suse/kernel-source&distro=SUSE Linux Enterprise Server for SAP Applications 15 SP4

Vulnerabilities (2,843)

• CVE-2023-52935Mar 27, 2025
  affected < 5.14.21-150400.24.161.1fixed 5.14.21-150400.24.161.1

  In the Linux kernel, the following vulnerability has been resolved: mm/khugepaged: fix ->anon_vma race If an ->anon_vma is attached to the VMA, collapse_and_free_pmd() requires it to be locked. Page table traversal is allowed under any one of the mmap lock, the anon_vma lock (

• CVE-2023-52933Mar 27, 2025
  affected < 5.14.21-150400.24.161.1fixed 5.14.21-150400.24.161.1

  In the Linux kernel, the following vulnerability has been resolved: Squashfs: fix handling and sanity checking of xattr_ids count A Sysbot [1] corrupted filesystem exposes two flaws in the handling and sanity checking of the xattr_ids count in the filesystem. Both of these fla

• CVE-2023-52930Mar 27, 2025
  affected < 5.14.21-150400.24.161.1fixed 5.14.21-150400.24.161.1

  In the Linux kernel, the following vulnerability has been resolved: drm/i915: Fix potential bit_17 double-free A userspace with multiple threads racing I915_GEM_SET_TILING to set the tiling to I915_TILING_NONE could trigger a double free of the bit_17 bitmask. (Or conversely l

• CVE-2021-4454Mar 27, 2025
  affected < 5.14.21-150400.24.161.1fixed 5.14.21-150400.24.161.1

  In the Linux kernel, the following vulnerability has been resolved: can: j1939: fix errant WARN_ON_ONCE in j1939_session_deactivate The conclusion "j1939_session_deactivate() should be called with a session ref-count of at least 2" is incorrect. In some concurrent scenarios, j1

• CVE-2025-21888Mar 27, 2025
  affected < 5.14.21-150400.24.167.1fixed 5.14.21-150400.24.167.1

  In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix a WARN during dereg_mr for DM type Memory regions (MR) of type DM (device memory) do not have an associated umem. In the __mlx5_ib_dereg_mr() -> mlx5_free_priv_descs() flow, the code incorrectly

• CVE-2025-21886Mar 27, 2025
  affected < 5.14.21-150400.24.164.1fixed 5.14.21-150400.24.164.1

  In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix implicit ODP hang on parent deregistration Fix the destroy_unused_implicit_child_mr() to prevent hanging during parent deregistration as of below [1]. Upon entering destroy_unused_implicit_child

• CVE-2025-21881Mar 27, 2025
  affected < 5.14.21-150400.24.173.1fixed 5.14.21-150400.24.173.1

  In the Linux kernel, the following vulnerability has been resolved: uprobes: Reject the shared zeropage in uprobe_write_opcode() We triggered the following crash in syzkaller tests: BUG: Bad page state in process syz.7.38 pfn:1eff3 page: refcount:0 mapcount:0 mapping:0000

• CVE-2023-52927HigMar 14, 2025
  affected < 5.14.21-150400.24.173.1fixed 5.14.21-150400.24.173.1

  In the Linux kernel, the following vulnerability has been resolved: netfilter: allow exp not to be removed in nf_ct_find_expectation Currently nf_conntrack_in() calling nf_ct_find_expectation() will remove the exp from the hash table. However, in some scenario, we expect the ex

• CVE-2025-21839Mar 7, 2025
  affected < 5.14.21-150400.24.161.1fixed 5.14.21-150400.24.161.1

  In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Load DR6 with guest value only before entering .vcpu_run() loop Move the conditional loading of hardware DR6 with the guest's DR6 value out of the core .vcpu_run() loop to fix a bug where KVM can load

• CVE-2024-58083Mar 6, 2025
  affected < 5.14.21-150400.24.161.1fixed 5.14.21-150400.24.161.1

  In the Linux kernel, the following vulnerability has been resolved: KVM: Explicitly verify target vCPU is online in kvm_get_vcpu() Explicitly verify the target vCPU is fully online _prior_ to clamping the index in kvm_get_vcpu(). If the index is "bad", the nospec clamping will

• CVE-2022-49733Mar 2, 2025
  affected < 5.14.21-150400.24.158.1fixed 5.14.21-150400.24.158.1

  In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC There is a small race window at snd_pcm_oss_sync() that is called from OSS PCM SNDCTL_DSP_SYNC ioctl; namely the function calls snd_pcm_oss_make_ready() at first, the

• CVE-2025-21812Feb 27, 2025
  affected < 5.14.21-150400.24.164.1fixed 5.14.21-150400.24.164.1

  In the Linux kernel, the following vulnerability has been resolved: ax25: rcu protect dev->ax25_ptr syzbot found a lockdep issue [1]. We should remove ax25 RTNL dependency in ax25_setsockopt() This should also fix a variety of possible UAF in ax25. [1] WARNING: possible cir

• CVE-2025-21772HigFeb 27, 2025
  affected < 5.14.21-150400.24.161.1fixed 5.14.21-150400.24.161.1

  In the Linux kernel, the following vulnerability has been resolved: partitions: mac: fix handling of bogus partition table Fix several issues in partition probing: - The bailout for a bad partoffset must use put_dev_sector(), since the preceding read_part_sector() succeede

• CVE-2025-21766MedFeb 27, 2025
  affected < 5.14.21-150400.24.194.1fixed 5.14.21-150400.24.194.1

  In the Linux kernel, the following vulnerability has been resolved: ipv4: use RCU protection in __ip_rt_update_pmtu() __ip_rt_update_pmtu() must use RCU protection to make sure the net structure it reads does not disappear.

• CVE-2025-21765MedFeb 27, 2025
  affected < 5.14.21-150400.24.194.1fixed 5.14.21-150400.24.194.1

  In the Linux kernel, the following vulnerability has been resolved: ipv6: use RCU protection in ip6_default_advmss() ip6_default_advmss() needs rcu protection to make sure the net structure it reads does not disappear.

• CVE-2025-21764HigFeb 27, 2025
  affected < 5.14.21-150400.24.194.1fixed 5.14.21-150400.24.194.1

  In the Linux kernel, the following vulnerability has been resolved: ndisc: use RCU protection in ndisc_alloc_skb() ndisc_alloc_skb() can be called without RTNL or RCU being held. Add RCU protection to avoid possible UAF.

• CVE-2025-21760HigFeb 27, 2025
  affected < 5.14.21-150400.24.194.1fixed 5.14.21-150400.24.194.1

  In the Linux kernel, the following vulnerability has been resolved: ndisc: extend RCU protection in ndisc_send_skb() ndisc_send_skb() can be called without RTNL or RCU held. Acquire rcu_read_lock() earlier, so that we can use dev_net_rcu() and avoid a potential UAF.

• CVE-2025-21756HigFeb 27, 2025
  affected < 5.14.21-150400.24.170.1fixed 5.14.21-150400.24.170.1

  In the Linux kernel, the following vulnerability has been resolved: vsock: Keep the binding until socket destruction Preserve sockets bindings; this includes both resulting from an explicit bind() and those implicitly bound through autobind during connect(). Prevents socket un

• CVE-2025-21753HigFeb 27, 2025
  affected < 5.14.21-150400.24.161.1fixed 5.14.21-150400.24.161.1

  In the Linux kernel, the following vulnerability has been resolved: btrfs: fix use-after-free when attempting to join an aborted transaction When we are trying to join the current transaction and if it's aborted, we read its 'aborted' field after unlocking fs_info->trans_lock a

• CVE-2024-58014HigFeb 27, 2025
  affected < 5.14.21-150400.24.158.1fixed 5.14.21-150400.24.158.1

  In the Linux kernel, the following vulnerability has been resolved: wifi: brcmsmac: add gain range check to wlc_phy_iqcal_gainparams_nphy() In 'wlc_phy_iqcal_gainparams_nphy()', add gain range check to WARN() instead of possible out-of-bounds 'tbl_iqcal_gainparams_nphy' access.