VYPR

rpm package

suse/kernel-source&distro=SUSE Linux Enterprise Server LTSS Extended Security 12 SP5

pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5

Vulnerabilities (1,794)

  • CVE-2025-38391Jul 25, 2025
    affected < 4.12.14-122.269.1fixed 4.12.14-122.269.1

    In the Linux kernel, the following vulnerability has been resolved: usb: typec: altmodes/displayport: do not index invalid pin_assignments A poorly implemented DisplayPort Alt Mode port partner can indicate that its pin assignment capabilities are greater than the maximum value

  • CVE-2025-38386Jul 25, 2025
    affected < 4.12.14-122.272.1fixed 4.12.14-122.272.1

    In the Linux kernel, the following vulnerability has been resolved: ACPICA: Refuse to evaluate a method if arguments are missing As reported in [1], a platform firmware update that increased the number of method parameters and forgot to update a least one of its callers, caused

  • CVE-2025-38375Jul 25, 2025
    affected < 4.12.14-122.269.1fixed 4.12.14-122.269.1

    In the Linux kernel, the following vulnerability has been resolved: virtio-net: ensure the received length does not exceed allocated size In xdp_linearize_page, when reading the following buffers from the ring, we forget to check the received length with the true allocate size.

  • CVE-2025-38352KEVJul 22, 2025
    affected < 4.12.14-122.272.1fixed 4.12.14-122.272.1

    In the Linux kernel, the following vulnerability has been resolved: posix-cpu-timers: fix race between handle_posix_cpu_timers() and posix_cpu_timer_del() If an exiting non-autoreaping task has already passed exit_notify() and calls handle_posix_cpu_timers() from IRQ, it can be

  • CVE-2025-38350HigJul 19, 2025
    affected < 4.12.14-122.269.1fixed 4.12.14-122.269.1

    In the Linux kernel, the following vulnerability has been resolved: net/sched: Always pass notifications when child class becomes empty Certain classful qdiscs may invoke their classes' dequeue handler on an enqueue operation. This may unexpectedly empty the child qdisc and thu

  • CVE-2025-38312MedJul 10, 2025
    affected < 4.12.14-122.269.1fixed 4.12.14-122.269.1

    In the Linux kernel, the following vulnerability has been resolved: fbdev: core: fbcvt: avoid division by 0 in fb_cvt_hperiod() In fb_find_mode_cvt(), iff mode->refresh somehow happens to be 0x80000000, cvt.f_refresh will become 0 when multiplying it by 2 due to overflow. It's

  • CVE-2025-38337Jul 10, 2025
    affected < 4.12.14-122.269.1fixed 4.12.14-122.269.1

    In the Linux kernel, the following vulnerability has been resolved: jbd2: fix data-race and null-ptr-deref in jbd2_journal_dirty_metadata() Since handle->h_transaction may be a NULL pointer, so we should change it to call is_handle_aborted(handle) first before dereferencing it.

  • CVE-2025-38336Jul 10, 2025
    affected < 4.12.14-122.290.1fixed 4.12.14-122.290.1

    In the Linux kernel, the following vulnerability has been resolved: ata: pata_via: Force PIO for ATAPI devices on VT6415/VT6330 The controller has a hardware bug that can hard hang the system when doing ATAPI DMAs without any trace of what happened. Depending on the device atta

  • CVE-2025-38323Jul 10, 2025
    affected < 4.12.14-122.269.1fixed 4.12.14-122.269.1

    In the Linux kernel, the following vulnerability has been resolved: net: atm: add lec_mutex syzbot found its way in net/atm/lec.c, and found an error path in lecd_attach() could leave a dangling pointer in dev_lec[]. Add a mutex to protect dev_lecp[] uses from lecd_attach(), l

  • CVE-2025-38319Jul 10, 2025
    affected < 4.12.14-122.269.1fixed 4.12.14-122.269.1

    In the Linux kernel, the following vulnerability has been resolved: drm/amd/pp: Fix potential NULL pointer dereference in atomctrl_initialize_mc_reg_table The function atomctrl_initialize_mc_reg_table() and atomctrl_initialize_mc_reg_table_v2_2() does not check the return value

  • CVE-2025-38313Jul 10, 2025
    affected < 4.12.14-122.272.1fixed 4.12.14-122.272.1

    In the Linux kernel, the following vulnerability has been resolved: bus: fsl-mc: fix double-free on mc_dev The blamed commit tried to simplify how the deallocations are done but, in the process, introduced a double-free on the mc_dev variable. In case the MC device is a DPRC,

  • CVE-2025-38264Jul 9, 2025
    affected < 4.12.14-122.269.1fixed 4.12.14-122.269.1

    In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: sanitize request list handling Validate the request in nvme_tcp_handle_r2t() to ensure it's not part of any list, otherwise a malicious R2T PDU might inject a loop in request list processing.

  • CVE-2025-38263Jul 9, 2025
    affected < 4.12.14-122.272.1fixed 4.12.14-122.272.1

    In the Linux kernel, the following vulnerability has been resolved: bcache: fix NULL pointer in cache_set_flush() 1. LINE#1794 - LINE#1887 is some codes about function of bch_cache_set_alloc(). 2. LINE#2078 - LINE#2142 is some codes about function of register_cache_set().

  • CVE-2025-38250Jul 9, 2025
    affected < 4.12.14-122.269.1fixed 4.12.14-122.269.1

    In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_core: Fix use-after-free in vhci_flush() syzbot reported use-after-free in vhci_flush() without repro. [0] From the splat, a thread close()d a vhci file descriptor while its device was being use

  • CVE-2025-38249Jul 9, 2025
    affected < 4.12.14-122.269.1fixed 4.12.14-122.269.1

    In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix out-of-bounds read in snd_usb_get_audioformat_uac3() In snd_usb_get_audioformat_uac3(), the length value returned from snd_usb_ctl_msg() is used directly for memory allocation without valid

  • CVE-2025-38245Jul 9, 2025
    affected < 4.12.14-122.272.1fixed 4.12.14-122.272.1

    In the Linux kernel, the following vulnerability has been resolved: atm: Release atm_dev_mutex after removing procfs in atm_dev_deregister(). syzbot reported a warning below during atm_dev_register(). [0] Before creating a new device and procfs/sysfs for it, atm_dev_register()

  • CVE-2025-38222MedJul 4, 2025
    affected < 4.12.14-122.269.1fixed 4.12.14-122.269.1

    In the Linux kernel, the following vulnerability has been resolved: ext4: inline: fix len overflow in ext4_prepare_inline_data When running the following code on an ext4 filesystem with inline_data feature enabled, it will lead to the bug below. fd = open("file1", O_RD

  • CVE-2025-38214MedJul 4, 2025
    affected < 4.12.14-122.272.1fixed 4.12.14-122.272.1

    In the Linux kernel, the following vulnerability has been resolved: fbdev: Fix fb_set_var to prevent null-ptr-deref in fb_videomode_to_var If fb_add_videomode() in fb_set_var() fails to allocate memory for fb_videomode, later it may lead to a null-ptr dereference in fb_videomod

  • CVE-2025-38212HigJul 4, 2025
    affected < 4.12.14-122.269.1fixed 4.12.14-122.269.1

    In the Linux kernel, the following vulnerability has been resolved: ipc: fix to protect IPCS lookups using RCU syzbot reported that it discovered a use-after-free vulnerability, [0] [0]: https://lore.kernel.org/all/67af13f8.050a0220.21dd3.0038.GAE@google.com/ idr_for_each() i

  • CVE-2025-38198HigJul 4, 2025
    affected < 4.12.14-122.269.1fixed 4.12.14-122.269.1

    In the Linux kernel, the following vulnerability has been resolved: fbcon: Make sure modelist not set on unregistered console It looks like attempting to write to the "store_modes" sysfs node will run afoul of unregistered consoles: UBSAN: array-index-out-of-bounds in drivers/

Page 35 of 90