suse/kernel-source&distro=SUSE Linux Enterprise Server for SAP Applications 15 SP4

Vulnerabilities (2,830)

• CVE-2025-40019Oct 24, 2025
  affected < 5.14.21-150400.24.194.1fixed 5.14.21-150400.24.194.1

  In the Linux kernel, the following vulnerability has been resolved: crypto: essiv - Check ssize for decryption and in-place encryption Move the ssize check to the start in essiv_aead_crypt so that it's also checked for decryption and in-place encryption.

• CVE-2025-40018Oct 24, 2025
  affected < 5.14.21-150400.24.184.1fixed 5.14.21-150400.24.184.1

  In the Linux kernel, the following vulnerability has been resolved: ipvs: Defer ip_vs_ftp unregister during netns cleanup On the netns cleanup path, __ip_vs_ftp_exit() may unregister ip_vs_ftp before connections with valid cp->app pointers are flushed, leading to a use-after-fr

• CVE-2023-53730Oct 22, 2025
  affected < 5.14.21-150400.24.184.1fixed 5.14.21-150400.24.184.1

  In the Linux kernel, the following vulnerability has been resolved: blk-iocost: use spin_lock_irqsave in adjust_inuse_and_calc_cost adjust_inuse_and_calc_cost() use spin_lock_irq() and IRQ will be enabled when unlock. DEADLOCK might happen if we have held other locks and disabl

• CVE-2023-53726Oct 22, 2025
  affected < 5.14.21-150400.24.184.1fixed 5.14.21-150400.24.184.1

  In the Linux kernel, the following vulnerability has been resolved: arm64: csum: Fix OoB access in IP checksum code for negative lengths Although commit c2c24edb1d9c ("arm64: csum: Fix pathological zero-length calls") added an early return for zero-length input, syzkaller has p

• CVE-2023-53725Oct 22, 2025
  affected < 5.14.21-150400.24.184.1fixed 5.14.21-150400.24.184.1

  In the Linux kernel, the following vulnerability has been resolved: clocksource/drivers/cadence-ttc: Fix memory leak in ttc_timer_probe Smatch reports: drivers/clocksource/timer-cadence-ttc.c:529 ttc_timer_probe() warn: 'timer_baseaddr' from of_iomap() not released on lines: 49

• CVE-2023-53724Oct 22, 2025
  affected < 5.14.21-150400.24.184.1fixed 5.14.21-150400.24.184.1

  In the Linux kernel, the following vulnerability has been resolved: mfd: pcf50633-adc: Fix potential memleak in pcf50633_adc_async_read() `req` is allocated in pcf50633_adc_async_read(), but adc_enqueue_request() could fail to insert the `req` into queue. We need to check the r

• CVE-2023-53723Oct 22, 2025
  affected < 5.14.21-150400.24.184.1fixed 5.14.21-150400.24.184.1

  In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: disable sdma ecc irq only when sdma RAS is enabled in suspend sdma_v4_0_ip is shared on a few asics, but in sdma_v4_0_hw_fini, driver unconditionally disables ecc_irq which is only enabled on those

• CVE-2023-53722Oct 22, 2025
  affected < 5.14.21-150400.24.184.1fixed 5.14.21-150400.24.184.1

  In the Linux kernel, the following vulnerability has been resolved: md: raid1: fix potential OOB in raid1_remove_disk() If rddev->raid_disk is greater than mddev->raid_disks, there will be an out-of-bounds in raid1_remove_disk(). We have already found similar reports as follows

• CVE-2023-53719Oct 22, 2025
  affected < 5.14.21-150400.24.184.1fixed 5.14.21-150400.24.184.1

  In the Linux kernel, the following vulnerability has been resolved: serial: arc_uart: fix of_iomap leak in `arc_serial_probe` Smatch reports: drivers/tty/serial/arc_uart.c:631 arc_serial_probe() warn: 'port->membase' from of_iomap() not released on lines: 631. In arc_serial_p

• CVE-2023-53718Oct 22, 2025
  affected < 5.14.21-150400.24.184.1fixed 5.14.21-150400.24.184.1

  In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Do not swap cpu_buffer during resize process When ring_buffer_swap_cpu was called during resize process, the cpu buffer was swapped in the middle, resulting in incorrect state. Continuing to run in

• CVE-2023-53717Oct 22, 2025
  affected < 5.14.21-150400.24.184.1fixed 5.14.21-150400.24.184.1

  In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: Fix potential stack-out-of-bounds write in ath9k_wmi_rsp_callback() Fix a stack-out-of-bounds write that occurs in a WMI response callback function that is called after a timeout occurs in ath9k_wm

• CVE-2023-53715Oct 22, 2025
  affected < 5.14.21-150400.24.184.1fixed 5.14.21-150400.24.184.1

  In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: cfg80211: Pass the PMK in binary instead of hex Apparently the hex passphrase mechanism does not work on newer chips/firmware (e.g. BCM4387). It seems there was a simple way of passing it in bin

• CVE-2023-53711Oct 22, 2025
  affected < 5.14.21-150400.24.184.1fixed 5.14.21-150400.24.184.1

  In the Linux kernel, the following vulnerability has been resolved: NFS: Fix a potential data corruption We must ensure that the subrequests are joined back into the head before we can retransmit a request. If the head was not on the commit lists, because the server wrote it sy

• CVE-2023-53709Oct 22, 2025
  affected < 5.14.21-150400.24.184.1fixed 5.14.21-150400.24.184.1

  In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Handle race between rb_move_tail and rb_check_pages It seems a data race between ring_buffer writing and integrity check. That is, RB_FLAG of head_page is been updating, while at same time RB_FLAG

• CVE-2023-53708Oct 22, 2025
  affected < 5.14.21-150400.24.184.1fixed 5.14.21-150400.24.184.1

  In the Linux kernel, the following vulnerability has been resolved: ACPI: x86: s2idle: Catch multiple ACPI_TYPE_PACKAGE objects If a badly constructed firmware includes multiple `ACPI_TYPE_PACKAGE` objects while evaluating the AMD LPS0 _DSM, there will be a memory leak. Explic

• CVE-2023-53705Oct 22, 2025
  affected < 5.14.21-150400.24.184.1fixed 5.14.21-150400.24.184.1

  In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix out-of-bounds access in ipv6_find_tlv() optlen is fetched without checking whether there is more than one byte to parse. It can lead to out-of-bounds access. Found by InfoTeCS on behalf of Linux Veri

• CVE-2023-53704Oct 22, 2025
  affected < 5.14.21-150400.24.184.1fixed 5.14.21-150400.24.184.1

  In the Linux kernel, the following vulnerability has been resolved: clk: imx: clk-imx8mp: improve error handling in imx8mp_clocks_probe() Replace of_iomap() and kzalloc() with devm_of_iomap() and devm_kzalloc() which can automatically release the related memory when the device

• CVE-2023-53700Oct 22, 2025
  affected < 5.14.21-150400.24.184.1fixed 5.14.21-150400.24.184.1

  In the Linux kernel, the following vulnerability has been resolved: media: max9286: Fix memleak in max9286_v4l2_register() There is a kmemleak when testing the media/i2c/max9286.c with bpf mock device: kmemleak: 5 new suspected memory leaks (see /sys/kernel/debug/kmemleak) un

• CVE-2023-53696Oct 22, 2025
  affected < 5.14.21-150400.24.184.1fixed 5.14.21-150400.24.184.1

  In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix memory leak in qla2x00_probe_one() There is a memory leak reported by kmemleak: unreferenced object 0xffffc900003f0000 (size 12288): comm "modprobe", pid 19117, jiffies 4299751452 (age

• CVE-2023-53695Oct 22, 2025
  affected < 5.14.21-150400.24.184.1fixed 5.14.21-150400.24.184.1

  In the Linux kernel, the following vulnerability has been resolved: udf: Detect system inodes linked into directory hierarchy When UDF filesystem is corrupted, hidden system inodes can be linked into directory hierarchy which is an avenue for further serious corruption of the f