rpm package
suse/kernel-source-rt&distro=SUSE Real Time Module 15 SP7
pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP7
Vulnerabilities (2,100)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-38459 | — | < 6.4.0-150700.7.16.1 | 6.4.0-150700.7.16.1 | Jul 25, 2025 | In the Linux kernel, the following vulnerability has been resolved: atm: clip: Fix infinite recursive call of clip_push(). syzbot reported the splat below. [0] This happens if we call ioctl(ATMARP_MKIP) more than once. During the first call, clip_mkip() sets clip_push() to vc | ||
| CVE-2025-38458 | — | < 6.4.0-150700.7.16.1 | 6.4.0-150700.7.16.1 | Jul 25, 2025 | In the Linux kernel, the following vulnerability has been resolved: atm: clip: Fix NULL pointer dereference in vcc_sendmsg() atmarpd_dev_ops does not implement the send method, which may cause crash as bellow. BUG: kernel NULL pointer dereference, address: 0000000000000000 PGD | ||
| CVE-2025-38456 | — | < 6.4.0-150700.7.19.1 | 6.4.0-150700.7.19.1 | Jul 25, 2025 | In the Linux kernel, the following vulnerability has been resolved: ipmi:msghandler: Fix potential memory corruption in ipmi_create_user() The "intf" list iterator is an invalid pointer if the correct "intf->intf_num" is not found. Calling atomic_dec(&intf->nr_users) on and in | ||
| CVE-2025-38455 | — | < 6.4.0-150700.7.13.1 | 6.4.0-150700.7.13.1 | Jul 25, 2025 | In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Reject SEV{-ES} intra host migration if vCPU creation is in-flight Reject migration of SEV{-ES} state if either the source or destination VM is actively creating a vCPU, i.e. if kvm_vm_ioctl_create_vc | ||
| CVE-2025-38453 | — | < 6.4.0-150700.7.13.1 | 6.4.0-150700.7.13.1 | Jul 25, 2025 | In the Linux kernel, the following vulnerability has been resolved: io_uring/msg_ring: ensure io_kiocb freeing is deferred for RCU syzbot reports that defer/local task_work adding via msg_ring can hit a request that has been freed: CPU: 1 UID: 0 PID: 19356 Comm: iou-wrk-19354 | ||
| CVE-2025-38449 | — | < 6.4.0-150700.7.13.1 | 6.4.0-150700.7.13.1 | Jul 25, 2025 | In the Linux kernel, the following vulnerability has been resolved: drm/gem: Acquire references on GEM handles for framebuffers A GEM handle can be released while the GEM buffer object is attached to a DRM framebuffer. This leads to the release of the dma-buf backing the buffer | ||
| CVE-2025-38448 | — | < 6.4.0-150700.7.13.1 | 6.4.0-150700.7.13.1 | Jul 25, 2025 | In the Linux kernel, the following vulnerability has been resolved: usb: gadget: u_serial: Fix race condition in TTY wakeup A race condition occurs when gs_start_io() calls either gs_start_rx() or gs_start_tx(), as those functions briefly drop the port_lock for usb_ep_queue(). | ||
| CVE-2025-38445 | — | < 6.4.0-150700.7.16.1 | 6.4.0-150700.7.16.1 | Jul 25, 2025 | In the Linux kernel, the following vulnerability has been resolved: md/raid1: Fix stack memory use after return in raid1_reshape In the raid1_reshape function, newpool is allocated on the stack and assigned to conf->r1bio_pool. This results in conf->r1bio_pool.wait.head pointin | ||
| CVE-2025-38444 | — | < 6.4.0-150700.7.16.1 | 6.4.0-150700.7.16.1 | Jul 25, 2025 | In the Linux kernel, the following vulnerability has been resolved: raid10: cleanup memleak at raid10_make_request If raid10_read_request or raid10_write_request registers a new request and the REQ_NOWAIT flag is set, the code does not free the malloc from the mempool. unrefer | ||
| CVE-2025-38443 | — | < 6.4.0-150700.7.13.1 | 6.4.0-150700.7.13.1 | Jul 25, 2025 | In the Linux kernel, the following vulnerability has been resolved: nbd: fix uaf in nbd_genl_connect() error path There is a use-after-free issue in nbd: block nbd6: Receive control failed (result -104) block nbd6: shutting down sockets ======================================== | ||
| CVE-2025-38441 | — | < 6.4.0-150700.7.16.1 | 6.4.0-150700.7.16.1 | Jul 25, 2025 | In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto() syzbot found a potential access to uninit-value in nf_flow_pppoe_proto() Blamed commit forgot the Ethernet header. BUG: KMSAN: uninit | ||
| CVE-2025-38440 | — | < 6.4.0-150700.7.16.1 | 6.4.0-150700.7.16.1 | Jul 25, 2025 | In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix race between DIM disable and net_dim() There's a race between disabling DIM and NAPI callbacks using the dim pointer on the RQ or SQ. If NAPI checks the DIM state bit and sees it still set, it a | ||
| CVE-2025-38439 | — | < 6.4.0-150700.7.16.1 | 6.4.0-150700.7.16.1 | Jul 25, 2025 | In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT When transmitting an XDP_REDIRECT packet, call dma_unmap_len_set() with the proper length instead of 0. This bug triggers this warning on a system with IOM | ||
| CVE-2025-38436 | Med | 5.5 | < 6.4.0-150700.7.13.1 | 6.4.0-150700.7.13.1 | Jul 25, 2025 | In the Linux kernel, the following vulnerability has been resolved: drm/scheduler: signal scheduled fence when kill job When an entity from application B is killed, drm_sched_entity_kill() removes all jobs belonging to that entity through drm_sched_entity_kill_jobs_work(). If a | |
| CVE-2025-38430 | Med | 5.5 | < 6.4.0-150700.7.13.1 | 6.4.0-150700.7.13.1 | Jul 25, 2025 | In the Linux kernel, the following vulnerability has been resolved: nfsd: nfsd4_spo_must_allow() must check this is a v4 compound request If the request being processed is not a v4 compound request, then examining the cstate can have undefined results. This patch adds a check | |
| CVE-2025-38429 | — | < 6.4.0-150700.7.13.1 | 6.4.0-150700.7.13.1 | Jul 25, 2025 | In the Linux kernel, the following vulnerability has been resolved: bus: mhi: ep: Update read pointer only after buffer is written Inside mhi_ep_ring_add_element, the read pointer (rd_offset) is updated before the buffer is written, potentially causing race conditions where the | ||
| CVE-2025-38428 | — | < 6.4.0-150700.7.13.1 | 6.4.0-150700.7.13.1 | Jul 25, 2025 | In the Linux kernel, the following vulnerability has been resolved: Input: ims-pcu - check record size in ims_pcu_flash_firmware() The "len" variable comes from the firmware and we generally do trust firmware, but it's always better to double check. If the "len" is too large i | ||
| CVE-2025-38427 | — | < 6.4.0-150700.7.13.1 | 6.4.0-150700.7.13.1 | Jul 25, 2025 | In the Linux kernel, the following vulnerability has been resolved: video: screen_info: Relocate framebuffers behind PCI bridges Apply PCI host-bridge window offsets to screen_info framebuffers. Fixes invalid access to I/O memory. Resources behind a PCI host bridge can be relo | ||
| CVE-2025-38426 | — | < 6.4.0-150700.7.13.1 | 6.4.0-150700.7.13.1 | Jul 25, 2025 | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Add basic validation for RAS header If RAS header read from EEPROM is corrupted, it could result in trying to allocate huge memory for reading the records. Add some validation to header fields. | ||
| CVE-2025-38425 | — | < 6.4.0-150700.7.13.1 | 6.4.0-150700.7.13.1 | Jul 25, 2025 | In the Linux kernel, the following vulnerability has been resolved: i2c: tegra: check msg length in SMBUS block read For SMBUS block read, do not continue to read if the message length passed from the device is '0' or greater than the maximum allowed bytes. |
- CVE-2025-38459Jul 25, 2025affected < 6.4.0-150700.7.16.1fixed 6.4.0-150700.7.16.1
In the Linux kernel, the following vulnerability has been resolved: atm: clip: Fix infinite recursive call of clip_push(). syzbot reported the splat below. [0] This happens if we call ioctl(ATMARP_MKIP) more than once. During the first call, clip_mkip() sets clip_push() to vc
- CVE-2025-38458Jul 25, 2025affected < 6.4.0-150700.7.16.1fixed 6.4.0-150700.7.16.1
In the Linux kernel, the following vulnerability has been resolved: atm: clip: Fix NULL pointer dereference in vcc_sendmsg() atmarpd_dev_ops does not implement the send method, which may cause crash as bellow. BUG: kernel NULL pointer dereference, address: 0000000000000000 PGD
- CVE-2025-38456Jul 25, 2025affected < 6.4.0-150700.7.19.1fixed 6.4.0-150700.7.19.1
In the Linux kernel, the following vulnerability has been resolved: ipmi:msghandler: Fix potential memory corruption in ipmi_create_user() The "intf" list iterator is an invalid pointer if the correct "intf->intf_num" is not found. Calling atomic_dec(&intf->nr_users) on and in
- CVE-2025-38455Jul 25, 2025affected < 6.4.0-150700.7.13.1fixed 6.4.0-150700.7.13.1
In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Reject SEV{-ES} intra host migration if vCPU creation is in-flight Reject migration of SEV{-ES} state if either the source or destination VM is actively creating a vCPU, i.e. if kvm_vm_ioctl_create_vc
- CVE-2025-38453Jul 25, 2025affected < 6.4.0-150700.7.13.1fixed 6.4.0-150700.7.13.1
In the Linux kernel, the following vulnerability has been resolved: io_uring/msg_ring: ensure io_kiocb freeing is deferred for RCU syzbot reports that defer/local task_work adding via msg_ring can hit a request that has been freed: CPU: 1 UID: 0 PID: 19356 Comm: iou-wrk-19354
- CVE-2025-38449Jul 25, 2025affected < 6.4.0-150700.7.13.1fixed 6.4.0-150700.7.13.1
In the Linux kernel, the following vulnerability has been resolved: drm/gem: Acquire references on GEM handles for framebuffers A GEM handle can be released while the GEM buffer object is attached to a DRM framebuffer. This leads to the release of the dma-buf backing the buffer
- CVE-2025-38448Jul 25, 2025affected < 6.4.0-150700.7.13.1fixed 6.4.0-150700.7.13.1
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: u_serial: Fix race condition in TTY wakeup A race condition occurs when gs_start_io() calls either gs_start_rx() or gs_start_tx(), as those functions briefly drop the port_lock for usb_ep_queue().
- CVE-2025-38445Jul 25, 2025affected < 6.4.0-150700.7.16.1fixed 6.4.0-150700.7.16.1
In the Linux kernel, the following vulnerability has been resolved: md/raid1: Fix stack memory use after return in raid1_reshape In the raid1_reshape function, newpool is allocated on the stack and assigned to conf->r1bio_pool. This results in conf->r1bio_pool.wait.head pointin
- CVE-2025-38444Jul 25, 2025affected < 6.4.0-150700.7.16.1fixed 6.4.0-150700.7.16.1
In the Linux kernel, the following vulnerability has been resolved: raid10: cleanup memleak at raid10_make_request If raid10_read_request or raid10_write_request registers a new request and the REQ_NOWAIT flag is set, the code does not free the malloc from the mempool. unrefer
- CVE-2025-38443Jul 25, 2025affected < 6.4.0-150700.7.13.1fixed 6.4.0-150700.7.13.1
In the Linux kernel, the following vulnerability has been resolved: nbd: fix uaf in nbd_genl_connect() error path There is a use-after-free issue in nbd: block nbd6: Receive control failed (result -104) block nbd6: shutting down sockets ========================================
- CVE-2025-38441Jul 25, 2025affected < 6.4.0-150700.7.16.1fixed 6.4.0-150700.7.16.1
In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: account for Ethernet header in nf_flow_pppoe_proto() syzbot found a potential access to uninit-value in nf_flow_pppoe_proto() Blamed commit forgot the Ethernet header. BUG: KMSAN: uninit
- CVE-2025-38440Jul 25, 2025affected < 6.4.0-150700.7.16.1fixed 6.4.0-150700.7.16.1
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix race between DIM disable and net_dim() There's a race between disabling DIM and NAPI callbacks using the dim pointer on the RQ or SQ. If NAPI checks the DIM state bit and sees it still set, it a
- CVE-2025-38439Jul 25, 2025affected < 6.4.0-150700.7.16.1fixed 6.4.0-150700.7.16.1
In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Set DMA unmap len correctly for XDP_REDIRECT When transmitting an XDP_REDIRECT packet, call dma_unmap_len_set() with the proper length instead of 0. This bug triggers this warning on a system with IOM
- affected < 6.4.0-150700.7.13.1fixed 6.4.0-150700.7.13.1
In the Linux kernel, the following vulnerability has been resolved: drm/scheduler: signal scheduled fence when kill job When an entity from application B is killed, drm_sched_entity_kill() removes all jobs belonging to that entity through drm_sched_entity_kill_jobs_work(). If a
- affected < 6.4.0-150700.7.13.1fixed 6.4.0-150700.7.13.1
In the Linux kernel, the following vulnerability has been resolved: nfsd: nfsd4_spo_must_allow() must check this is a v4 compound request If the request being processed is not a v4 compound request, then examining the cstate can have undefined results. This patch adds a check
- CVE-2025-38429Jul 25, 2025affected < 6.4.0-150700.7.13.1fixed 6.4.0-150700.7.13.1
In the Linux kernel, the following vulnerability has been resolved: bus: mhi: ep: Update read pointer only after buffer is written Inside mhi_ep_ring_add_element, the read pointer (rd_offset) is updated before the buffer is written, potentially causing race conditions where the
- CVE-2025-38428Jul 25, 2025affected < 6.4.0-150700.7.13.1fixed 6.4.0-150700.7.13.1
In the Linux kernel, the following vulnerability has been resolved: Input: ims-pcu - check record size in ims_pcu_flash_firmware() The "len" variable comes from the firmware and we generally do trust firmware, but it's always better to double check. If the "len" is too large i
- CVE-2025-38427Jul 25, 2025affected < 6.4.0-150700.7.13.1fixed 6.4.0-150700.7.13.1
In the Linux kernel, the following vulnerability has been resolved: video: screen_info: Relocate framebuffers behind PCI bridges Apply PCI host-bridge window offsets to screen_info framebuffers. Fixes invalid access to I/O memory. Resources behind a PCI host bridge can be relo
- CVE-2025-38426Jul 25, 2025affected < 6.4.0-150700.7.13.1fixed 6.4.0-150700.7.13.1
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Add basic validation for RAS header If RAS header read from EEPROM is corrupted, it could result in trying to allocate huge memory for reading the records. Add some validation to header fields.
- CVE-2025-38425Jul 25, 2025affected < 6.4.0-150700.7.13.1fixed 6.4.0-150700.7.13.1
In the Linux kernel, the following vulnerability has been resolved: i2c: tegra: check msg length in SMBUS block read For SMBUS block read, do not continue to read if the message length passed from the device is '0' or greater than the maximum allowed bytes.
Page 73 of 105