rpm package
suse/kernel-rt&distro=SUSE Real Time Module 15 SP7
pkg:rpm/suse/kernel-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP7
Vulnerabilities (2,202)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-23386 | Med | 5.5 | < 6.4.0-150700.7.37.2 | 6.4.0-150700.7.37.2 | Mar 25, 2026 | In the Linux kernel, the following vulnerability has been resolved: gve: fix incorrect buffer cleanup in gve_tx_clean_pending_packets for QPL In DQ-QPL mode, gve_tx_clean_pending_packets() incorrectly uses the RDA buffer cleanup path. It iterates num_bufs times and attempts to | |
| CVE-2026-23381 | Med | 5.5 | < 6.4.0-150700.7.37.2 | 6.4.0-150700.7.37.2 | Mar 25, 2026 | In the Linux kernel, the following vulnerability has been resolved: net: bridge: fix nd_tbl NULL dereference when IPv6 is disabled When booting with the 'ipv6.disable=1' parameter, the nd_tbl is never initialized because inet6_init() exits before ndisc_init() is called which in | |
| CVE-2026-23379 | Med | 5.5 | < 6.4.0-150700.7.37.2 | 6.4.0-150700.7.37.2 | Mar 25, 2026 | In the Linux kernel, the following vulnerability has been resolved: net/sched: ets: fix divide by zero in the offload path Offloading ETS requires computing each class' WRR weight: this is done by averaging over the sums of quanta as 'q_sum' and 'q_psum'. Using unsigned int, th | |
| CVE-2026-23361 | Hig | 7.8 | < 6.4.0-150700.7.37.2 | 6.4.0-150700.7.37.2 | Mar 25, 2026 | In the Linux kernel, the following vulnerability has been resolved: PCI: dwc: ep: Flush MSI-X write before unmapping its ATU entry Endpoint drivers use dw_pcie_ep_raise_msix_irq() to raise an MSI-X interrupt to the host using a writel(), which generates a PCI posted write trans | |
| CVE-2026-23359 | Hig | 7.8 | < 6.4.0-150700.7.59.2 | 6.4.0-150700.7.59.2 | Mar 25, 2026 | In the Linux kernel, the following vulnerability has been resolved: bpf: Fix stack-out-of-bounds write in devmap get_upper_ifindexes() iterates over all upper devices and writes their indices into an array without checking bounds. Also the callers assume that the max number of | |
| CVE-2026-23327 | Hig | 7.1 | < 6.4.0-150700.7.59.2 | 6.4.0-150700.7.59.2 | Mar 25, 2026 | In the Linux kernel, the following vulnerability has been resolved: cxl/mbox: validate payload size before accessing contents in cxl_payload_from_user_allowed() cxl_payload_from_user_allowed() casts and dereferences the input payload without first verifying its size. When a raw | |
| CVE-2026-23319 | Hig | 7.8 | < 6.4.0-150700.7.37.2 | 6.4.0-150700.7.37.2 | Mar 25, 2026 | In the Linux kernel, the following vulnerability has been resolved: bpf: Fix a UAF issue in bpf_trampoline_link_cgroup_shim The root cause of this bug is that when 'bpf_link_put' reduces the refcount of 'shim_link->link.link' to zero, the resource is considered released but may | |
| CVE-2026-23317 | Hig | 7.8 | < 6.4.0-150700.7.37.2 | 6.4.0-150700.7.37.2 | Mar 25, 2026 | In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Return the correct value in vmw_translate_ptr functions Before the referenced fixes these functions used a lookup function that returned a pointer. This was changed to another lookup function that r | |
| CVE-2026-23303 | Med | 5.5 | < 6.4.0-150700.7.59.2 | 6.4.0-150700.7.59.2 | Mar 25, 2026 | In the Linux kernel, the following vulnerability has been resolved: smb: client: Don't log plaintext credentials in cifs_set_cifscreds When debug logging is enabled, cifs_set_cifscreds() logs the key payload and exposes the plaintext username and password. Remove the debug log | |
| CVE-2026-23293 | Med | 5.5 | < 6.4.0-150700.7.37.2 | 6.4.0-150700.7.37.2 | Mar 25, 2026 | In the Linux kernel, the following vulnerability has been resolved: net: vxlan: fix nd_tbl NULL dereference when IPv6 is disabled When booting with the 'ipv6.disable=1' parameter, the nd_tbl is never initialized because inet6_init() exits before ndisc_init() is called which ini | |
| CVE-2026-23292 | Med | 5.5 | < 6.4.0-150700.7.37.2 | 6.4.0-150700.7.37.2 | Mar 25, 2026 | In the Linux kernel, the following vulnerability has been resolved: scsi: target: Fix recursive locking in __configfs_open_file() In flush_write_buffer, &p->frag_sem is acquired and then the loaded store function is called, which, here, is target_core_item_dbroot_store(). This | |
| CVE-2026-23281 | Hig | 7.8 | < 6.4.0-150700.7.37.2 | 6.4.0-150700.7.37.2 | Mar 25, 2026 | In the Linux kernel, the following vulnerability has been resolved: wifi: libertas: fix use-after-free in lbs_free_adapter() The lbs_free_adapter() function uses timer_delete() (non-synchronous) for both command_timer and tx_lockup_timer before the structure is freed. This is i | |
| CVE-2026-23278 | Hig | 7.8 | < 6.4.0-150700.7.37.2 | 6.4.0-150700.7.37.2 | Mar 20, 2026 | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: always walk all pending catchall elements During transaction processing we might have more than one catchall element: 1 live catchall element and 1 pending element that is coming as part o | |
| CVE-2026-23277 | Med | 5.5 | < 6.4.0-150700.7.37.2 | 6.4.0-150700.7.37.2 | Mar 20, 2026 | In the Linux kernel, the following vulnerability has been resolved: net/sched: teql: fix NULL pointer dereference in iptunnel_xmit on TEQL slave xmit teql_master_xmit() calls netdev_start_xmit(skb, slave) to transmit through slave devices, but does not update skb->dev to the sl | |
| CVE-2026-23274 | Hig | 7.8 | < 6.4.0-150700.7.37.2 | 6.4.0-150700.7.37.2 | Mar 20, 2026 | In the Linux kernel, the following vulnerability has been resolved: netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels IDLETIMER revision 0 rules reuse existing timers by label and always call mod_timer() on timer->timer. If the label was created first by revisio | |
| CVE-2026-23272 | Hig | 7.8 | < 6.4.0-150700.7.37.2 | 6.4.0-150700.7.37.2 | Mar 20, 2026 | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: unconditionally bump set->nelems before insertion In case that the set is full, a new element gets published then removed without waiting for the RCU grace period, while RCU reader can be | |
| CVE-2026-23270 | Hig | 7.8 | < 6.4.0-150700.7.37.2 | 6.4.0-150700.7.37.2 | Mar 18, 2026 | In the Linux kernel, the following vulnerability has been resolved: net/sched: Only allow act_ct to bind to clsact/ingress qdiscs and shared blocks As Paolo said earlier [1]: "Since the blamed commit below, classify can return TC_ACT_CONSUMED while the current skb being held b | |
| CVE-2026-23269 | Hig | 7.1 | < 6.4.0-150700.7.34.1 | 6.4.0-150700.7.34.1 | Mar 18, 2026 | In the Linux kernel, the following vulnerability has been resolved: apparmor: validate DFA start states are in bounds in unpack_pdb Start states are read from untrusted data and used as indexes into the DFA state tables. The aa_dfa_next() function call in unpack_pdb() will acce | |
| CVE-2026-23268 | Hig | 7.8 | < 6.4.0-150700.7.34.1 | 6.4.0-150700.7.34.1 | Mar 18, 2026 | In the Linux kernel, the following vulnerability has been resolved: apparmor: fix unprivileged local user can do privileged policy management An unprivileged local user can load, replace, and remove profiles by opening the apparmorfs interfaces, via a confused deputy attack, by | |
| CVE-2026-23259 | Med | 5.5 | < 6.4.0-150700.7.37.2 | 6.4.0-150700.7.37.2 | Mar 18, 2026 | In the Linux kernel, the following vulnerability has been resolved: io_uring/rw: free potentially allocated iovec on cache put failure If a read/write request goes through io_req_rw_cleanup() and has an allocated iovec attached and fails to put to the rw_cache, then it may end |
- affected < 6.4.0-150700.7.37.2fixed 6.4.0-150700.7.37.2
In the Linux kernel, the following vulnerability has been resolved: gve: fix incorrect buffer cleanup in gve_tx_clean_pending_packets for QPL In DQ-QPL mode, gve_tx_clean_pending_packets() incorrectly uses the RDA buffer cleanup path. It iterates num_bufs times and attempts to
- affected < 6.4.0-150700.7.37.2fixed 6.4.0-150700.7.37.2
In the Linux kernel, the following vulnerability has been resolved: net: bridge: fix nd_tbl NULL dereference when IPv6 is disabled When booting with the 'ipv6.disable=1' parameter, the nd_tbl is never initialized because inet6_init() exits before ndisc_init() is called which in
- affected < 6.4.0-150700.7.37.2fixed 6.4.0-150700.7.37.2
In the Linux kernel, the following vulnerability has been resolved: net/sched: ets: fix divide by zero in the offload path Offloading ETS requires computing each class' WRR weight: this is done by averaging over the sums of quanta as 'q_sum' and 'q_psum'. Using unsigned int, th
- affected < 6.4.0-150700.7.37.2fixed 6.4.0-150700.7.37.2
In the Linux kernel, the following vulnerability has been resolved: PCI: dwc: ep: Flush MSI-X write before unmapping its ATU entry Endpoint drivers use dw_pcie_ep_raise_msix_irq() to raise an MSI-X interrupt to the host using a writel(), which generates a PCI posted write trans
- affected < 6.4.0-150700.7.59.2fixed 6.4.0-150700.7.59.2
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix stack-out-of-bounds write in devmap get_upper_ifindexes() iterates over all upper devices and writes their indices into an array without checking bounds. Also the callers assume that the max number of
- affected < 6.4.0-150700.7.59.2fixed 6.4.0-150700.7.59.2
In the Linux kernel, the following vulnerability has been resolved: cxl/mbox: validate payload size before accessing contents in cxl_payload_from_user_allowed() cxl_payload_from_user_allowed() casts and dereferences the input payload without first verifying its size. When a raw
- affected < 6.4.0-150700.7.37.2fixed 6.4.0-150700.7.37.2
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix a UAF issue in bpf_trampoline_link_cgroup_shim The root cause of this bug is that when 'bpf_link_put' reduces the refcount of 'shim_link->link.link' to zero, the resource is considered released but may
- affected < 6.4.0-150700.7.37.2fixed 6.4.0-150700.7.37.2
In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Return the correct value in vmw_translate_ptr functions Before the referenced fixes these functions used a lookup function that returned a pointer. This was changed to another lookup function that r
- affected < 6.4.0-150700.7.59.2fixed 6.4.0-150700.7.59.2
In the Linux kernel, the following vulnerability has been resolved: smb: client: Don't log plaintext credentials in cifs_set_cifscreds When debug logging is enabled, cifs_set_cifscreds() logs the key payload and exposes the plaintext username and password. Remove the debug log
- affected < 6.4.0-150700.7.37.2fixed 6.4.0-150700.7.37.2
In the Linux kernel, the following vulnerability has been resolved: net: vxlan: fix nd_tbl NULL dereference when IPv6 is disabled When booting with the 'ipv6.disable=1' parameter, the nd_tbl is never initialized because inet6_init() exits before ndisc_init() is called which ini
- affected < 6.4.0-150700.7.37.2fixed 6.4.0-150700.7.37.2
In the Linux kernel, the following vulnerability has been resolved: scsi: target: Fix recursive locking in __configfs_open_file() In flush_write_buffer, &p->frag_sem is acquired and then the loaded store function is called, which, here, is target_core_item_dbroot_store(). This
- affected < 6.4.0-150700.7.37.2fixed 6.4.0-150700.7.37.2
In the Linux kernel, the following vulnerability has been resolved: wifi: libertas: fix use-after-free in lbs_free_adapter() The lbs_free_adapter() function uses timer_delete() (non-synchronous) for both command_timer and tx_lockup_timer before the structure is freed. This is i
- affected < 6.4.0-150700.7.37.2fixed 6.4.0-150700.7.37.2
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: always walk all pending catchall elements During transaction processing we might have more than one catchall element: 1 live catchall element and 1 pending element that is coming as part o
- affected < 6.4.0-150700.7.37.2fixed 6.4.0-150700.7.37.2
In the Linux kernel, the following vulnerability has been resolved: net/sched: teql: fix NULL pointer dereference in iptunnel_xmit on TEQL slave xmit teql_master_xmit() calls netdev_start_xmit(skb, slave) to transmit through slave devices, but does not update skb->dev to the sl
- affected < 6.4.0-150700.7.37.2fixed 6.4.0-150700.7.37.2
In the Linux kernel, the following vulnerability has been resolved: netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels IDLETIMER revision 0 rules reuse existing timers by label and always call mod_timer() on timer->timer. If the label was created first by revisio
- affected < 6.4.0-150700.7.37.2fixed 6.4.0-150700.7.37.2
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: unconditionally bump set->nelems before insertion In case that the set is full, a new element gets published then removed without waiting for the RCU grace period, while RCU reader can be
- affected < 6.4.0-150700.7.37.2fixed 6.4.0-150700.7.37.2
In the Linux kernel, the following vulnerability has been resolved: net/sched: Only allow act_ct to bind to clsact/ingress qdiscs and shared blocks As Paolo said earlier [1]: "Since the blamed commit below, classify can return TC_ACT_CONSUMED while the current skb being held b
- affected < 6.4.0-150700.7.34.1fixed 6.4.0-150700.7.34.1
In the Linux kernel, the following vulnerability has been resolved: apparmor: validate DFA start states are in bounds in unpack_pdb Start states are read from untrusted data and used as indexes into the DFA state tables. The aa_dfa_next() function call in unpack_pdb() will acce
- affected < 6.4.0-150700.7.34.1fixed 6.4.0-150700.7.34.1
In the Linux kernel, the following vulnerability has been resolved: apparmor: fix unprivileged local user can do privileged policy management An unprivileged local user can load, replace, and remove profiles by opening the apparmorfs interfaces, via a confused deputy attack, by
- affected < 6.4.0-150700.7.37.2fixed 6.4.0-150700.7.37.2
In the Linux kernel, the following vulnerability has been resolved: io_uring/rw: free potentially allocated iovec on cache put failure If a read/write request goes through io_req_rw_cleanup() and has an allocated iovec attached and fails to put to the rw_cache, then it may end
Page 6 of 111