rpm package
suse/kernel-rt&distro=SUSE Real Time Module 15 SP7
pkg:rpm/suse/kernel-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP7
Vulnerabilities (2,100)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-23063 | — | < 6.4.0-150700.7.34.1 | 6.4.0-150700.7.34.1 | Feb 4, 2026 | In the Linux kernel, the following vulnerability has been resolved: uacce: ensure safe queue release with state management Directly calling `put_queue` carries risks since it cannot guarantee that resources of `uacce_queue` have been fully released beforehand. So adding a `stop | ||
| CVE-2026-23062 | — | < 6.4.0-150700.7.34.1 | 6.4.0-150700.7.34.1 | Feb 4, 2026 | In the Linux kernel, the following vulnerability has been resolved: platform/x86: hp-bioscfg: Fix kernel panic in GET_INSTANCE_ID macro The GET_INSTANCE_ID macro that caused a kernel panic when accessing sysfs attributes: 1. Off-by-one error: The loop condition used '<=' inste | ||
| CVE-2026-23061 | — | < 6.4.0-150700.7.34.1 | 6.4.0-150700.7.34.1 | Feb 4, 2026 | In the Linux kernel, the following vulnerability has been resolved: can: kvaser_usb: kvaser_usb_read_bulk_callback(): fix URB memory leak Fix similar memory leak as in commit 7352e1d5932a ("can: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory leak"). In kvaser_usb_set_{ | ||
| CVE-2026-23060 | — | < 6.4.0-150700.7.34.1 | 6.4.0-150700.7.34.1 | Feb 4, 2026 | In the Linux kernel, the following vulnerability has been resolved: crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec authencesn assumes an ESP/ESN-formatted AAD. When assoclen is shorter than the minimum expected length, crypto_authenc_esn_decrypt() | ||
| CVE-2026-23038 | — | < 6.4.0-150700.7.34.1 | 6.4.0-150700.7.34.1 | Jan 31, 2026 | In the Linux kernel, the following vulnerability has been resolved: pnfs/flexfiles: Fix memory leak in nfs4_ff_alloc_deviceid_node() In nfs4_ff_alloc_deviceid_node(), if the allocation for ds_versions fails, the function jumps to the out_scratch label without freeing the alread | ||
| CVE-2026-23037 | — | < 6.4.0-150700.7.34.1 | 6.4.0-150700.7.34.1 | Jan 31, 2026 | In the Linux kernel, the following vulnerability has been resolved: can: etas_es58x: allow partial RX URB allocation to succeed When es58x_alloc_rx_urbs() fails to allocate the requested number of URBs but succeeds in allocating some, it returns an error code. This causes es58x | ||
| CVE-2026-23035 | — | < 6.4.0-150700.7.34.1 | 6.4.0-150700.7.34.1 | Jan 31, 2026 | In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Pass netdev to mlx5e_destroy_netdev instead of priv mlx5e_priv is an unstable structure that can be memset(0) if profile attaching fails. Pass netdev to mlx5e_destroy_netdev() to guarantee it will w | ||
| CVE-2026-23033 | — | < 6.4.0-150700.7.34.1 | 6.4.0-150700.7.34.1 | Jan 31, 2026 | In the Linux kernel, the following vulnerability has been resolved: dmaengine: omap-dma: fix dma_pool resource leak in error paths The dma_pool created by dma_pool_create() is not destroyed when dma_async_device_register() or of_dma_controller_register() fails, causing a resour | ||
| CVE-2026-23030 | — | < 6.4.0-150700.7.37.2 | 6.4.0-150700.7.37.2 | Jan 31, 2026 | In the Linux kernel, the following vulnerability has been resolved: phy: rockchip: inno-usb2: Fix a double free bug in rockchip_usb2phy_probe() The for_each_available_child_of_node() calls of_node_put() to release child_np in each success loop. After breaking from the loop with | ||
| CVE-2026-23026 | — | < 6.4.0-150700.7.34.1 | 6.4.0-150700.7.34.1 | Jan 31, 2026 | In the Linux kernel, the following vulnerability has been resolved: dmaengine: qcom: gpi: Fix memory leak in gpi_peripheral_config() Fix a memory leak in gpi_peripheral_config() where the original memory pointed to by gchan->config could be lost if krealloc() fails. The issue | ||
| CVE-2025-71191 | — | < 6.4.0-150700.7.34.1 | 6.4.0-150700.7.34.1 | Jan 31, 2026 | In the Linux kernel, the following vulnerability has been resolved: dmaengine: at_hdmac: fix device leak on of_dma_xlate() Make sure to drop the reference taken when looking up the DMA platform device during of_dma_xlate() when releasing channel resources. Note that commit 383 | ||
| CVE-2025-71190 | — | < 6.4.0-150700.7.34.1 | 6.4.0-150700.7.34.1 | Jan 31, 2026 | In the Linux kernel, the following vulnerability has been resolved: dmaengine: bcm-sba-raid: fix device leak on probe Make sure to drop the reference taken when looking up the mailbox device during probe on probe failures and on driver unbind. | ||
| CVE-2025-71189 | — | < 6.4.0-150700.7.34.1 | 6.4.0-150700.7.34.1 | Jan 31, 2026 | In the Linux kernel, the following vulnerability has been resolved: dmaengine: dw: dmamux: fix OF node leak on route allocation failure Make sure to drop the reference taken to the DMA master OF node also on late route allocation failures. | ||
| CVE-2025-71188 | — | < 6.4.0-150700.7.34.1 | 6.4.0-150700.7.34.1 | Jan 31, 2026 | In the Linux kernel, the following vulnerability has been resolved: dmaengine: lpc18xx-dmamux: fix device leak on route allocation Make sure to drop the reference taken when looking up the DMA mux platform device during route allocation. Note that holding a reference to a devi | ||
| CVE-2025-71185 | — | < 6.4.0-150700.7.34.1 | 6.4.0-150700.7.34.1 | Jan 31, 2026 | In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: dma-crossbar: fix device leak on am335x route allocation Make sure to drop the reference taken when looking up the crossbar platform device during am335x route allocation. | ||
| CVE-2026-23023 | — | < 6.4.0-150700.7.34.1 | 6.4.0-150700.7.34.1 | Jan 31, 2026 | In the Linux kernel, the following vulnerability has been resolved: idpf: fix memory leak in idpf_vport_rel() Free vport->rx_ptype_lkup in idpf_vport_rel() to avoid leaking memory during a reset. Reported by kmemleak: unreferenced object 0xff450acac838a000 (size 4096): comm | ||
| CVE-2026-23021 | — | < 6.4.0-150700.7.34.1 | 6.4.0-150700.7.34.1 | Jan 31, 2026 | In the Linux kernel, the following vulnerability has been resolved: net: usb: pegasus: fix memory leak in update_eth_regs_async() When asynchronously writing to the device registers and if usb_submit_urb() fail, the code fail to release allocated to this point resources. | ||
| CVE-2026-23017 | — | < 6.4.0-150700.7.34.1 | 6.4.0-150700.7.34.1 | Jan 31, 2026 | In the Linux kernel, the following vulnerability has been resolved: idpf: fix error handling in the init_task on load If the init_task fails during a driver load, we end up without vports and netdevs, effectively failing the entire process. In that state a subsequent reset will | ||
| CVE-2025-71184 | — | < 6.4.0-150700.7.34.1 | 6.4.0-150700.7.34.1 | Jan 31, 2026 | In the Linux kernel, the following vulnerability has been resolved: btrfs: fix NULL dereference on root when tracing inode eviction When evicting an inode the first thing we do is to setup tracing for it, which implies fetching the root's id. But in btrfs_evict_inode() the root | ||
| CVE-2025-71182 | — | < 6.4.0-150700.7.34.1 | 6.4.0-150700.7.34.1 | Jan 31, 2026 | In the Linux kernel, the following vulnerability has been resolved: can: j1939: make j1939_session_activate() fail if device is no longer registered syzbot is still reporting unregister_netdevice: waiting for vcan0 to become free. Usage count = 2 even after commit 93a27b589 |
- CVE-2026-23063Feb 4, 2026affected < 6.4.0-150700.7.34.1fixed 6.4.0-150700.7.34.1
In the Linux kernel, the following vulnerability has been resolved: uacce: ensure safe queue release with state management Directly calling `put_queue` carries risks since it cannot guarantee that resources of `uacce_queue` have been fully released beforehand. So adding a `stop
- CVE-2026-23062Feb 4, 2026affected < 6.4.0-150700.7.34.1fixed 6.4.0-150700.7.34.1
In the Linux kernel, the following vulnerability has been resolved: platform/x86: hp-bioscfg: Fix kernel panic in GET_INSTANCE_ID macro The GET_INSTANCE_ID macro that caused a kernel panic when accessing sysfs attributes: 1. Off-by-one error: The loop condition used '<=' inste
- CVE-2026-23061Feb 4, 2026affected < 6.4.0-150700.7.34.1fixed 6.4.0-150700.7.34.1
In the Linux kernel, the following vulnerability has been resolved: can: kvaser_usb: kvaser_usb_read_bulk_callback(): fix URB memory leak Fix similar memory leak as in commit 7352e1d5932a ("can: gs_usb: gs_usb_receive_bulk_callback(): fix URB memory leak"). In kvaser_usb_set_{
- CVE-2026-23060Feb 4, 2026affected < 6.4.0-150700.7.34.1fixed 6.4.0-150700.7.34.1
In the Linux kernel, the following vulnerability has been resolved: crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN spec authencesn assumes an ESP/ESN-formatted AAD. When assoclen is shorter than the minimum expected length, crypto_authenc_esn_decrypt()
- CVE-2026-23038Jan 31, 2026affected < 6.4.0-150700.7.34.1fixed 6.4.0-150700.7.34.1
In the Linux kernel, the following vulnerability has been resolved: pnfs/flexfiles: Fix memory leak in nfs4_ff_alloc_deviceid_node() In nfs4_ff_alloc_deviceid_node(), if the allocation for ds_versions fails, the function jumps to the out_scratch label without freeing the alread
- CVE-2026-23037Jan 31, 2026affected < 6.4.0-150700.7.34.1fixed 6.4.0-150700.7.34.1
In the Linux kernel, the following vulnerability has been resolved: can: etas_es58x: allow partial RX URB allocation to succeed When es58x_alloc_rx_urbs() fails to allocate the requested number of URBs but succeeds in allocating some, it returns an error code. This causes es58x
- CVE-2026-23035Jan 31, 2026affected < 6.4.0-150700.7.34.1fixed 6.4.0-150700.7.34.1
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Pass netdev to mlx5e_destroy_netdev instead of priv mlx5e_priv is an unstable structure that can be memset(0) if profile attaching fails. Pass netdev to mlx5e_destroy_netdev() to guarantee it will w
- CVE-2026-23033Jan 31, 2026affected < 6.4.0-150700.7.34.1fixed 6.4.0-150700.7.34.1
In the Linux kernel, the following vulnerability has been resolved: dmaengine: omap-dma: fix dma_pool resource leak in error paths The dma_pool created by dma_pool_create() is not destroyed when dma_async_device_register() or of_dma_controller_register() fails, causing a resour
- CVE-2026-23030Jan 31, 2026affected < 6.4.0-150700.7.37.2fixed 6.4.0-150700.7.37.2
In the Linux kernel, the following vulnerability has been resolved: phy: rockchip: inno-usb2: Fix a double free bug in rockchip_usb2phy_probe() The for_each_available_child_of_node() calls of_node_put() to release child_np in each success loop. After breaking from the loop with
- CVE-2026-23026Jan 31, 2026affected < 6.4.0-150700.7.34.1fixed 6.4.0-150700.7.34.1
In the Linux kernel, the following vulnerability has been resolved: dmaengine: qcom: gpi: Fix memory leak in gpi_peripheral_config() Fix a memory leak in gpi_peripheral_config() where the original memory pointed to by gchan->config could be lost if krealloc() fails. The issue
- CVE-2025-71191Jan 31, 2026affected < 6.4.0-150700.7.34.1fixed 6.4.0-150700.7.34.1
In the Linux kernel, the following vulnerability has been resolved: dmaengine: at_hdmac: fix device leak on of_dma_xlate() Make sure to drop the reference taken when looking up the DMA platform device during of_dma_xlate() when releasing channel resources. Note that commit 383
- CVE-2025-71190Jan 31, 2026affected < 6.4.0-150700.7.34.1fixed 6.4.0-150700.7.34.1
In the Linux kernel, the following vulnerability has been resolved: dmaengine: bcm-sba-raid: fix device leak on probe Make sure to drop the reference taken when looking up the mailbox device during probe on probe failures and on driver unbind.
- CVE-2025-71189Jan 31, 2026affected < 6.4.0-150700.7.34.1fixed 6.4.0-150700.7.34.1
In the Linux kernel, the following vulnerability has been resolved: dmaengine: dw: dmamux: fix OF node leak on route allocation failure Make sure to drop the reference taken to the DMA master OF node also on late route allocation failures.
- CVE-2025-71188Jan 31, 2026affected < 6.4.0-150700.7.34.1fixed 6.4.0-150700.7.34.1
In the Linux kernel, the following vulnerability has been resolved: dmaengine: lpc18xx-dmamux: fix device leak on route allocation Make sure to drop the reference taken when looking up the DMA mux platform device during route allocation. Note that holding a reference to a devi
- CVE-2025-71185Jan 31, 2026affected < 6.4.0-150700.7.34.1fixed 6.4.0-150700.7.34.1
In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: dma-crossbar: fix device leak on am335x route allocation Make sure to drop the reference taken when looking up the crossbar platform device during am335x route allocation.
- CVE-2026-23023Jan 31, 2026affected < 6.4.0-150700.7.34.1fixed 6.4.0-150700.7.34.1
In the Linux kernel, the following vulnerability has been resolved: idpf: fix memory leak in idpf_vport_rel() Free vport->rx_ptype_lkup in idpf_vport_rel() to avoid leaking memory during a reset. Reported by kmemleak: unreferenced object 0xff450acac838a000 (size 4096): comm
- CVE-2026-23021Jan 31, 2026affected < 6.4.0-150700.7.34.1fixed 6.4.0-150700.7.34.1
In the Linux kernel, the following vulnerability has been resolved: net: usb: pegasus: fix memory leak in update_eth_regs_async() When asynchronously writing to the device registers and if usb_submit_urb() fail, the code fail to release allocated to this point resources.
- CVE-2026-23017Jan 31, 2026affected < 6.4.0-150700.7.34.1fixed 6.4.0-150700.7.34.1
In the Linux kernel, the following vulnerability has been resolved: idpf: fix error handling in the init_task on load If the init_task fails during a driver load, we end up without vports and netdevs, effectively failing the entire process. In that state a subsequent reset will
- CVE-2025-71184Jan 31, 2026affected < 6.4.0-150700.7.34.1fixed 6.4.0-150700.7.34.1
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix NULL dereference on root when tracing inode eviction When evicting an inode the first thing we do is to setup tracing for it, which implies fetching the root's id. But in btrfs_evict_inode() the root
- CVE-2025-71182Jan 31, 2026affected < 6.4.0-150700.7.34.1fixed 6.4.0-150700.7.34.1
In the Linux kernel, the following vulnerability has been resolved: can: j1939: make j1939_session_activate() fail if device is no longer registered syzbot is still reporting unregister_netdevice: waiting for vcan0 to become free. Usage count = 2 even after commit 93a27b589
Page 8 of 105