suse/kernel-source-azure&distro=SUSE Linux Enterprise Module for Public Cloud 15 SP7

Vulnerabilities (2,117)

• CVE-2025-38186Jul 4, 2025
  affected < 6.4.0-150700.20.11.1fixed 6.4.0-150700.20.11.1

  In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix double invocation of bnxt_ulp_stop()/bnxt_ulp_start() Before the commit under the Fixes tag below, bnxt_ulp_stop() and bnxt_ulp_start() were always invoked in pairs. After that commit, the new bnx

• CVE-2025-38185Jul 4, 2025
  affected < 6.4.0-150700.20.15.2fixed 6.4.0-150700.20.15.2

  In the Linux kernel, the following vulnerability has been resolved: atm: atmtcp: Free invalid length skb in atmtcp_c_send(). syzbot reported the splat below. [0] vcc_sendmsg() copies data passed from userspace to skb and passes it to vcc->dev->ops->send(). atmtcp_c_send() acc

• CVE-2025-38184Jul 4, 2025
  affected < 6.4.0-150700.20.15.2fixed 6.4.0-150700.20.15.2

  In the Linux kernel, the following vulnerability has been resolved: tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer The reproduction steps: 1. create a tun interface 2. enable l2 bearer 3. TIPC_NL_UDP_GET_REMOTEIP with media name set to tun tipc: Started i

• CVE-2025-38183Jul 4, 2025
  affected < 6.4.0-150700.20.11.1fixed 6.4.0-150700.20.11.1

  In the Linux kernel, the following vulnerability has been resolved: net: lan743x: fix potential out-of-bounds write in lan743x_ptp_io_event_clock_get() Before calling lan743x_ptp_io_event_clock_get(), the 'channel' value is checked against the maximum value of PCI11X1X_PTP_IO_M

• CVE-2025-38182Jul 4, 2025
  affected < 6.4.0-150700.20.11.1fixed 6.4.0-150700.20.11.1

  In the Linux kernel, the following vulnerability has been resolved: ublk: santizize the arguments from userspace when adding a device Sanity check the values for queue depth and number of queues we get from userspace when adding a device.

• CVE-2025-38181Jul 4, 2025
  affected < 6.4.0-150700.20.11.1fixed 6.4.0-150700.20.11.1

  In the Linux kernel, the following vulnerability has been resolved: calipso: Fix null-ptr-deref in calipso_req_{set,del}attr(). syzkaller reported a null-ptr-deref in sock_omalloc() while allocating a CALIPSO option. [0] The NULL is of struct sock, which was fetched by sk_to_

• CVE-2025-38180Jul 4, 2025
  affected < 6.4.0-150700.20.11.1fixed 6.4.0-150700.20.11.1

  In the Linux kernel, the following vulnerability has been resolved: net: atm: fix /proc/net/atm/lec handling /proc/net/atm/lec must ensure safety against dev_lec[] changes. It appears it had dev_put() calls without prior dev_hold(), leading to imbalance and UAF.

• CVE-2025-38177Jul 4, 2025
  affected < 6.4.0-150700.20.11.1fixed 6.4.0-150700.20.11.1

  In the Linux kernel, the following vulnerability has been resolved: sch_hfsc: make hfsc_qlen_notify() idempotent hfsc_qlen_notify() is not idempotent either and not friendly to its callers, like fq_codel_dequeue(). Let's make it idempotent to ease qdisc_tree_reduce_backlog() ca

• CVE-2025-38174Jul 4, 2025
  affected < 6.4.0-150700.20.11.1fixed 6.4.0-150700.20.11.1

  In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Do not double dequeue a configuration request Some of our devices crash in tb_cfg_request_dequeue(): general protection fault, probably for non-canonical address 0xdead000000000122 CPU: 6 PID:

• CVE-2025-38124MedJul 3, 2025
  affected < 6.4.0-150700.20.11.1fixed 6.4.0-150700.20.11.1

  In the Linux kernel, the following vulnerability has been resolved: net: fix udp gso skb_segment after pull from frag_list Commit a1e40ac5b5e9 ("net: gso: fix udp gso fraglist segmentation after pull from frag_list") detected invalid geometry in frag_list skbs and redirects the

• CVE-2025-38111HigJul 3, 2025
  affected < 6.4.0-150700.20.11.1fixed 6.4.0-150700.20.11.1

  In the Linux kernel, the following vulnerability has been resolved: net/mdiobus: Fix potential out-of-bounds read/write access When using publicly available tools like 'mdio-tools' to read/write data from/to network interface and its PHY via mdiobus, there is no verification of

• CVE-2025-38100MedJul 3, 2025
  affected < 6.4.0-150700.20.11.1fixed 6.4.0-150700.20.11.1

  In the Linux kernel, the following vulnerability has been resolved: x86/iopl: Cure TIF_IO_BITMAP inconsistencies io_bitmap_exit() is invoked from exit_thread() when a task exists or when a fork fails. In the latter case the exit_thread() cleans up resources which were allocated

• CVE-2025-38173Jul 3, 2025
  affected < 6.4.0-150700.20.11.1fixed 6.4.0-150700.20.11.1

  In the Linux kernel, the following vulnerability has been resolved: crypto: marvell/cesa - Handle zero-length skcipher requests Do not access random memory for zero-length skcipher requests. Just return 0.

• CVE-2025-38166Jul 3, 2025
  affected < 6.4.0-150700.20.11.1fixed 6.4.0-150700.20.11.1

  In the Linux kernel, the following vulnerability has been resolved: bpf: fix ktls panic with sockmap [ 2172.936997] ------------[ cut here ]------------ [ 2172.936999] kernel BUG at lib/iov_iter.c:629! ...... [ 2172.944996] PKRU: 55555554 [ 2172.945155] Call Trace: [ 2172.94529

• CVE-2025-38165Jul 3, 2025
  affected < 6.4.0-150700.20.11.1fixed 6.4.0-150700.20.11.1

  In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Fix panic when calling skb_linearize The panic can be reproduced by executing the command: ./bench sockmap -c 2 -p 1 -a --rx-verdict-ingress --rx-strp 100000 Then a kernel panic was captured: '''

• CVE-2025-38162Jul 3, 2025
  affected < 6.4.0-150700.20.11.1fixed 6.4.0-150700.20.11.1

  In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo: prevent overflow in lookup table allocation When calculating the lookup table size, ensure the following multiplication does not overflow: - desc->field_len[] maximum value is U8_MAX

• CVE-2025-38161Jul 3, 2025
  affected < 6.4.0-150700.20.11.1fixed 6.4.0-150700.20.11.1

  In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix error flow upon firmware failure for RQ destruction Upon RQ destruction if the firmware command fails which is the last resource to be destroyed some SW resources were already cleaned regardless

• CVE-2025-38160Jul 3, 2025
  affected < 6.4.0-150700.20.15.2fixed 6.4.0-150700.20.15.2

  In the Linux kernel, the following vulnerability has been resolved: clk: bcm: rpi: Add NULL check in raspberrypi_clk_register() devm_kasprintf() returns NULL when memory allocation fails. Currently, raspberrypi_clk_register() does not check for this case, which results in a NUL

• CVE-2025-38159Jul 3, 2025
  affected < 6.4.0-150700.20.11.1fixed 6.4.0-150700.20.11.1

  In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds Set the size to 6 instead of 2, since 'para' array is passed to 'rtw_fw_bt_wifi_control(rtwdev, para[0], &para[1])', which reads 5 bytes:

• CVE-2025-38158Jul 3, 2025
  affected < 6.4.0-150700.20.11.1fixed 6.4.0-150700.20.11.1

  In the Linux kernel, the following vulnerability has been resolved: hisi_acc_vfio_pci: fix XQE dma address error The dma addresses of EQE and AEQE are wrong after migration and results in guest kernel-mode encryption services failure. Comparing the definition of hardware regis