get_module_eeprom() re | ||
| CVE-2023-53140 | — | < 5.14.21-150400.15.121.1 | 5.14.21-150400.15.121.1 | May 2, 2025 | In the Linux kernel, the following vulnerability has been resolved: scsi: core: Remove the /proc/scsi/${proc_name} directory earlier Remove the /proc/scsi/${proc_name} directory earlier to fix a race condition between unloading and reloading kernel modules. This fixes a bug int | ||
| CVE-2023-53139 | — | < 5.14.21-150400.15.121.1 | 5.14.21-150400.15.121.1 | May 2, 2025 | In the Linux kernel, the following vulnerability has been resolved: nfc: fdp: add null check of devm_kmalloc_array in fdp_nci_i2c_read_device_properties devm_kmalloc_array may fails, *fw_vsc_cfg might be null and cause out-of-bounds write in device_property_read_u8_array later. | ||
| CVE-2023-53134 | — | < 5.14.21-150400.15.121.1 | 5.14.21-150400.15.121.1 | May 2, 2025 | In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Avoid order-5 memory allocation for TPA data The driver needs to keep track of all the possible concurrent TPA (GRO/LRO) completions on the aggregation ring. On P5 chips, the maximum number of concurr | ||
| CVE-2023-53131 | — | < 5.14.21-150400.15.121.1 | 5.14.21-150400.15.121.1 | May 2, 2025 | In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix a server shutdown leak Fix a race where kthread_stop() may prevent the threadfn from ever getting called. If that happens the svc_rqst will not be cleaned up. | ||
| CVE-2023-53125 | — | < 5.14.21-150400.15.121.1 | 5.14.21-150400.15.121.1 | May 2, 2025 | In the Linux kernel, the following vulnerability has been resolved: net: usb: smsc75xx: Limit packet length to skb->len Packet length retrieved from skb data may be larger than the actual socket buffer length (up to 9026 bytes). In such case the cloned skb passed up the network | ||
| CVE-2023-53124 | — | < 5.14.21-150400.15.121.1 | 5.14.21-150400.15.121.1 | May 2, 2025 | In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Fix NULL pointer access in mpt3sas_transport_port_add() Port is allocated by sas_port_alloc_num() and rphy is allocated by either sas_end_device_alloc() or sas_expander_alloc(), all of which may | ||
| CVE-2023-53123 | — | < 5.14.21-150400.15.121.1 | 5.14.21-150400.15.121.1 | May 2, 2025 | In the Linux kernel, the following vulnerability has been resolved: PCI: s390: Fix use-after-free of PCI resources with per-function hotplug On s390 PCI functions may be hotplugged individually even when they belong to a multi-function device. In particular on an SR-IOV device | ||
| CVE-2023-53119 | — | < 5.14.21-150400.15.121.1 | 5.14.21-150400.15.121.1 | May 2, 2025 | In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: initialize struct pn533_out_arg properly struct pn533_out_arg used as a temporary context for out_urb is not initialized properly. Its uninitialized 'phy' field can be dereferenced in error cases in | ||
| CVE-2023-53118 | — | < 5.14.21-150400.15.121.1 | 5.14.21-150400.15.121.1 | May 2, 2025 | In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix a procfs host directory removal regression scsi_proc_hostdir_rm() decreases a reference counter and hence must only be called once per host that is removed. This change does not require a scsi_a | ||
| CVE-2023-53117 | — | < 5.14.21-150400.15.127.1 | 5.14.21-150400.15.127.1 | May 2, 2025 | In the Linux kernel, the following vulnerability has been resolved: fs: prevent out-of-bounds array speculation when closing a file descriptor Google-Bug-Id: 114199369 | ||
| CVE-2023-53116 | — | < 5.14.21-150400.15.121.1 | 5.14.21-150400.15.121.1 | May 2, 2025 | In the Linux kernel, the following vulnerability has been resolved: nvmet: avoid potential UAF in nvmet_req_complete() An nvme target ->queue_response() operation implementation may free the request passed as argument. Such implementation potentially could result in a use after | ||
| CVE-2023-53114 | — | < 5.14.21-150400.15.121.1 | 5.14.21-150400.15.121.1 | May 2, 2025 | In the Linux kernel, the following vulnerability has been resolved: i40e: Fix kernel crash during reboot when adapter is in recovery mode If the driver detects during probe that firmware is in recovery mode then i40e_init_recovery_mode() is called and the rest of probe function |
- CVE-2025-37932May 20, 2025affected < 5.14.21-150400.15.124.1fixed 5.14.21-150400.15.124.1
In the Linux kernel, the following vulnerability has been resolved: sch_htb: make htb_qlen_notify() idempotent htb_qlen_notify() always deactivates the HTB class and in fact could trigger a warning if it is already deactivated. Therefore, it is not idempotent and not friendly t
- CVE-2025-37890May 16, 2025affected < 5.14.21-150400.15.124.1fixed 5.14.21-150400.15.124.1
In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Fix a UAF vulnerability in class with netem as child qdisc As described in Gerrard's report [1], we have a UAF case when an hfsc class has a netem child qdisc. The crux of the issue is that hfs
- affected < 5.14.21-150400.15.142.1fixed 5.14.21-150400.15.142.1
Exposure of Sensitive Information in Shared Microarchitectural Structures during Transient Execution for some Intel(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
- CVE-2023-53145May 10, 2025affected < 5.14.21-150400.15.121.1fixed 5.14.21-150400.15.121.1
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btsdio: fix use after free bug in btsdio_remove due to race condition In btsdio_probe, the data->work is bound with btsdio_work. It will be started in btsdio_send_frame. If the btsdio_remove runs wi
- CVE-2025-37885May 9, 2025affected < 5.14.21-150400.15.133.1fixed 5.14.21-150400.15.133.1
In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Reset IRTE to host control if *new* route isn't postable Restore an IRTE back to host control (remapped or posted MSI mode) if the *new* GSI route prevents posting the IRQ directly to a vCPU, regardle
- CVE-2025-37823May 8, 2025affected < 5.14.21-150400.15.124.1fixed 5.14.21-150400.15.124.1
In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Fix a potential UAF in hfsc_dequeue() too Similarly to the previous patch, we need to safe guard hfsc_dequeue() too. But for this one, we don't have a reliable reproducer.
- CVE-2023-53143May 2, 2025affected < 5.14.21-150400.15.121.1fixed 5.14.21-150400.15.121.1
In the Linux kernel, the following vulnerability has been resolved: ext4: fix another off-by-one fsmap error on 1k block filesystems Apparently syzbot figured out that issuing this FSMAP call: struct fsmap_head cmd = { .fmh_count = ...; .fmh_keys = { { .fmr_device = /* ext
- CVE-2023-53142May 2, 2025affected < 5.14.21-150400.15.121.1fixed 5.14.21-150400.15.121.1
In the Linux kernel, the following vulnerability has been resolved: ice: copy last block omitted in ice_get_module_eeprom() ice_get_module_eeprom() is broken since commit e9c9692c8a81 ("ice: Reimplement module reads used by ethtool") In this refactor, ice_get_module_eeprom() re
- CVE-2023-53140May 2, 2025affected < 5.14.21-150400.15.121.1fixed 5.14.21-150400.15.121.1
In the Linux kernel, the following vulnerability has been resolved: scsi: core: Remove the /proc/scsi/${proc_name} directory earlier Remove the /proc/scsi/${proc_name} directory earlier to fix a race condition between unloading and reloading kernel modules. This fixes a bug int
- CVE-2023-53139May 2, 2025affected < 5.14.21-150400.15.121.1fixed 5.14.21-150400.15.121.1
In the Linux kernel, the following vulnerability has been resolved: nfc: fdp: add null check of devm_kmalloc_array in fdp_nci_i2c_read_device_properties devm_kmalloc_array may fails, *fw_vsc_cfg might be null and cause out-of-bounds write in device_property_read_u8_array later.
- CVE-2023-53134May 2, 2025affected < 5.14.21-150400.15.121.1fixed 5.14.21-150400.15.121.1
In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Avoid order-5 memory allocation for TPA data The driver needs to keep track of all the possible concurrent TPA (GRO/LRO) completions on the aggregation ring. On P5 chips, the maximum number of concurr
- CVE-2023-53131May 2, 2025affected < 5.14.21-150400.15.121.1fixed 5.14.21-150400.15.121.1
In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix a server shutdown leak Fix a race where kthread_stop() may prevent the threadfn from ever getting called. If that happens the svc_rqst will not be cleaned up.
- CVE-2023-53125May 2, 2025affected < 5.14.21-150400.15.121.1fixed 5.14.21-150400.15.121.1
In the Linux kernel, the following vulnerability has been resolved: net: usb: smsc75xx: Limit packet length to skb->len Packet length retrieved from skb data may be larger than the actual socket buffer length (up to 9026 bytes). In such case the cloned skb passed up the network
- CVE-2023-53124May 2, 2025affected < 5.14.21-150400.15.121.1fixed 5.14.21-150400.15.121.1
In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Fix NULL pointer access in mpt3sas_transport_port_add() Port is allocated by sas_port_alloc_num() and rphy is allocated by either sas_end_device_alloc() or sas_expander_alloc(), all of which may
- CVE-2023-53123May 2, 2025affected < 5.14.21-150400.15.121.1fixed 5.14.21-150400.15.121.1
In the Linux kernel, the following vulnerability has been resolved: PCI: s390: Fix use-after-free of PCI resources with per-function hotplug On s390 PCI functions may be hotplugged individually even when they belong to a multi-function device. In particular on an SR-IOV device
- CVE-2023-53119May 2, 2025affected < 5.14.21-150400.15.121.1fixed 5.14.21-150400.15.121.1
In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: initialize struct pn533_out_arg properly struct pn533_out_arg used as a temporary context for out_urb is not initialized properly. Its uninitialized 'phy' field can be dereferenced in error cases in
- CVE-2023-53118May 2, 2025affected < 5.14.21-150400.15.121.1fixed 5.14.21-150400.15.121.1
In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix a procfs host directory removal regression scsi_proc_hostdir_rm() decreases a reference counter and hence must only be called once per host that is removed. This change does not require a scsi_a
- CVE-2023-53117May 2, 2025affected < 5.14.21-150400.15.127.1fixed 5.14.21-150400.15.127.1
In the Linux kernel, the following vulnerability has been resolved: fs: prevent out-of-bounds array speculation when closing a file descriptor Google-Bug-Id: 114199369
- CVE-2023-53116May 2, 2025affected < 5.14.21-150400.15.121.1fixed 5.14.21-150400.15.121.1
In the Linux kernel, the following vulnerability has been resolved: nvmet: avoid potential UAF in nvmet_req_complete() An nvme target ->queue_response() operation implementation may free the request passed as argument. Such implementation potentially could result in a use after
- CVE-2023-53114May 2, 2025affected < 5.14.21-150400.15.121.1fixed 5.14.21-150400.15.121.1
In the Linux kernel, the following vulnerability has been resolved: i40e: Fix kernel crash during reboot when adapter is in recovery mode If the driver detects during probe that firmware is in recovery mode then i40e_init_recovery_mode() is called and the rest of probe function
Page 55 of 150