rpm package
suse/kernel-source&distro=SUSE Linux Enterprise Module for Basesystem 15 SP7
pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7
Vulnerabilities (2,365)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-37812 | Med | 5.5 | < 6.4.0-150700.53.6.1 | 6.4.0-150700.53.6.1 | May 8, 2025 | In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: Fix deadlock when using NCM gadget The cdns3 driver has the same NCM deadlock as fixed in cdnsp by commit 58f2fcb3a845 ("usb: cdnsp: Fix deadlock issue during using NCM gadget"). Under PREEMPT_RT t | |
| CVE-2025-37811 | Med | 5.5 | < 6.4.0-150700.53.6.1 | 6.4.0-150700.53.6.1 | May 8, 2025 | In the Linux kernel, the following vulnerability has been resolved: usb: chipidea: ci_hdrc_imx: fix usbmisc handling usbmisc is an optional device property so it is totally valid for the corresponding data->usbmisc_data to have a NULL value. Check that before dereferencing the | |
| CVE-2025-37810 | Hig | 7.8 | < 6.4.0-150700.53.6.1 | 6.4.0-150700.53.6.1 | May 8, 2025 | In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: gadget: check that event count does not exceed event buffer length The event count is read from register DWC3_GEVNTCOUNT. There is a check for the count being zero, but not for exceeding the event bu | |
| CVE-2025-37809 | Med | 5.5 | < 6.4.0-150700.53.3.1 | 6.4.0-150700.53.3.1 | May 8, 2025 | In the Linux kernel, the following vulnerability has been resolved: usb: typec: class: Fix NULL pointer access Concurrent calls to typec_partner_unlink_device can lead to a NULL pointer dereference. This patch adds a mutex to protect USB device pointers and prevent this issue. | |
| CVE-2025-37805 | Med | 5.5 | < 6.4.0-150700.53.6.1 | 6.4.0-150700.53.6.1 | May 8, 2025 | In the Linux kernel, the following vulnerability has been resolved: sound/virtio: Fix cancel_sync warnings on uninitialized work_structs Betty reported hitting the following warning: [ 8.709131][ T221] WARNING: CPU: 2 PID: 221 at kernel/workqueue.c:4182 ... [ 8.713282][ | |
| CVE-2025-37803 | Hig | 7.8 | < 6.4.0-150700.53.3.1 | 6.4.0-150700.53.3.1 | May 8, 2025 | In the Linux kernel, the following vulnerability has been resolved: udmabuf: fix a buf size overflow issue during udmabuf creation by casting size_limit_mb to u64 when calculate pglimit. | |
| CVE-2025-37801 | Med | 5.5 | < 6.4.0-150700.53.6.1 | 6.4.0-150700.53.6.1 | May 8, 2025 | In the Linux kernel, the following vulnerability has been resolved: spi: spi-imx: Add check for spi_imx_setupxfer() Add check for the return value of spi_imx_setupxfer(). spi_imx->rx and spi_imx->tx function pointer can be NULL when spi_imx_setupxfer() return error, and make NU | |
| CVE-2025-37800 | Med | 5.5 | < 6.4.0-150700.53.6.1 | 6.4.0-150700.53.6.1 | May 8, 2025 | In the Linux kernel, the following vulnerability has been resolved: driver core: fix potential NULL pointer dereference in dev_uevent() If userspace reads "uevent" device attribute at the same time as another threads unbinds the device from its driver, change to dev->driver fro | |
| CVE-2024-58237 | Med | 5.5 | < 6.4.0-150700.53.6.1 | 6.4.0-150700.53.6.1 | May 5, 2025 | In the Linux kernel, the following vulnerability has been resolved: bpf: consider that tail calls invalidate packet pointers Tail-called programs could execute any of the helpers that invalidate packet pointers. Hence, conservatively assume that each tail call invalidates packe | |
| CVE-2024-58100 | Med | 5.5 | < 6.4.0-150700.53.6.1 | 6.4.0-150700.53.6.1 | May 5, 2025 | In the Linux kernel, the following vulnerability has been resolved: bpf: check changes_pkt_data property for extension programs When processing calls to global sub-programs, verifier decides whether to invalidate all packet pointers in current state depending on the changes_pkt | |
| CVE-2024-58098 | Med | 5.5 | < 6.4.0-150700.53.6.1 | 6.4.0-150700.53.6.1 | May 5, 2025 | In the Linux kernel, the following vulnerability has been resolved: bpf: track changes_pkt_data property for global functions When processing calls to certain helpers, verifier invalidates all packet pointers in a current state. For example, consider the following program: | |
| CVE-2025-37799 | Med | 5.5 | < 6.4.0-150700.53.3.1 | 6.4.0-150700.53.3.1 | May 3, 2025 | In the Linux kernel, the following vulnerability has been resolved: vmxnet3: Fix malformed packet sizing in vmxnet3_process_xdp vmxnet3 driver's XDP handling is buggy for packet sizes using ring0 (that is, packet sizes between 128 - 3k bytes). We noticed MTU-related connectivi | |
| CVE-2025-37798 | Hig | 7.8 | < 6.4.0-150700.53.3.1 | 6.4.0-150700.53.3.1 | May 2, 2025 | In the Linux kernel, the following vulnerability has been resolved: codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog() After making all ->qlen_notify() callbacks idempotent, now it is safe to remove the check of qlen!=0 from both fq_codel_dequeue() and codel_qdi | |
| CVE-2025-37797 | Hig | 7.8 | < 6.4.0-150700.53.3.1 | 6.4.0-150700.53.3.1 | May 2, 2025 | In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Fix a UAF vulnerability in class handling This patch fixes a Use-After-Free vulnerability in the HFSC qdisc class handling. The issue occurs due to a time-of-check/time-of-use condition in hfsc | |
| CVE-2025-37796 | Hig | 7.8 | < 6.4.0-150700.53.6.1 | 6.4.0-150700.53.6.1 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: wifi: at76c50x: fix use after free access in at76_disconnect The memory pointed to by priv is freed at the end of at76_delete_device function (using ieee80211_free_hw). But the code then accesses the udev field | |
| CVE-2025-37794 | Med | 5.5 | < 6.4.0-150700.53.6.1 | 6.4.0-150700.53.6.1 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: Purge vif txq in ieee80211_do_stop() After ieee80211_do_stop() SKB from vif's txq could still be processed. Indeed another concurrent vif schedule_and_wake_txq call could cause those packets to | |
| CVE-2025-37793 | Med | 5.5 | < 6.4.0-150700.53.6.1 | 6.4.0-150700.53.6.1 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: avs: Fix null-ptr-deref in avs_component_probe() devm_kasprintf() returns NULL when memory allocation fails. Currently, avs_component_probe() does not check for this case, which results in a NULL p | |
| CVE-2025-37792 | Med | 5.5 | < 6.4.0-150700.53.6.1 | 6.4.0-150700.53.6.1 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btrtl: Prevent potential NULL dereference The btrtl_initialize() function checks that rtl_load_file() either had an error or it loaded a zero length file. However, if it loaded a zero length file th | |
| CVE-2025-37791 | Med | 5.5 | < 6.4.0-150700.53.6.1 | 6.4.0-150700.53.6.1 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: ethtool: cmis_cdb: use correct rpl size in ethtool_cmis_module_poll() rpl is passed as a pointer to ethtool_cmis_module_poll(), so the correct size of rpl is sizeof(*rpl) which should be just 1 byte. Using the | |
| CVE-2025-37790 | Med | 5.5 | < 6.4.0-150700.53.3.1 | 6.4.0-150700.53.3.1 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: net: mctp: Set SOCK_RCU_FREE Bind lookup runs under RCU, so ensure that a socket doesn't go away in the middle of a lookup. |
- affected < 6.4.0-150700.53.6.1fixed 6.4.0-150700.53.6.1
In the Linux kernel, the following vulnerability has been resolved: usb: cdns3: Fix deadlock when using NCM gadget The cdns3 driver has the same NCM deadlock as fixed in cdnsp by commit 58f2fcb3a845 ("usb: cdnsp: Fix deadlock issue during using NCM gadget"). Under PREEMPT_RT t
- affected < 6.4.0-150700.53.6.1fixed 6.4.0-150700.53.6.1
In the Linux kernel, the following vulnerability has been resolved: usb: chipidea: ci_hdrc_imx: fix usbmisc handling usbmisc is an optional device property so it is totally valid for the corresponding data->usbmisc_data to have a NULL value. Check that before dereferencing the
- affected < 6.4.0-150700.53.6.1fixed 6.4.0-150700.53.6.1
In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: gadget: check that event count does not exceed event buffer length The event count is read from register DWC3_GEVNTCOUNT. There is a check for the count being zero, but not for exceeding the event bu
- affected < 6.4.0-150700.53.3.1fixed 6.4.0-150700.53.3.1
In the Linux kernel, the following vulnerability has been resolved: usb: typec: class: Fix NULL pointer access Concurrent calls to typec_partner_unlink_device can lead to a NULL pointer dereference. This patch adds a mutex to protect USB device pointers and prevent this issue.
- affected < 6.4.0-150700.53.6.1fixed 6.4.0-150700.53.6.1
In the Linux kernel, the following vulnerability has been resolved: sound/virtio: Fix cancel_sync warnings on uninitialized work_structs Betty reported hitting the following warning: [ 8.709131][ T221] WARNING: CPU: 2 PID: 221 at kernel/workqueue.c:4182 ... [ 8.713282][
- affected < 6.4.0-150700.53.3.1fixed 6.4.0-150700.53.3.1
In the Linux kernel, the following vulnerability has been resolved: udmabuf: fix a buf size overflow issue during udmabuf creation by casting size_limit_mb to u64 when calculate pglimit.
- affected < 6.4.0-150700.53.6.1fixed 6.4.0-150700.53.6.1
In the Linux kernel, the following vulnerability has been resolved: spi: spi-imx: Add check for spi_imx_setupxfer() Add check for the return value of spi_imx_setupxfer(). spi_imx->rx and spi_imx->tx function pointer can be NULL when spi_imx_setupxfer() return error, and make NU
- affected < 6.4.0-150700.53.6.1fixed 6.4.0-150700.53.6.1
In the Linux kernel, the following vulnerability has been resolved: driver core: fix potential NULL pointer dereference in dev_uevent() If userspace reads "uevent" device attribute at the same time as another threads unbinds the device from its driver, change to dev->driver fro
- affected < 6.4.0-150700.53.6.1fixed 6.4.0-150700.53.6.1
In the Linux kernel, the following vulnerability has been resolved: bpf: consider that tail calls invalidate packet pointers Tail-called programs could execute any of the helpers that invalidate packet pointers. Hence, conservatively assume that each tail call invalidates packe
- affected < 6.4.0-150700.53.6.1fixed 6.4.0-150700.53.6.1
In the Linux kernel, the following vulnerability has been resolved: bpf: check changes_pkt_data property for extension programs When processing calls to global sub-programs, verifier decides whether to invalidate all packet pointers in current state depending on the changes_pkt
- affected < 6.4.0-150700.53.6.1fixed 6.4.0-150700.53.6.1
In the Linux kernel, the following vulnerability has been resolved: bpf: track changes_pkt_data property for global functions When processing calls to certain helpers, verifier invalidates all packet pointers in a current state. For example, consider the following program:
- affected < 6.4.0-150700.53.3.1fixed 6.4.0-150700.53.3.1
In the Linux kernel, the following vulnerability has been resolved: vmxnet3: Fix malformed packet sizing in vmxnet3_process_xdp vmxnet3 driver's XDP handling is buggy for packet sizes using ring0 (that is, packet sizes between 128 - 3k bytes). We noticed MTU-related connectivi
- affected < 6.4.0-150700.53.3.1fixed 6.4.0-150700.53.3.1
In the Linux kernel, the following vulnerability has been resolved: codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog() After making all ->qlen_notify() callbacks idempotent, now it is safe to remove the check of qlen!=0 from both fq_codel_dequeue() and codel_qdi
- affected < 6.4.0-150700.53.3.1fixed 6.4.0-150700.53.3.1
In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Fix a UAF vulnerability in class handling This patch fixes a Use-After-Free vulnerability in the HFSC qdisc class handling. The issue occurs due to a time-of-check/time-of-use condition in hfsc
- affected < 6.4.0-150700.53.6.1fixed 6.4.0-150700.53.6.1
In the Linux kernel, the following vulnerability has been resolved: wifi: at76c50x: fix use after free access in at76_disconnect The memory pointed to by priv is freed at the end of at76_delete_device function (using ieee80211_free_hw). But the code then accesses the udev field
- affected < 6.4.0-150700.53.6.1fixed 6.4.0-150700.53.6.1
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: Purge vif txq in ieee80211_do_stop() After ieee80211_do_stop() SKB from vif's txq could still be processed. Indeed another concurrent vif schedule_and_wake_txq call could cause those packets to
- affected < 6.4.0-150700.53.6.1fixed 6.4.0-150700.53.6.1
In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: avs: Fix null-ptr-deref in avs_component_probe() devm_kasprintf() returns NULL when memory allocation fails. Currently, avs_component_probe() does not check for this case, which results in a NULL p
- affected < 6.4.0-150700.53.6.1fixed 6.4.0-150700.53.6.1
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btrtl: Prevent potential NULL dereference The btrtl_initialize() function checks that rtl_load_file() either had an error or it loaded a zero length file. However, if it loaded a zero length file th
- affected < 6.4.0-150700.53.6.1fixed 6.4.0-150700.53.6.1
In the Linux kernel, the following vulnerability has been resolved: ethtool: cmis_cdb: use correct rpl size in ethtool_cmis_module_poll() rpl is passed as a pointer to ethtool_cmis_module_poll(), so the correct size of rpl is sizeof(*rpl) which should be just 1 byte. Using the
- affected < 6.4.0-150700.53.3.1fixed 6.4.0-150700.53.3.1
In the Linux kernel, the following vulnerability has been resolved: net: mctp: Set SOCK_RCU_FREE Bind lookup runs under RCU, so ensure that a socket doesn't go away in the middle of a lookup.
Page 97 of 119