rpm package
suse/kernel-rt&distro=SUSE Real Time Module 15 SP7
pkg:rpm/suse/kernel-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP7
Vulnerabilities (2,100)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-23058 | — | < 6.4.0-150700.7.34.1 | 6.4.0-150700.7.34.1 | Feb 4, 2026 | In the Linux kernel, the following vulnerability has been resolved: can: ems_usb: ems_usb_read_bulk_callback(): fix URB memory leak Fix similar memory leak as in commit 7352e1d5932a ("can: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory leak"). In ems_usb_open(), the UR | ||
| CVE-2026-23057 | — | < 6.4.0-150700.7.34.1 | 6.4.0-150700.7.34.1 | Feb 4, 2026 | In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: Coalesce only linear skb vsock/virtio common tries to coalesce buffers in rx queue: if a linear skb (with a spare tail room) is followed by a small skb (length limited by GOOD_COPY_LEN = 128), an | ||
| CVE-2026-23056 | — | < 6.4.0-150700.7.34.1 | 6.4.0-150700.7.34.1 | Feb 4, 2026 | In the Linux kernel, the following vulnerability has been resolved: uacce: implement mremap in uacce_vm_ops to return -EPERM The current uacce_vm_ops does not support the mremap operation of vm_operations_struct. Implement .mremap to return -EPERM to remind users. The reason w | ||
| CVE-2026-23054 | — | < 6.4.0-150700.7.34.1 | 6.4.0-150700.7.34.1 | Feb 4, 2026 | In the Linux kernel, the following vulnerability has been resolved: net: hv_netvsc: reject RSS hash key programming without RX indirection table RSS configuration requires a valid RX indirection table. When the device reports a single receive queue, rndis_filter_device_add() do | ||
| CVE-2026-23053 | — | < 6.4.0-150700.7.34.1 | 6.4.0-150700.7.34.1 | Feb 4, 2026 | In the Linux kernel, the following vulnerability has been resolved: NFS: Fix a deadlock involving nfs_release_folio() Wang Zhaolong reports a deadlock involving NFSv4.1 state recovery waiting on kthreadd, which is attempting to reclaim memory by calling nfs_release_folio(). The | ||
| CVE-2026-23049 | — | < 6.4.0-150700.7.34.1 | 6.4.0-150700.7.34.1 | Feb 4, 2026 | In the Linux kernel, the following vulnerability has been resolved: drm/panel-simple: fix connector type for DataImage SCF0700C48GGU18 panel The connector type for the DataImage SCF0700C48GGU18 panel is missing and devm_drm_panel_bridge_add() requires connector type to be set. | ||
| CVE-2025-71199 | — | < 6.4.0-150700.7.34.1 | 6.4.0-150700.7.34.1 | Feb 4, 2026 | In the Linux kernel, the following vulnerability has been resolved: iio: adc: at91-sama5d2_adc: Fix potential use-after-free in sama5d2_adc driver at91_adc_interrupt can call at91_adc_touch_data_handler function to start the work by schedule_work(&st->touch_st.workq). If we re | ||
| CVE-2025-71198 | — | < 6.4.0-150700.7.34.1 | 6.4.0-150700.7.34.1 | Feb 4, 2026 | In the Linux kernel, the following vulnerability has been resolved: iio: imu: st_lsm6dsx: fix iio_chan_spec for sensors without event detection The st_lsm6dsx_acc_channels array of struct iio_chan_spec has a non-NULL event_spec field, indicating support for IIO events. However, | ||
| CVE-2025-71197 | — | < 6.4.0-150700.7.34.1 | 6.4.0-150700.7.34.1 | Feb 4, 2026 | In the Linux kernel, the following vulnerability has been resolved: w1: therm: Fix off-by-one buffer overflow in alarms_store The sysfs buffer passed to alarms_store() is allocated with 'size + 1' bytes and a NUL terminator is appended. However, the 'size' argument does not acc | ||
| CVE-2025-71196 | — | < 6.4.0-150700.7.34.1 | 6.4.0-150700.7.34.1 | Feb 4, 2026 | In the Linux kernel, the following vulnerability has been resolved: phy: stm32-usphyc: Fix off by one in probe() The "index" variable is used as an index into the usbphyc->phys[] array which has usbphyc->nphys elements. So if it is equal to usbphyc->nphys then it is one elemen | ||
| CVE-2025-71195 | — | < 6.4.0-150700.7.34.1 | 6.4.0-150700.7.34.1 | Feb 4, 2026 | In the Linux kernel, the following vulnerability has been resolved: dmaengine: xilinx: xdma: Fix regmap max_register The max_register field is assigned the size of the register memory region instead of the offset of the last register. The result is that reading from the regmap | ||
| CVE-2025-71194 | — | < 6.4.0-150700.7.34.1 | 6.4.0-150700.7.34.1 | Feb 4, 2026 | In the Linux kernel, the following vulnerability has been resolved: btrfs: fix deadlock in wait_current_trans() due to ignored transaction type When wait_current_trans() is called during start_transaction(), it currently waits for a blocked transaction without considering wheth | ||
| CVE-2026-23047 | — | < 6.4.0-150700.7.37.2 | 6.4.0-150700.7.37.2 | Feb 4, 2026 | In the Linux kernel, the following vulnerability has been resolved: libceph: make calc_target() set t->paused, not just clear it Currently calc_target() clears t->paused if the request shouldn't be paused anymore, but doesn't ever set t->paused even though it's able to determin | ||
| CVE-2025-71192 | — | < 6.4.0-150700.7.34.1 | 6.4.0-150700.7.34.1 | Feb 4, 2026 | In the Linux kernel, the following vulnerability has been resolved: ALSA: ac97: fix a double free in snd_ac97_controller_register() If ac97_add_adapter() fails, put_device() is the correct way to drop the device reference. kfree() is not required. Add kfree() if idr_alloc() fai | ||
| CVE-2026-23108 | — | < 6.4.0-150700.7.34.1 | 6.4.0-150700.7.34.1 | Feb 4, 2026 | In the Linux kernel, the following vulnerability has been resolved: can: usb_8dev: usb_8dev_read_bulk_callback(): fix URB memory leak Fix similar memory leak as in commit 7352e1d5932a ("can: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory leak"). In usb_8dev_open() -> u | ||
| CVE-2026-23107 | — | < 6.4.0-150700.7.34.1 | 6.4.0-150700.7.34.1 | Feb 4, 2026 | In the Linux kernel, the following vulnerability has been resolved: arm64/fpsimd: signal: Allocate SSVE storage when restoring ZA The code to restore a ZA context doesn't attempt to allocate the task's sve_state before setting TIF_SME. Consequently, restoring a ZA context can p | ||
| CVE-2026-23104 | — | < 6.4.0-150700.7.34.1 | 6.4.0-150700.7.34.1 | Feb 4, 2026 | In the Linux kernel, the following vulnerability has been resolved: ice: fix devlink reload call trace Commit 4da71a77fc3b ("ice: read internal temperature sensor") introduced internal temperature sensor reading via HWMON. ice_hwmon_init() was added to ice_init_feature() and ic | ||
| CVE-2026-23102 | — | < 6.4.0-150700.7.34.1 | 6.4.0-150700.7.34.1 | Feb 4, 2026 | In the Linux kernel, the following vulnerability has been resolved: arm64/fpsimd: signal: Fix restoration of SVE context When SME is supported, Restoring SVE signal context can go wrong in a few ways, including placing the task into an invalid state where the kernel may read fr | ||
| CVE-2026-23101 | — | < 6.4.0-150700.7.34.1 | 6.4.0-150700.7.34.1 | Feb 4, 2026 | In the Linux kernel, the following vulnerability has been resolved: leds: led-class: Only Add LED to leds_list when it is fully ready Before this change the LED was added to leds_list before led_init_core() gets called adding it the list before led_classdev.set_brightness_work | ||
| CVE-2026-23099 | — | < 6.4.0-150700.7.34.1 | 6.4.0-150700.7.34.1 | Feb 4, 2026 | In the Linux kernel, the following vulnerability has been resolved: bonding: limit BOND_MODE_8023AD to Ethernet devices BOND_MODE_8023AD makes sense for ARPHRD_ETHER only. syzbot reported: BUG: KASAN: global-out-of-bounds in __hw_addr_create net/core/dev_addr_lists.c:63 [inl |
- CVE-2026-23058Feb 4, 2026affected < 6.4.0-150700.7.34.1fixed 6.4.0-150700.7.34.1
In the Linux kernel, the following vulnerability has been resolved: can: ems_usb: ems_usb_read_bulk_callback(): fix URB memory leak Fix similar memory leak as in commit 7352e1d5932a ("can: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory leak"). In ems_usb_open(), the UR
- CVE-2026-23057Feb 4, 2026affected < 6.4.0-150700.7.34.1fixed 6.4.0-150700.7.34.1
In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: Coalesce only linear skb vsock/virtio common tries to coalesce buffers in rx queue: if a linear skb (with a spare tail room) is followed by a small skb (length limited by GOOD_COPY_LEN = 128), an
- CVE-2026-23056Feb 4, 2026affected < 6.4.0-150700.7.34.1fixed 6.4.0-150700.7.34.1
In the Linux kernel, the following vulnerability has been resolved: uacce: implement mremap in uacce_vm_ops to return -EPERM The current uacce_vm_ops does not support the mremap operation of vm_operations_struct. Implement .mremap to return -EPERM to remind users. The reason w
- CVE-2026-23054Feb 4, 2026affected < 6.4.0-150700.7.34.1fixed 6.4.0-150700.7.34.1
In the Linux kernel, the following vulnerability has been resolved: net: hv_netvsc: reject RSS hash key programming without RX indirection table RSS configuration requires a valid RX indirection table. When the device reports a single receive queue, rndis_filter_device_add() do
- CVE-2026-23053Feb 4, 2026affected < 6.4.0-150700.7.34.1fixed 6.4.0-150700.7.34.1
In the Linux kernel, the following vulnerability has been resolved: NFS: Fix a deadlock involving nfs_release_folio() Wang Zhaolong reports a deadlock involving NFSv4.1 state recovery waiting on kthreadd, which is attempting to reclaim memory by calling nfs_release_folio(). The
- CVE-2026-23049Feb 4, 2026affected < 6.4.0-150700.7.34.1fixed 6.4.0-150700.7.34.1
In the Linux kernel, the following vulnerability has been resolved: drm/panel-simple: fix connector type for DataImage SCF0700C48GGU18 panel The connector type for the DataImage SCF0700C48GGU18 panel is missing and devm_drm_panel_bridge_add() requires connector type to be set.
- CVE-2025-71199Feb 4, 2026affected < 6.4.0-150700.7.34.1fixed 6.4.0-150700.7.34.1
In the Linux kernel, the following vulnerability has been resolved: iio: adc: at91-sama5d2_adc: Fix potential use-after-free in sama5d2_adc driver at91_adc_interrupt can call at91_adc_touch_data_handler function to start the work by schedule_work(&st->touch_st.workq). If we re
- CVE-2025-71198Feb 4, 2026affected < 6.4.0-150700.7.34.1fixed 6.4.0-150700.7.34.1
In the Linux kernel, the following vulnerability has been resolved: iio: imu: st_lsm6dsx: fix iio_chan_spec for sensors without event detection The st_lsm6dsx_acc_channels array of struct iio_chan_spec has a non-NULL event_spec field, indicating support for IIO events. However,
- CVE-2025-71197Feb 4, 2026affected < 6.4.0-150700.7.34.1fixed 6.4.0-150700.7.34.1
In the Linux kernel, the following vulnerability has been resolved: w1: therm: Fix off-by-one buffer overflow in alarms_store The sysfs buffer passed to alarms_store() is allocated with 'size + 1' bytes and a NUL terminator is appended. However, the 'size' argument does not acc
- CVE-2025-71196Feb 4, 2026affected < 6.4.0-150700.7.34.1fixed 6.4.0-150700.7.34.1
In the Linux kernel, the following vulnerability has been resolved: phy: stm32-usphyc: Fix off by one in probe() The "index" variable is used as an index into the usbphyc->phys[] array which has usbphyc->nphys elements. So if it is equal to usbphyc->nphys then it is one elemen
- CVE-2025-71195Feb 4, 2026affected < 6.4.0-150700.7.34.1fixed 6.4.0-150700.7.34.1
In the Linux kernel, the following vulnerability has been resolved: dmaengine: xilinx: xdma: Fix regmap max_register The max_register field is assigned the size of the register memory region instead of the offset of the last register. The result is that reading from the regmap
- CVE-2025-71194Feb 4, 2026affected < 6.4.0-150700.7.34.1fixed 6.4.0-150700.7.34.1
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix deadlock in wait_current_trans() due to ignored transaction type When wait_current_trans() is called during start_transaction(), it currently waits for a blocked transaction without considering wheth
- CVE-2026-23047Feb 4, 2026affected < 6.4.0-150700.7.37.2fixed 6.4.0-150700.7.37.2
In the Linux kernel, the following vulnerability has been resolved: libceph: make calc_target() set t->paused, not just clear it Currently calc_target() clears t->paused if the request shouldn't be paused anymore, but doesn't ever set t->paused even though it's able to determin
- CVE-2025-71192Feb 4, 2026affected < 6.4.0-150700.7.34.1fixed 6.4.0-150700.7.34.1
In the Linux kernel, the following vulnerability has been resolved: ALSA: ac97: fix a double free in snd_ac97_controller_register() If ac97_add_adapter() fails, put_device() is the correct way to drop the device reference. kfree() is not required. Add kfree() if idr_alloc() fai
- CVE-2026-23108Feb 4, 2026affected < 6.4.0-150700.7.34.1fixed 6.4.0-150700.7.34.1
In the Linux kernel, the following vulnerability has been resolved: can: usb_8dev: usb_8dev_read_bulk_callback(): fix URB memory leak Fix similar memory leak as in commit 7352e1d5932a ("can: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory leak"). In usb_8dev_open() -> u
- CVE-2026-23107Feb 4, 2026affected < 6.4.0-150700.7.34.1fixed 6.4.0-150700.7.34.1
In the Linux kernel, the following vulnerability has been resolved: arm64/fpsimd: signal: Allocate SSVE storage when restoring ZA The code to restore a ZA context doesn't attempt to allocate the task's sve_state before setting TIF_SME. Consequently, restoring a ZA context can p
- CVE-2026-23104Feb 4, 2026affected < 6.4.0-150700.7.34.1fixed 6.4.0-150700.7.34.1
In the Linux kernel, the following vulnerability has been resolved: ice: fix devlink reload call trace Commit 4da71a77fc3b ("ice: read internal temperature sensor") introduced internal temperature sensor reading via HWMON. ice_hwmon_init() was added to ice_init_feature() and ic
- CVE-2026-23102Feb 4, 2026affected < 6.4.0-150700.7.34.1fixed 6.4.0-150700.7.34.1
In the Linux kernel, the following vulnerability has been resolved: arm64/fpsimd: signal: Fix restoration of SVE context When SME is supported, Restoring SVE signal context can go wrong in a few ways, including placing the task into an invalid state where the kernel may read fr
- CVE-2026-23101Feb 4, 2026affected < 6.4.0-150700.7.34.1fixed 6.4.0-150700.7.34.1
In the Linux kernel, the following vulnerability has been resolved: leds: led-class: Only Add LED to leds_list when it is fully ready Before this change the LED was added to leds_list before led_init_core() gets called adding it the list before led_classdev.set_brightness_work
- CVE-2026-23099Feb 4, 2026affected < 6.4.0-150700.7.34.1fixed 6.4.0-150700.7.34.1
In the Linux kernel, the following vulnerability has been resolved: bonding: limit BOND_MODE_8023AD to Ethernet devices BOND_MODE_8023AD makes sense for ARPHRD_ETHER only. syzbot reported: BUG: KASAN: global-out-of-bounds in __hw_addr_create net/core/dev_addr_lists.c:63 [inl
Page 6 of 105