rpm package
suse/kernel-source-azure&distro=SUSE Linux Enterprise Module for Public Cloud 15 SP6
pkg:rpm/suse/kernel-source-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP6
Vulnerabilities (3,769)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-40013 | — | < 6.4.0-150600.8.55.1 | 6.4.0-150600.8.55.1 | Oct 20, 2025 | In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: audioreach: fix potential null pointer dereference It is possible that the topology parsing function audioreach_widget_load_module_common() could return NULL or an error pointer. Add missing NULL ch | ||
| CVE-2025-40011 | — | < 6.4.0-150600.8.55.1 | 6.4.0-150600.8.55.1 | Oct 20, 2025 | In the Linux kernel, the following vulnerability has been resolved: drm/gma500: Fix null dereference in hdmi teardown pci_set_drvdata sets the value of pdev->driver_data to NULL, after which the driver_data obtained from the same dev is dereferenced in oaktrail_hdmi_i2c_exit, a | ||
| CVE-2025-40010 | — | < 6.4.0-150600.8.55.1 | 6.4.0-150600.8.55.1 | Oct 20, 2025 | In the Linux kernel, the following vulnerability has been resolved: afs: Fix potential null pointer dereference in afs_put_server afs_put_server() accessed server->debug_id before the NULL check, which could lead to a null pointer dereference. Move the debug_id assignment, ensu | ||
| CVE-2025-40005 | Med | 5.5 | < 6.4.0-150600.8.55.1 | 6.4.0-150600.8.55.1 | Oct 20, 2025 | In the Linux kernel, the following vulnerability has been resolved: spi: cadence-quadspi: Implement refcount to handle unbind during busy driver support indirect read and indirect write operation with assumption no force device removal(unbind) operation. However force device re | |
| CVE-2025-40001 | — | < 6.4.0-150600.8.58.1 | 6.4.0-150600.8.58.1 | Oct 18, 2025 | In the Linux kernel, the following vulnerability has been resolved: scsi: mvsas: Fix use-after-free bugs in mvs_work_queue During the detaching of Marvell's SAS/SATA controller, the original code calls cancel_delayed_work() in mvs_free() to cancel the delayed work item mwq->wor | ||
| CVE-2025-40000 | — | < 6.4.0-150600.8.55.1 | 6.4.0-150600.8.55.1 | Oct 15, 2025 | In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: fix use-after-free in rtw89_core_tx_kick_off_and_wait() There is a bug observed when rtw89_core_tx_kick_off_and_wait() tries to access already freed skb_data: BUG: KFENCE: use-after-free write in | ||
| CVE-2025-39997 | — | < 6.4.0-150600.8.55.1 | 6.4.0-150600.8.55.1 | Oct 15, 2025 | In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: fix race condition to UAF in snd_usbmidi_free The previous commit 0718a78f6a9f ("ALSA: usb-audio: Kill timer properly at removal") patched a UAF issue caused by the error timer. However, becau | ||
| CVE-2025-39996 | — | < 6.4.0-150600.8.55.1 | 6.4.0-150600.8.55.1 | Oct 15, 2025 | In the Linux kernel, the following vulnerability has been resolved: media: b2c2: Fix use-after-free causing by irq_check_work in flexcop_pci_remove The original code uses cancel_delayed_work() in flexcop_pci_remove(), which does not guarantee that the delayed work item irq_chec | ||
| CVE-2025-39995 | — | < 6.4.0-150600.8.55.1 | 6.4.0-150600.8.55.1 | Oct 15, 2025 | In the Linux kernel, the following vulnerability has been resolved: media: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in probe The state->timer is a cyclic timer that schedules work_i2c_poll and delayed_work_enable_hotplug, while rearming itself. Using timer_ | ||
| CVE-2025-39994 | — | < 6.4.0-150600.8.55.1 | 6.4.0-150600.8.55.1 | Oct 15, 2025 | In the Linux kernel, the following vulnerability has been resolved: media: tuner: xc5000: Fix use-after-free in xc5000_release The original code uses cancel_delayed_work() in xc5000_release(), which does not guarantee that the delayed work item timer_sleep has fully completed i | ||
| CVE-2025-39993 | — | < 6.4.0-150600.8.55.1 | 6.4.0-150600.8.55.1 | Oct 15, 2025 | In the Linux kernel, the following vulnerability has been resolved: media: rc: fix races with imon_disconnect() Syzbot reports a KASAN issue as below: BUG: KASAN: use-after-free in __create_pipe include/linux/usb.h:1945 [inline] BUG: KASAN: use-after-free in send_packet+0xa2d/0 | ||
| CVE-2025-39991 | — | < 6.4.0-150600.8.55.1 | 6.4.0-150600.8.55.1 | Oct 15, 2025 | In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix NULL dereference in ath11k_qmi_m3_load() If ab->fw.m3_data points to data, then fw pointer remains null. Further, if m3_mem is not allocated, then fw is dereferenced to be passed to ath11k_err | ||
| CVE-2025-39988 | — | < 6.4.0-150600.8.55.1 | 6.4.0-150600.8.55.1 | Oct 15, 2025 | In the Linux kernel, the following vulnerability has been resolved: can: etas_es58x: populate ndo_change_mtu() to prevent buffer overflow Sending an PF_PACKET allows to bypass the CAN framework logic and to directly reach the xmit() function of a CAN driver. The only check whic | ||
| CVE-2025-39987 | — | < 6.4.0-150600.8.55.1 | 6.4.0-150600.8.55.1 | Oct 15, 2025 | In the Linux kernel, the following vulnerability has been resolved: can: hi311x: populate ndo_change_mtu() to prevent buffer overflow Sending an PF_PACKET allows to bypass the CAN framework logic and to directly reach the xmit() function of a CAN driver. The only check which is | ||
| CVE-2025-39986 | — | < 6.4.0-150600.8.55.1 | 6.4.0-150600.8.55.1 | Oct 15, 2025 | In the Linux kernel, the following vulnerability has been resolved: can: sun4i_can: populate ndo_change_mtu() to prevent buffer overflow Sending an PF_PACKET allows to bypass the CAN framework logic and to directly reach the xmit() function of a CAN driver. The only check which | ||
| CVE-2025-39985 | — | < 6.4.0-150600.8.55.1 | 6.4.0-150600.8.55.1 | Oct 15, 2025 | In the Linux kernel, the following vulnerability has been resolved: can: mcba_usb: populate ndo_change_mtu() to prevent buffer overflow Sending an PF_PACKET allows to bypass the CAN framework logic and to directly reach the xmit() function of a CAN driver. The only check which | ||
| CVE-2025-39982 | — | < 6.4.0-150600.8.55.1 | 6.4.0-150600.8.55.1 | Oct 15, 2025 | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: Fix UAF in hci_acl_create_conn_sync This fixes the following UFA in hci_acl_create_conn_sync where a connection still pending is command submission (conn->state == BT_OPEN) maybe freed, al | ||
| CVE-2025-39981 | — | < 6.4.0-150600.8.55.1 | 6.4.0-150600.8.55.1 | Oct 15, 2025 | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix possible UAFs This attemps to fix possible UAFs caused by struct mgmt_pending being freed while still being processed like in the following trace, in order to fix mgmt_pending_valid is intr | ||
| CVE-2025-39980 | — | < 6.4.0-150600.8.58.1 | 6.4.0-150600.8.58.1 | Oct 15, 2025 | In the Linux kernel, the following vulnerability has been resolved: nexthop: Forbid FDB status change while nexthop is in a group The kernel forbids the creation of non-FDB nexthop groups with FDB nexthops: # ip nexthop add id 1 via 192.0.2.1 fdb # ip nexthop add id 2 group | ||
| CVE-2025-39978 | — | < 6.4.0-150600.8.55.1 | 6.4.0-150600.8.55.1 | Oct 15, 2025 | In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: Fix potential use after free in otx2_tc_add_flow() This code calls kfree_rcu(new_node, rcu) and then dereferences "new_node" and then dereferences it on the next line. Two lines later, we take a |
- CVE-2025-40013Oct 20, 2025affected < 6.4.0-150600.8.55.1fixed 6.4.0-150600.8.55.1
In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: audioreach: fix potential null pointer dereference It is possible that the topology parsing function audioreach_widget_load_module_common() could return NULL or an error pointer. Add missing NULL ch
- CVE-2025-40011Oct 20, 2025affected < 6.4.0-150600.8.55.1fixed 6.4.0-150600.8.55.1
In the Linux kernel, the following vulnerability has been resolved: drm/gma500: Fix null dereference in hdmi teardown pci_set_drvdata sets the value of pdev->driver_data to NULL, after which the driver_data obtained from the same dev is dereferenced in oaktrail_hdmi_i2c_exit, a
- CVE-2025-40010Oct 20, 2025affected < 6.4.0-150600.8.55.1fixed 6.4.0-150600.8.55.1
In the Linux kernel, the following vulnerability has been resolved: afs: Fix potential null pointer dereference in afs_put_server afs_put_server() accessed server->debug_id before the NULL check, which could lead to a null pointer dereference. Move the debug_id assignment, ensu
- affected < 6.4.0-150600.8.55.1fixed 6.4.0-150600.8.55.1
In the Linux kernel, the following vulnerability has been resolved: spi: cadence-quadspi: Implement refcount to handle unbind during busy driver support indirect read and indirect write operation with assumption no force device removal(unbind) operation. However force device re
- CVE-2025-40001Oct 18, 2025affected < 6.4.0-150600.8.58.1fixed 6.4.0-150600.8.58.1
In the Linux kernel, the following vulnerability has been resolved: scsi: mvsas: Fix use-after-free bugs in mvs_work_queue During the detaching of Marvell's SAS/SATA controller, the original code calls cancel_delayed_work() in mvs_free() to cancel the delayed work item mwq->wor
- CVE-2025-40000Oct 15, 2025affected < 6.4.0-150600.8.55.1fixed 6.4.0-150600.8.55.1
In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: fix use-after-free in rtw89_core_tx_kick_off_and_wait() There is a bug observed when rtw89_core_tx_kick_off_and_wait() tries to access already freed skb_data: BUG: KFENCE: use-after-free write in
- CVE-2025-39997Oct 15, 2025affected < 6.4.0-150600.8.55.1fixed 6.4.0-150600.8.55.1
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: fix race condition to UAF in snd_usbmidi_free The previous commit 0718a78f6a9f ("ALSA: usb-audio: Kill timer properly at removal") patched a UAF issue caused by the error timer. However, becau
- CVE-2025-39996Oct 15, 2025affected < 6.4.0-150600.8.55.1fixed 6.4.0-150600.8.55.1
In the Linux kernel, the following vulnerability has been resolved: media: b2c2: Fix use-after-free causing by irq_check_work in flexcop_pci_remove The original code uses cancel_delayed_work() in flexcop_pci_remove(), which does not guarantee that the delayed work item irq_chec
- CVE-2025-39995Oct 15, 2025affected < 6.4.0-150600.8.55.1fixed 6.4.0-150600.8.55.1
In the Linux kernel, the following vulnerability has been resolved: media: i2c: tc358743: Fix use-after-free bugs caused by orphan timer in probe The state->timer is a cyclic timer that schedules work_i2c_poll and delayed_work_enable_hotplug, while rearming itself. Using timer_
- CVE-2025-39994Oct 15, 2025affected < 6.4.0-150600.8.55.1fixed 6.4.0-150600.8.55.1
In the Linux kernel, the following vulnerability has been resolved: media: tuner: xc5000: Fix use-after-free in xc5000_release The original code uses cancel_delayed_work() in xc5000_release(), which does not guarantee that the delayed work item timer_sleep has fully completed i
- CVE-2025-39993Oct 15, 2025affected < 6.4.0-150600.8.55.1fixed 6.4.0-150600.8.55.1
In the Linux kernel, the following vulnerability has been resolved: media: rc: fix races with imon_disconnect() Syzbot reports a KASAN issue as below: BUG: KASAN: use-after-free in __create_pipe include/linux/usb.h:1945 [inline] BUG: KASAN: use-after-free in send_packet+0xa2d/0
- CVE-2025-39991Oct 15, 2025affected < 6.4.0-150600.8.55.1fixed 6.4.0-150600.8.55.1
In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix NULL dereference in ath11k_qmi_m3_load() If ab->fw.m3_data points to data, then fw pointer remains null. Further, if m3_mem is not allocated, then fw is dereferenced to be passed to ath11k_err
- CVE-2025-39988Oct 15, 2025affected < 6.4.0-150600.8.55.1fixed 6.4.0-150600.8.55.1
In the Linux kernel, the following vulnerability has been resolved: can: etas_es58x: populate ndo_change_mtu() to prevent buffer overflow Sending an PF_PACKET allows to bypass the CAN framework logic and to directly reach the xmit() function of a CAN driver. The only check whic
- CVE-2025-39987Oct 15, 2025affected < 6.4.0-150600.8.55.1fixed 6.4.0-150600.8.55.1
In the Linux kernel, the following vulnerability has been resolved: can: hi311x: populate ndo_change_mtu() to prevent buffer overflow Sending an PF_PACKET allows to bypass the CAN framework logic and to directly reach the xmit() function of a CAN driver. The only check which is
- CVE-2025-39986Oct 15, 2025affected < 6.4.0-150600.8.55.1fixed 6.4.0-150600.8.55.1
In the Linux kernel, the following vulnerability has been resolved: can: sun4i_can: populate ndo_change_mtu() to prevent buffer overflow Sending an PF_PACKET allows to bypass the CAN framework logic and to directly reach the xmit() function of a CAN driver. The only check which
- CVE-2025-39985Oct 15, 2025affected < 6.4.0-150600.8.55.1fixed 6.4.0-150600.8.55.1
In the Linux kernel, the following vulnerability has been resolved: can: mcba_usb: populate ndo_change_mtu() to prevent buffer overflow Sending an PF_PACKET allows to bypass the CAN framework logic and to directly reach the xmit() function of a CAN driver. The only check which
- CVE-2025-39982Oct 15, 2025affected < 6.4.0-150600.8.55.1fixed 6.4.0-150600.8.55.1
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: Fix UAF in hci_acl_create_conn_sync This fixes the following UFA in hci_acl_create_conn_sync where a connection still pending is command submission (conn->state == BT_OPEN) maybe freed, al
- CVE-2025-39981Oct 15, 2025affected < 6.4.0-150600.8.55.1fixed 6.4.0-150600.8.55.1
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix possible UAFs This attemps to fix possible UAFs caused by struct mgmt_pending being freed while still being processed like in the following trace, in order to fix mgmt_pending_valid is intr
- CVE-2025-39980Oct 15, 2025affected < 6.4.0-150600.8.58.1fixed 6.4.0-150600.8.58.1
In the Linux kernel, the following vulnerability has been resolved: nexthop: Forbid FDB status change while nexthop is in a group The kernel forbids the creation of non-FDB nexthop groups with FDB nexthops: # ip nexthop add id 1 via 192.0.2.1 fdb # ip nexthop add id 2 group
- CVE-2025-39978Oct 15, 2025affected < 6.4.0-150600.8.55.1fixed 6.4.0-150600.8.55.1
In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: Fix potential use after free in otx2_tc_add_flow() This code calls kfree_rcu(new_node, rcu) and then dereferences "new_node" and then dereferences it on the next line. Two lines later, we take a
Page 6 of 189