rpm package
suse/kernel-source&distro=SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE
pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4%20LTSS%20EXTREME%20CORE
Vulnerabilities (253)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-38713 | Hig | 7.1 | < 3.0.101-108.192.1 | 3.0.101-108.192.1 | Sep 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() The hfsplus_readdir() method is capable to crash by calling hfsplus_uni2asc(): [ 667.121659][ T9805] ================================================= | |
| CVE-2025-38685 | Hig | 7.8 | < 3.0.101-108.192.1 | 3.0.101-108.192.1 | Sep 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: fbdev: Fix vmalloc out-of-bounds write in fast_imageblit This issue triggers when a userspace program does an ioctl FBIOPUT_CON2FBMAP by passing console number and frame buffer number. Ideally this maps console | |
| CVE-2025-38617 | — | < 3.0.101-108.192.1 | 3.0.101-108.192.1 | Aug 22, 2025 | In the Linux kernel, the following vulnerability has been resolved: net/packet: fix a race in packet_set_ring() and packet_notifier() When packet_set_ring() releases po->bind_lock, another thread can run packet_notifier() and process an NETDEV_UP event. This race and the fix a | ||
| CVE-2025-38498 | Med | 5.5 | < 3.0.101-108.192.1 | 3.0.101-108.192.1 | Jul 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: do_change_type(): refuse to operate on unmounted/not ours mounts Ensure that propagation settings can only be changed for mounts located in the caller's mount namespace. This change aligns permission checking w | |
| CVE-2025-38352 | — | KEV | < 3.0.101-108.192.1 | 3.0.101-108.192.1 | Jul 22, 2025 | In the Linux kernel, the following vulnerability has been resolved: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() If an exiting non-autoreaping task has already passed exit_notify() and calls handle_posix_cpu_timers() from IRQ, it can be | |
| CVE-2025-38200 | — | < 3.0.101-108.189.1 | 3.0.101-108.189.1 | Jul 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: i40e: fix MMIO write access to an invalid page in i40e_clear_hw When the device sends a specific input, an integer underflow can occur, leading to MMIO write access to an invalid page. Prevent the integer unde | ||
| CVE-2025-38177 | — | < 3.0.101-108.201.1 | 3.0.101-108.201.1 | Jul 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: sch_hfsc: make hfsc_qlen_notify() idempotent hfsc_qlen_notify() is not idempotent either and not friendly to its callers, like fq_codel_dequeue(). Let's make it idempotent to ease qdisc_tree_reduce_backlog() ca | ||
| CVE-2022-50211 | — | < 3.0.101-108.189.1 | 3.0.101-108.189.1 | Jun 18, 2025 | In the Linux kernel, the following vulnerability has been resolved: md-raid10: fix KASAN warning There's a KASAN warning in raid10_remove_disk when running the lvm test lvconvert-raid-reshape.sh. We fix this warning by verifying that the value "number" is valid. BUG: KASAN: sl | ||
| CVE-2022-50200 | — | < 3.0.101-108.186.1 | 3.0.101-108.186.1 | Jun 18, 2025 | In the Linux kernel, the following vulnerability has been resolved: selinux: Add boundary check in put_entry() Just like next_entry(), boundary check is necessary to prevent memory out-of-bound access. | ||
| CVE-2022-50116 | — | < 3.0.101-108.192.1 | 3.0.101-108.192.1 | Jun 18, 2025 | In the Linux kernel, the following vulnerability has been resolved: tty: n_gsm: fix deadlock and link starvation in outgoing data path The current implementation queues up new control and user packets as needed and processes this queue down to the ldisc in the same code path. T | ||
| CVE-2022-50067 | — | < 3.0.101-108.186.1 | 3.0.101-108.186.1 | Jun 18, 2025 | In the Linux kernel, the following vulnerability has been resolved: btrfs: unset reloc control if transaction commit fails in prepare_to_relocate() In btrfs_relocate_block_group(), the rc is allocated. Then btrfs_relocate_block_group() calls relocate_block_group() prepare_t | ||
| CVE-2022-49937 | — | < 3.0.101-108.186.1 | 3.0.101-108.186.1 | Jun 18, 2025 | In the Linux kernel, the following vulnerability has been resolved: media: mceusb: Use new usb_control_msg_*() routines Automatic kernel fuzzing led to a WARN about invalid pipe direction in the mceusb driver: ------------[ cut here ]------------ usb 6-1: BOGUS control dir, pi | ||
| CVE-2025-38079 | Hig | 7.8 | < 3.0.101-108.189.1 | 3.0.101-108.189.1 | Jun 18, 2025 | In the Linux kernel, the following vulnerability has been resolved: crypto: algif_hash - fix double free in hash_accept If accept(2) is called on socket type algif_hash with MSG_MORE flag set and crypto_ahash_import fails, sk2 is freed. However, it is also freed in af_alg_relea | |
| CVE-2023-53117 | — | < 3.0.101-108.189.1 | 3.0.101-108.189.1 | May 2, 2025 | In the Linux kernel, the following vulnerability has been resolved: fs: prevent out-of-bounds array speculation when closing a file descriptor Google-Bug-Id: 114199369 | ||
| CVE-2025-22004 | — | < 3.0.101-108.183.1 | 3.0.101-108.183.1 | Apr 3, 2025 | In the Linux kernel, the following vulnerability has been resolved: net: atm: fix use after free in lec_send() The ->send() operation frees skb so save the length before calling ->send() to avoid a use after free. | ||
| CVE-2025-21971 | — | < 3.0.101-108.189.1 | 3.0.101-108.189.1 | Apr 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: net_sched: Prevent creation of classes with TC_H_ROOT The function qdisc_tree_reduce_backlog() uses TC_H_ROOT as a termination condition when traversing up the qdisc tree to update parent backlog counters. Howe | ||
| CVE-2023-53032 | — | < 3.0.101-108.186.1 | 3.0.101-108.186.1 | Mar 27, 2025 | In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: Fix overflow before widen in the bitmap_ip_create() function. When first_ip is 0, last_ip is 0xFFFFFFFF, and netmask is 31, the value of an arithmetic expression 2 << (netmask - mask_bits - 1) | ||
| CVE-2023-53000 | — | < 3.0.101-108.183.1 | 3.0.101-108.183.1 | Mar 27, 2025 | In the Linux kernel, the following vulnerability has been resolved: netlink: prevent potential spectre v1 gadgets Most netlink attributes are parsed and validated from __nla_validate_parse() or validate_nla() u16 type = nla_type(nla); if (type == 0 || type > maxtype) | ||
| CVE-2023-52974 | — | < 3.0.101-108.183.1 | 3.0.101-108.183.1 | Mar 27, 2025 | In the Linux kernel, the following vulnerability has been resolved: scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress If during iscsi_sw_tcp_session_create() iscsi_tcp_r2tpool_alloc() fails, userspace could be accessing the host's ipaddress attr. If we th | ||
| CVE-2023-52973 | — | < 3.0.101-108.183.1 | 3.0.101-108.183.1 | Mar 27, 2025 | In the Linux kernel, the following vulnerability has been resolved: vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF After a call to console_unlock() in vcs_read() the vc_data struct can be freed by vc_deallocate(). Because of that, the struct vc_data p |
- affected < 3.0.101-108.192.1fixed 3.0.101-108.192.1
In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() The hfsplus_readdir() method is capable to crash by calling hfsplus_uni2asc(): [ 667.121659][ T9805] =================================================
- affected < 3.0.101-108.192.1fixed 3.0.101-108.192.1
In the Linux kernel, the following vulnerability has been resolved: fbdev: Fix vmalloc out-of-bounds write in fast_imageblit This issue triggers when a userspace program does an ioctl FBIOPUT_CON2FBMAP by passing console number and frame buffer number. Ideally this maps console
- CVE-2025-38617Aug 22, 2025affected < 3.0.101-108.192.1fixed 3.0.101-108.192.1
In the Linux kernel, the following vulnerability has been resolved: net/packet: fix a race in packet_set_ring() and packet_notifier() When packet_set_ring() releases po->bind_lock, another thread can run packet_notifier() and process an NETDEV_UP event. This race and the fix a
- affected < 3.0.101-108.192.1fixed 3.0.101-108.192.1
In the Linux kernel, the following vulnerability has been resolved: do_change_type(): refuse to operate on unmounted/not ours mounts Ensure that propagation settings can only be changed for mounts located in the caller's mount namespace. This change aligns permission checking w
- affected < 3.0.101-108.192.1fixed 3.0.101-108.192.1
In the Linux kernel, the following vulnerability has been resolved: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() If an exiting non-autoreaping task has already passed exit_notify() and calls handle_posix_cpu_timers() from IRQ, it can be
- CVE-2025-38200Jul 4, 2025affected < 3.0.101-108.189.1fixed 3.0.101-108.189.1
In the Linux kernel, the following vulnerability has been resolved: i40e: fix MMIO write access to an invalid page in i40e_clear_hw When the device sends a specific input, an integer underflow can occur, leading to MMIO write access to an invalid page. Prevent the integer unde
- CVE-2025-38177Jul 4, 2025affected < 3.0.101-108.201.1fixed 3.0.101-108.201.1
In the Linux kernel, the following vulnerability has been resolved: sch_hfsc: make hfsc_qlen_notify() idempotent hfsc_qlen_notify() is not idempotent either and not friendly to its callers, like fq_codel_dequeue(). Let's make it idempotent to ease qdisc_tree_reduce_backlog() ca
- CVE-2022-50211Jun 18, 2025affected < 3.0.101-108.189.1fixed 3.0.101-108.189.1
In the Linux kernel, the following vulnerability has been resolved: md-raid10: fix KASAN warning There's a KASAN warning in raid10_remove_disk when running the lvm test lvconvert-raid-reshape.sh. We fix this warning by verifying that the value "number" is valid. BUG: KASAN: sl
- CVE-2022-50200Jun 18, 2025affected < 3.0.101-108.186.1fixed 3.0.101-108.186.1
In the Linux kernel, the following vulnerability has been resolved: selinux: Add boundary check in put_entry() Just like next_entry(), boundary check is necessary to prevent memory out-of-bound access.
- CVE-2022-50116Jun 18, 2025affected < 3.0.101-108.192.1fixed 3.0.101-108.192.1
In the Linux kernel, the following vulnerability has been resolved: tty: n_gsm: fix deadlock and link starvation in outgoing data path The current implementation queues up new control and user packets as needed and processes this queue down to the ldisc in the same code path. T
- CVE-2022-50067Jun 18, 2025affected < 3.0.101-108.186.1fixed 3.0.101-108.186.1
In the Linux kernel, the following vulnerability has been resolved: btrfs: unset reloc control if transaction commit fails in prepare_to_relocate() In btrfs_relocate_block_group(), the rc is allocated. Then btrfs_relocate_block_group() calls relocate_block_group() prepare_t
- CVE-2022-49937Jun 18, 2025affected < 3.0.101-108.186.1fixed 3.0.101-108.186.1
In the Linux kernel, the following vulnerability has been resolved: media: mceusb: Use new usb_control_msg_*() routines Automatic kernel fuzzing led to a WARN about invalid pipe direction in the mceusb driver: ------------[ cut here ]------------ usb 6-1: BOGUS control dir, pi
- affected < 3.0.101-108.189.1fixed 3.0.101-108.189.1
In the Linux kernel, the following vulnerability has been resolved: crypto: algif_hash - fix double free in hash_accept If accept(2) is called on socket type algif_hash with MSG_MORE flag set and crypto_ahash_import fails, sk2 is freed. However, it is also freed in af_alg_relea
- CVE-2023-53117May 2, 2025affected < 3.0.101-108.189.1fixed 3.0.101-108.189.1
In the Linux kernel, the following vulnerability has been resolved: fs: prevent out-of-bounds array speculation when closing a file descriptor Google-Bug-Id: 114199369
- CVE-2025-22004Apr 3, 2025affected < 3.0.101-108.183.1fixed 3.0.101-108.183.1
In the Linux kernel, the following vulnerability has been resolved: net: atm: fix use after free in lec_send() The ->send() operation frees skb so save the length before calling ->send() to avoid a use after free.
- CVE-2025-21971Apr 1, 2025affected < 3.0.101-108.189.1fixed 3.0.101-108.189.1
In the Linux kernel, the following vulnerability has been resolved: net_sched: Prevent creation of classes with TC_H_ROOT The function qdisc_tree_reduce_backlog() uses TC_H_ROOT as a termination condition when traversing up the qdisc tree to update parent backlog counters. Howe
- CVE-2023-53032Mar 27, 2025affected < 3.0.101-108.186.1fixed 3.0.101-108.186.1
In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: Fix overflow before widen in the bitmap_ip_create() function. When first_ip is 0, last_ip is 0xFFFFFFFF, and netmask is 31, the value of an arithmetic expression 2 << (netmask - mask_bits - 1)
- CVE-2023-53000Mar 27, 2025affected < 3.0.101-108.183.1fixed 3.0.101-108.183.1
In the Linux kernel, the following vulnerability has been resolved: netlink: prevent potential spectre v1 gadgets Most netlink attributes are parsed and validated from __nla_validate_parse() or validate_nla() u16 type = nla_type(nla); if (type == 0 || type > maxtype)
- CVE-2023-52974Mar 27, 2025affected < 3.0.101-108.183.1fixed 3.0.101-108.183.1
In the Linux kernel, the following vulnerability has been resolved: scsi: iscsi_tcp: Fix UAF during login when accessing the shost ipaddress If during iscsi_sw_tcp_session_create() iscsi_tcp_r2tpool_alloc() fails, userspace could be accessing the host's ipaddress attr. If we th
- CVE-2023-52973Mar 27, 2025affected < 3.0.101-108.183.1fixed 3.0.101-108.183.1
In the Linux kernel, the following vulnerability has been resolved: vc_screen: move load of struct vc_data pointer in vcs_read() to avoid UAF After a call to console_unlock() in vcs_read() the vc_data struct can be freed by vc_deallocate(). Because of that, the struct vc_data p
Page 2 of 13