rpm package
suse/kernel-source-rt&distro=SUSE Real Time Module 15 SP7
pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP7
Vulnerabilities (2,202)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-39866 | Hig | 7.8 | < 6.4.0-150700.7.22.1 | 6.4.0-150700.7.22.1 | Sep 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: fs: writeback: fix use-after-free in __mark_inode_dirty() An use-after-free issue occurred when __mark_inode_dirty() get the bdi_writeback that was in the progress of switching. CPU: 1 PID: 562 Comm: systemd-r | |
| CVE-2025-39865 | Med | 5.5 | < 6.4.0-150700.7.19.1 | 6.4.0-150700.7.19.1 | Sep 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: tee: fix NULL pointer dereference in tee_shm_put tee_shm_put have NULL pointer dereference: __optee_disable_shm_cache --> shm = reg_pair_to_ptr(...);//shm maybe return NULL tee_shm_free(shm); --> te | |
| CVE-2025-39864 | Hig | 7.8 | < 6.4.0-150700.7.22.1 | 6.4.0-150700.7.22.1 | Sep 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: fix use-after-free in cmp_bss() Following bss_free() quirk introduced in commit 776b3580178f ("cfg80211: track hidden SSID networks properly"), adjust cfg80211_update_known_bss() to free the las | |
| CVE-2025-39860 | Hig | 7.8 | < 6.4.0-150700.7.22.1 | 6.4.0-150700.7.22.1 | Sep 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix use-after-free in l2cap_sock_cleanup_listen() syzbot reported the splat below without a repro. In the splat, a single thread calling bt_accept_dequeue() freed sk and touched it after that. The | |
| CVE-2025-39857 | Med | 5.5 | < 6.4.0-150700.7.19.1 | 6.4.0-150700.7.19.1 | Sep 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: net/smc: fix one NULL pointer dereference in smc_ib_is_sg_need_sync() BUG: kernel NULL pointer dereference, address: 00000000000002ec PGD 0 P4D 0 Oops: Oops: 0000 [#1] SMP PTI CPU: 28 UID: 0 PID: 343 Comm: kwor | |
| CVE-2025-39853 | Hig | 7.1 | < 6.4.0-150700.7.22.1 | 6.4.0-150700.7.22.1 | Sep 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: i40e: Fix potential invalid access when MAC list is empty list_first_entry() never returns NULL - if the list is empty, it still returns a pointer to an invalid object, leading to potential invalid memory acces | |
| CVE-2025-39849 | Hig | 7.8 | < 6.4.0-150700.7.22.1 | 6.4.0-150700.7.22.1 | Sep 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: sme: cap SSID length in __cfg80211_connect_result() If the ssid->datalen is more than IEEE80211_MAX_SSID_LEN (32) it would lead to memory corruption so add some bounds checking. | |
| CVE-2025-39848 | Med | 5.5 | < 6.4.0-150700.7.22.1 | 6.4.0-150700.7.22.1 | Sep 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: ax25: properly unshare skbs in ax25_kiss_rcv() Bernard Pidoux reported a regression apparently caused by commit c353e8983e0d ("net: introduce per netns packet chains"). skb->dev becomes NULL and we crash in __ | |
| CVE-2025-39847 | Med | 5.5 | < 6.4.0-150700.7.22.1 | 6.4.0-150700.7.22.1 | Sep 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: ppp: fix memory leak in pad_compress_skb If alloc_skb() fails in pad_compress_skb(), it returns NULL without releasing the old skb. The caller does: skb = pad_compress_skb(ppp, skb); if (!skb) | |
| CVE-2025-39846 | Med | 5.5 | < 6.4.0-150700.7.22.1 | 6.4.0-150700.7.22.1 | Sep 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: pcmcia: Fix a NULL pointer dereference in __iodyn_find_io_region() In __iodyn_find_io_region(), pcmcia_make_resource() is assigned to res and used in pci_bus_alloc_resource(). There is a dereference of res in p | |
| CVE-2025-39845 | Med | 5.5 | < 6.4.0-150700.7.22.1 | 6.4.0-150700.7.22.1 | Sep 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: x86/mm/64: define ARCH_PAGE_TABLE_SYNC_MASK and arch_sync_kernel_mappings() Define ARCH_PAGE_TABLE_SYNC_MASK and arch_sync_kernel_mappings() to ensure page tables are properly synchronized when calling p*d_popu | |
| CVE-2025-39844 | Med | 5.5 | < 6.4.0-150700.7.22.1 | 6.4.0-150700.7.22.1 | Sep 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: mm: move page table sync declarations to linux/pgtable.h During our internal testing, we started observing intermittent boot failures when the machine uses 4-level paging and has a large amount of persistent me | |
| CVE-2025-39842 | Med | 5.5 | < 6.4.0-150700.7.19.1 | 6.4.0-150700.7.19.1 | Sep 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: ocfs2: prevent release journal inode after journal shutdown Before calling ocfs2_delete_osb(), ocfs2_journal_shutdown() has already been executed in ocfs2_dismount_volume(), so osb->journal must be NULL. There | |
| CVE-2025-39841 | Hig | 7.8 | < 6.4.0-150700.7.22.1 | 6.4.0-150700.7.22.1 | Sep 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix buffer free/clear order in deferred receive path Fix a use-after-free window by correcting the buffer release sequence in the deferred receive path. The code freed the RQ buffer first and only t | |
| CVE-2025-39839 | Hig | 7.1 | < 6.4.0-150700.7.22.1 | 6.4.0-150700.7.22.1 | Sep 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: batman-adv: fix OOB read/write in network-coding decode batadv_nc_skb_decode_packet() trusts coded_len and checks only against skb->len. XOR starts at sizeof(struct batadv_unicast_packet), reducing payload head | |
| CVE-2025-39838 | Med | 5.5 | < 6.4.0-150700.7.19.1 | 6.4.0-150700.7.19.1 | Sep 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: cifs: prevent NULL pointer dereference in UTF16 conversion There can be a NULL pointer dereference bug here. NULL is passed to __cifs_sfu_make_node without checks, which passes it unchecked to cifs_strndup_to_u | |
| CVE-2025-39863 | — | < 6.4.0-150700.7.22.1 | 6.4.0-150700.7.22.1 | Sep 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: fix use-after-free when rescheduling brcmf_btcoex_info work The brcmf_btcoex_detach() only shuts down the btcoex timer, if the flag timer_on is false. However, the brcmf_btcoex_timerfunc(), whic | ||
| CVE-2025-39861 | — | < 6.4.0-150700.7.22.1 | 6.4.0-150700.7.22.1 | Sep 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: vhci: Prevent use-after-free by removing debugfs files early Move the creation of debugfs files into a dedicated function, and ensure they are explicitly removed during vhci_release(), before associa | ||
| CVE-2025-39859 | — | < 6.4.0-150700.7.25.1 | 6.4.0-150700.7.25.1 | Sep 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: ptp: ocp: fix use-after-free bugs causing by ptp_ocp_watchdog The ptp_ocp_detach() only shuts down the watchdog timer if it is pending. However, if the timer handler is already running, the timer_delete_sync() | ||
| CVE-2025-39854 | — | < 6.4.0-150700.7.22.1 | 6.4.0-150700.7.22.1 | Sep 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: ice: fix NULL access of tx->in_use in ice_ll_ts_intr Recent versions of the E810 firmware have support for an extra interrupt to handle report of the "low latency" Tx timestamps coming from the specialized low |
- affected < 6.4.0-150700.7.22.1fixed 6.4.0-150700.7.22.1
In the Linux kernel, the following vulnerability has been resolved: fs: writeback: fix use-after-free in __mark_inode_dirty() An use-after-free issue occurred when __mark_inode_dirty() get the bdi_writeback that was in the progress of switching. CPU: 1 PID: 562 Comm: systemd-r
- affected < 6.4.0-150700.7.19.1fixed 6.4.0-150700.7.19.1
In the Linux kernel, the following vulnerability has been resolved: tee: fix NULL pointer dereference in tee_shm_put tee_shm_put have NULL pointer dereference: __optee_disable_shm_cache --> shm = reg_pair_to_ptr(...);//shm maybe return NULL tee_shm_free(shm); --> te
- affected < 6.4.0-150700.7.22.1fixed 6.4.0-150700.7.22.1
In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: fix use-after-free in cmp_bss() Following bss_free() quirk introduced in commit 776b3580178f ("cfg80211: track hidden SSID networks properly"), adjust cfg80211_update_known_bss() to free the las
- affected < 6.4.0-150700.7.22.1fixed 6.4.0-150700.7.22.1
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix use-after-free in l2cap_sock_cleanup_listen() syzbot reported the splat below without a repro. In the splat, a single thread calling bt_accept_dequeue() freed sk and touched it after that. The
- affected < 6.4.0-150700.7.19.1fixed 6.4.0-150700.7.19.1
In the Linux kernel, the following vulnerability has been resolved: net/smc: fix one NULL pointer dereference in smc_ib_is_sg_need_sync() BUG: kernel NULL pointer dereference, address: 00000000000002ec PGD 0 P4D 0 Oops: Oops: 0000 [#1] SMP PTI CPU: 28 UID: 0 PID: 343 Comm: kwor
- affected < 6.4.0-150700.7.22.1fixed 6.4.0-150700.7.22.1
In the Linux kernel, the following vulnerability has been resolved: i40e: Fix potential invalid access when MAC list is empty list_first_entry() never returns NULL - if the list is empty, it still returns a pointer to an invalid object, leading to potential invalid memory acces
- affected < 6.4.0-150700.7.22.1fixed 6.4.0-150700.7.22.1
In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: sme: cap SSID length in __cfg80211_connect_result() If the ssid->datalen is more than IEEE80211_MAX_SSID_LEN (32) it would lead to memory corruption so add some bounds checking.
- affected < 6.4.0-150700.7.22.1fixed 6.4.0-150700.7.22.1
In the Linux kernel, the following vulnerability has been resolved: ax25: properly unshare skbs in ax25_kiss_rcv() Bernard Pidoux reported a regression apparently caused by commit c353e8983e0d ("net: introduce per netns packet chains"). skb->dev becomes NULL and we crash in __
- affected < 6.4.0-150700.7.22.1fixed 6.4.0-150700.7.22.1
In the Linux kernel, the following vulnerability has been resolved: ppp: fix memory leak in pad_compress_skb If alloc_skb() fails in pad_compress_skb(), it returns NULL without releasing the old skb. The caller does: skb = pad_compress_skb(ppp, skb); if (!skb)
- affected < 6.4.0-150700.7.22.1fixed 6.4.0-150700.7.22.1
In the Linux kernel, the following vulnerability has been resolved: pcmcia: Fix a NULL pointer dereference in __iodyn_find_io_region() In __iodyn_find_io_region(), pcmcia_make_resource() is assigned to res and used in pci_bus_alloc_resource(). There is a dereference of res in p
- affected < 6.4.0-150700.7.22.1fixed 6.4.0-150700.7.22.1
In the Linux kernel, the following vulnerability has been resolved: x86/mm/64: define ARCH_PAGE_TABLE_SYNC_MASK and arch_sync_kernel_mappings() Define ARCH_PAGE_TABLE_SYNC_MASK and arch_sync_kernel_mappings() to ensure page tables are properly synchronized when calling p*d_popu
- affected < 6.4.0-150700.7.22.1fixed 6.4.0-150700.7.22.1
In the Linux kernel, the following vulnerability has been resolved: mm: move page table sync declarations to linux/pgtable.h During our internal testing, we started observing intermittent boot failures when the machine uses 4-level paging and has a large amount of persistent me
- affected < 6.4.0-150700.7.19.1fixed 6.4.0-150700.7.19.1
In the Linux kernel, the following vulnerability has been resolved: ocfs2: prevent release journal inode after journal shutdown Before calling ocfs2_delete_osb(), ocfs2_journal_shutdown() has already been executed in ocfs2_dismount_volume(), so osb->journal must be NULL. There
- affected < 6.4.0-150700.7.22.1fixed 6.4.0-150700.7.22.1
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix buffer free/clear order in deferred receive path Fix a use-after-free window by correcting the buffer release sequence in the deferred receive path. The code freed the RQ buffer first and only t
- affected < 6.4.0-150700.7.22.1fixed 6.4.0-150700.7.22.1
In the Linux kernel, the following vulnerability has been resolved: batman-adv: fix OOB read/write in network-coding decode batadv_nc_skb_decode_packet() trusts coded_len and checks only against skb->len. XOR starts at sizeof(struct batadv_unicast_packet), reducing payload head
- affected < 6.4.0-150700.7.19.1fixed 6.4.0-150700.7.19.1
In the Linux kernel, the following vulnerability has been resolved: cifs: prevent NULL pointer dereference in UTF16 conversion There can be a NULL pointer dereference bug here. NULL is passed to __cifs_sfu_make_node without checks, which passes it unchecked to cifs_strndup_to_u
- CVE-2025-39863Sep 19, 2025affected < 6.4.0-150700.7.22.1fixed 6.4.0-150700.7.22.1
In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: fix use-after-free when rescheduling brcmf_btcoex_info work The brcmf_btcoex_detach() only shuts down the btcoex timer, if the flag timer_on is false. However, the brcmf_btcoex_timerfunc(), whic
- CVE-2025-39861Sep 19, 2025affected < 6.4.0-150700.7.22.1fixed 6.4.0-150700.7.22.1
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: vhci: Prevent use-after-free by removing debugfs files early Move the creation of debugfs files into a dedicated function, and ensure they are explicitly removed during vhci_release(), before associa
- CVE-2025-39859Sep 19, 2025affected < 6.4.0-150700.7.25.1fixed 6.4.0-150700.7.25.1
In the Linux kernel, the following vulnerability has been resolved: ptp: ocp: fix use-after-free bugs causing by ptp_ocp_watchdog The ptp_ocp_detach() only shuts down the watchdog timer if it is pending. However, if the timer handler is already running, the timer_delete_sync()
- CVE-2025-39854Sep 19, 2025affected < 6.4.0-150700.7.22.1fixed 6.4.0-150700.7.22.1
In the Linux kernel, the following vulnerability has been resolved: ice: fix NULL access of tx->in_use in ice_ll_ts_intr Recent versions of the E810 firmware have support for an extra interrupt to handle report of the "low latency" Tx timestamps coming from the specialized low
Page 57 of 111