suse/kernel-source-azure&distro=SUSE Linux Enterprise Module for Public Cloud 15 SP7

Vulnerabilities (2,117)

• CVE-2025-38409Jul 25, 2025
  affected < 6.4.0-150700.20.11.1fixed 6.4.0-150700.20.11.1

  In the Linux kernel, the following vulnerability has been resolved: drm/msm: Fix another leak in the submit error path put_unused_fd() doesn't free the installed file, if we've already done fd_install(). So we need to also free the sync_file. Patchwork: https://patchwork.free

• CVE-2025-38408Jul 25, 2025
  affected < 6.4.0-150700.20.15.2fixed 6.4.0-150700.20.15.2

  In the Linux kernel, the following vulnerability has been resolved: genirq/irq_sim: Initialize work context pointers properly Initialize `ops` member's pointers properly by using kzalloc() instead of kmalloc() when allocating the simulation work context. Otherwise the pointers

• CVE-2025-38400MedJul 25, 2025
  affected < 6.4.0-150700.20.11.1fixed 6.4.0-150700.20.11.1

  In the Linux kernel, the following vulnerability has been resolved: nfs: Clean up /proc/net/rpc/nfs when nfs_fs_proc_net_init() fails. syzbot reported a warning below [1] following a fault injection in nfs_fs_proc_net_init(). [0] When nfs_fs_proc_net_init() fails, /proc/net/rp

• CVE-2025-38393MedJul 25, 2025
  affected < 6.4.0-150700.20.11.1fixed 6.4.0-150700.20.11.1

  In the Linux kernel, the following vulnerability has been resolved: NFSv4/pNFS: Fix a race to wake on NFS_LAYOUT_DRAIN We found a few different systems hung up in writeback waiting on the same page lock, and one task waiting on the NFS_LAYOUT_DRAIN bit in pnfs_update_layout(),

• CVE-2025-38364MedJul 25, 2025
  affected < 6.4.0-150700.20.11.1fixed 6.4.0-150700.20.11.1

  In the Linux kernel, the following vulnerability has been resolved: maple_tree: fix MA_STATE_PREALLOC flag in mas_preallocate() Temporarily clear the preallocation flag when explicitly requesting allocations. Pre-existing allocations are already counted against the request thr

• CVE-2025-38406Jul 25, 2025
  affected < 6.4.0-150700.20.11.1fixed 6.4.0-150700.20.11.1

  In the Linux kernel, the following vulnerability has been resolved: wifi: ath6kl: remove WARN on bad firmware input If the firmware gives bad input, that's nothing to do with the driver's stack at this point etc., so the WARN_ON() doesn't add any value. Additionally, this is on

• CVE-2025-38404Jul 25, 2025
  affected < 6.4.0-150700.20.11.1fixed 6.4.0-150700.20.11.1

  In the Linux kernel, the following vulnerability has been resolved: usb: typec: displayport: Fix potential deadlock The deadlock can occur due to a recursive lock acquisition of `cros_typec_altmode_data::mutex`. The call chain is as follows: 1. cros_typec_altmode_work() acquire

• CVE-2025-38403Jul 25, 2025
  affected < 6.4.0-150700.20.11.1fixed 6.4.0-150700.20.11.1

  In the Linux kernel, the following vulnerability has been resolved: vsock/vmci: Clear the vmci transport packet properly when initializing it In vmci_transport_packet_init memset the vmci_transport_packet before populating the fields to avoid any uninitialised data being left i

• CVE-2025-38402Jul 25, 2025
  affected < 6.4.0-150700.20.15.2fixed 6.4.0-150700.20.15.2

  In the Linux kernel, the following vulnerability has been resolved: idpf: return 0 size for RSS key if not supported Returning -EOPNOTSUPP from function returning u32 is leading to cast and invalid size value as a result. -EOPNOTSUPP as a size probably will lead to allocation

• CVE-2025-38401Jul 25, 2025
  affected < 6.4.0-150700.20.11.1fixed 6.4.0-150700.20.11.1

  In the Linux kernel, the following vulnerability has been resolved: mtk-sd: Prevent memory corruption from DMA map failure If msdc_prepare_data() fails to map the DMA region, the request is not prepared for data receiving, but msdc_start_data() proceeds the DMA with previous se

• CVE-2025-38399Jul 25, 2025
  affected < 6.4.0-150700.20.11.1fixed 6.4.0-150700.20.11.1

  In the Linux kernel, the following vulnerability has been resolved: scsi: target: Fix NULL pointer dereference in core_scsi3_decode_spec_i_port() The function core_scsi3_decode_spec_i_port(), in its error code path, unconditionally calls core_scsi3_lunacl_undepend_item() passin

• CVE-2025-38396Jul 25, 2025
  affected < 6.4.0-150700.20.11.1fixed 6.4.0-150700.20.11.1

  In the Linux kernel, the following vulnerability has been resolved: fs: export anon_inode_make_secure_inode() and fix secretmem LSM bypass Export anon_inode_make_secure_inode() to allow KVM guest_memfd to create anonymous inodes with proper security context. This replaces the c

• CVE-2025-38395Jul 25, 2025
  affected < 6.4.0-150700.20.11.1fixed 6.4.0-150700.20.11.1

  In the Linux kernel, the following vulnerability has been resolved: regulator: gpio: Fix the out-of-bounds access to drvdata::gpiods drvdata::gpiods is supposed to hold an array of 'gpio_desc' pointers. But the memory is allocated for only one pointer. This will lead to out-of-

• CVE-2025-38392Jul 25, 2025
  affected < 6.4.0-150700.20.11.1fixed 6.4.0-150700.20.11.1

  In the Linux kernel, the following vulnerability has been resolved: idpf: convert control queue mutex to a spinlock With VIRTCHNL2_CAP_MACFILTER enabled, the following warning is generated on module load: [ 324.701677] BUG: sleeping function called from invalid context at ker

• CVE-2025-38391Jul 25, 2025
  affected < 6.4.0-150700.20.11.1fixed 6.4.0-150700.20.11.1

  In the Linux kernel, the following vulnerability has been resolved: usb: typec: altmodes/displayport: do not index invalid pin_assignments A poorly implemented DisplayPort Alt Mode port partner can indicate that its pin assignment capabilities are greater than the maximum value

• CVE-2025-38389Jul 25, 2025
  affected < 6.4.0-150700.20.11.1fixed 6.4.0-150700.20.11.1

  In the Linux kernel, the following vulnerability has been resolved: drm/i915/gt: Fix timeline left held on VMA alloc error The following error has been reported sporadically by CI when a test unbinds the i915 driver on a ring submission platform: <4> [239.330153] ------------[

• CVE-2025-38387Jul 25, 2025
  affected < 6.4.0-150700.20.11.1fixed 6.4.0-150700.20.11.1

  In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Initialize obj_event->obj_sub_list before xa_insert The obj_event may be loaded immediately after inserted, then if the list_head is not initialized then we may get a poisonous pointer. This fixes t

• CVE-2025-38386Jul 25, 2025
  affected < 6.4.0-150700.20.11.1fixed 6.4.0-150700.20.11.1

  In the Linux kernel, the following vulnerability has been resolved: ACPICA: Refuse to evaluate a method if arguments are missing As reported in [1], a platform firmware update that increased the number of method parameters and forgot to update a least one of its callers, caused

• CVE-2025-38385Jul 25, 2025
  affected < 6.4.0-150700.20.11.1fixed 6.4.0-150700.20.11.1

  In the Linux kernel, the following vulnerability has been resolved: net: usb: lan78xx: fix WARN in __netif_napi_del_locked on disconnect Remove redundant netif_napi_del() call from disconnect path. A WARN may be triggered in __netif_napi_del_locked() during USB device disconne

• CVE-2025-38384Jul 25, 2025
  affected < 6.4.0-150700.20.11.1fixed 6.4.0-150700.20.11.1

  In the Linux kernel, the following vulnerability has been resolved: mtd: spinand: fix memory leak of ECC engine conf Memory allocated for the ECC engine conf is not released during spinand cleanup. Below kmemleak trace is seen for this memory leak: unreferenced object 0xffffff