rpm package
suse/kernel-source-rt&distro=SUSE Real Time Module 15 SP7
pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP7
Vulnerabilities (2,100)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-38112 | — | < 6.4.0-150700.7.13.1 | 6.4.0-150700.7.13.1 | Jul 3, 2025 | In the Linux kernel, the following vulnerability has been resolved: net: Fix TOCTOU issue in sk_is_readable() sk->sk_prot->sock_is_readable is a valid function pointer when sk resides in a sockmap. After the last sk_psock_put() (which usually happens when socket is removed from | ||
| CVE-2025-38110 | — | < 6.4.0-150700.7.13.1 | 6.4.0-150700.7.13.1 | Jul 3, 2025 | In the Linux kernel, the following vulnerability has been resolved: net/mdiobus: Fix potential out-of-bounds clause 45 read/write access When using publicly available tools like 'mdio-tools' to read/write data from/to network interface and its PHY via C45 (clause 45) mdiobus, t | ||
| CVE-2025-38109 | — | < 6.4.0-150700.7.13.1 | 6.4.0-150700.7.13.1 | Jul 3, 2025 | In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix ECVF vports unload on shutdown flow Fix shutdown flow UAF when a virtual function is created on the embedded chip (ECVF) of a BlueField device. In such case the vport acl ingress table is not prop | ||
| CVE-2025-38108 | — | < 6.4.0-150700.7.13.1 | 6.4.0-150700.7.13.1 | Jul 3, 2025 | In the Linux kernel, the following vulnerability has been resolved: net_sched: red: fix a race in __red_change() Gerrard Tai reported a race condition in RED, whenever SFQ perturb timer fires at the wrong time. The race is as follows: CPU 0 CPU | ||
| CVE-2025-38107 | — | < 6.4.0-150700.7.13.1 | 6.4.0-150700.7.13.1 | Jul 3, 2025 | In the Linux kernel, the following vulnerability has been resolved: net_sched: ets: fix a race in ets_qdisc_change() Gerrard Tai reported a race condition in ETS, whenever SFQ perturb timer fires at the wrong time. The race is as follows: CPU 0 | ||
| CVE-2025-38106 | — | < 6.4.0-150700.7.13.1 | 6.4.0-150700.7.13.1 | Jul 3, 2025 | In the Linux kernel, the following vulnerability has been resolved: io_uring: fix use-after-free of sq->thread in __io_uring_show_fdinfo() syzbot reports: BUG: KASAN: slab-use-after-free in getrusage+0x1109/0x1a60 Read of size 8 at addr ffff88810de2d2c8 by task a.out/304 CPU: | ||
| CVE-2025-38105 | — | < 6.4.0-150700.7.13.1 | 6.4.0-150700.7.13.1 | Jul 3, 2025 | In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Kill timer properly at removal The USB-audio MIDI code initializes the timer, but in a rare case, the driver might be freed without the disconnect call. This leaves the timer in an active stat | ||
| CVE-2025-38103 | — | < 6.4.0-150700.7.16.1 | 6.4.0-150700.7.16.1 | Jul 3, 2025 | In the Linux kernel, the following vulnerability has been resolved: HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse() Update struct hid_descriptor to better reflect the mandatory and optional parts of the HID Descriptor as per USB HID 1.11 specification. Note | ||
| CVE-2025-38102 | — | < 6.4.0-150700.7.13.1 | 6.4.0-150700.7.13.1 | Jul 3, 2025 | In the Linux kernel, the following vulnerability has been resolved: VMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify During our test, it is found that a warning can be trigger in try_grab_folio as follow: ------------[ cut here ]------------ WARNING: | ||
| CVE-2025-38099 | — | < 6.4.0-150700.7.13.1 | 6.4.0-150700.7.13.1 | Jul 3, 2025 | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Disable SCO support if READ_VOICE_SETTING is unsupported/broken A SCO connection without the proper voice_setting can cause the controller to lock up. | ||
| CVE-2025-38098 | — | < 6.4.0-150700.7.13.1 | 6.4.0-150700.7.13.1 | Jul 3, 2025 | In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Don't treat wb connector as physical in create_validate_stream_for_sink Don't try to operate on a drm_wb_connector as an amdgpu_dm_connector. While dereferencing aconnector->base will "work" it | ||
| CVE-2025-38097 | — | < 6.4.0-150700.7.13.1 | 6.4.0-150700.7.13.1 | Jul 3, 2025 | In the Linux kernel, the following vulnerability has been resolved: espintcp: remove encap socket caching to avoid reference leak The current scheme for caching the encap socket can lead to reference leaks when we try to delete the netns. The reference chain is: xfrm_state -> | ||
| CVE-2025-38095 | — | < 6.4.0-150700.7.13.1 | 6.4.0-150700.7.13.1 | Jul 3, 2025 | In the Linux kernel, the following vulnerability has been resolved: dma-buf: insert memory barrier before updating num_fences smp_store_mb() inserts memory barrier after storing operation. It is different with what the comment is originally aiming so Null pointer dereference ca | ||
| CVE-2025-38094 | — | < 6.4.0-150700.7.13.1 | 6.4.0-150700.7.13.1 | Jul 3, 2025 | In the Linux kernel, the following vulnerability has been resolved: net: cadence: macb: Fix a possible deadlock in macb_halt_tx. There is a situation where after THALT is set high, TGO stays high as well. Because jiffies are never updated, as we are in a context with interrupts | ||
| CVE-2025-38091 | — | < 6.4.0-150700.7.13.1 | 6.4.0-150700.7.13.1 | Jul 2, 2025 | In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: check stream id dml21 wrapper to get plane_id [Why & How] Fix a false positive warning which occurs due to lack of correct checks when querying plane_id in DML21. This fixes the warning when pe | ||
| CVE-2025-38090 | — | < 6.4.0-150700.7.13.1 | 6.4.0-150700.7.13.1 | Jun 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: drivers/rapidio/rio_cm.c: prevent possible heap overwrite In riocm_cdev_ioctl(RIO_CM_CHAN_SEND) -> cm_chan_msg_send() -> riocm_ch_send() cm_chan_msg_send() checks that userspace didn't send too much | ||
| CVE-2025-38089 | — | < 6.4.0-150700.7.13.1 | 6.4.0-150700.7.13.1 | Jun 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: sunrpc: handle SVC_GARBAGE during svc auth processing as auth error tianshuo han reported a remotely-triggerable crash if the client sends a kernel RPC server a specially crafted packet. If decoding the RPC rep | ||
| CVE-2025-38088 | — | < 6.4.0-150700.7.13.1 | 6.4.0-150700.7.13.1 | Jun 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: powerpc/powernv/memtrace: Fix out of bounds issue in memtrace mmap memtrace mmap issue has an out of bounds issue. This patch fixes the by checking that the requested mapping region size should stay within the | ||
| CVE-2025-38087 | — | < 6.4.0-150700.7.13.1 | 6.4.0-150700.7.13.1 | Jun 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: net/sched: fix use-after-free in taprio_dev_notifier Since taprio’s taprio_dev_notifier() isn’t protected by an RCU read-side critical section, a race with advance_sched() can lead to a use-after-free. Adding | ||
| CVE-2025-38085 | — | < 6.4.0-150700.7.13.1 | 6.4.0-150700.7.13.1 | Jun 28, 2025 | In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race huge_pmd_unshare() drops a reference on a page table that may have previously been shared across processes, potentially turning it into a normal page table us |
- CVE-2025-38112Jul 3, 2025affected < 6.4.0-150700.7.13.1fixed 6.4.0-150700.7.13.1
In the Linux kernel, the following vulnerability has been resolved: net: Fix TOCTOU issue in sk_is_readable() sk->sk_prot->sock_is_readable is a valid function pointer when sk resides in a sockmap. After the last sk_psock_put() (which usually happens when socket is removed from
- CVE-2025-38110Jul 3, 2025affected < 6.4.0-150700.7.13.1fixed 6.4.0-150700.7.13.1
In the Linux kernel, the following vulnerability has been resolved: net/mdiobus: Fix potential out-of-bounds clause 45 read/write access When using publicly available tools like 'mdio-tools' to read/write data from/to network interface and its PHY via C45 (clause 45) mdiobus, t
- CVE-2025-38109Jul 3, 2025affected < 6.4.0-150700.7.13.1fixed 6.4.0-150700.7.13.1
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix ECVF vports unload on shutdown flow Fix shutdown flow UAF when a virtual function is created on the embedded chip (ECVF) of a BlueField device. In such case the vport acl ingress table is not prop
- CVE-2025-38108Jul 3, 2025affected < 6.4.0-150700.7.13.1fixed 6.4.0-150700.7.13.1
In the Linux kernel, the following vulnerability has been resolved: net_sched: red: fix a race in __red_change() Gerrard Tai reported a race condition in RED, whenever SFQ perturb timer fires at the wrong time. The race is as follows: CPU 0 CPU
- CVE-2025-38107Jul 3, 2025affected < 6.4.0-150700.7.13.1fixed 6.4.0-150700.7.13.1
In the Linux kernel, the following vulnerability has been resolved: net_sched: ets: fix a race in ets_qdisc_change() Gerrard Tai reported a race condition in ETS, whenever SFQ perturb timer fires at the wrong time. The race is as follows: CPU 0
- CVE-2025-38106Jul 3, 2025affected < 6.4.0-150700.7.13.1fixed 6.4.0-150700.7.13.1
In the Linux kernel, the following vulnerability has been resolved: io_uring: fix use-after-free of sq->thread in __io_uring_show_fdinfo() syzbot reports: BUG: KASAN: slab-use-after-free in getrusage+0x1109/0x1a60 Read of size 8 at addr ffff88810de2d2c8 by task a.out/304 CPU:
- CVE-2025-38105Jul 3, 2025affected < 6.4.0-150700.7.13.1fixed 6.4.0-150700.7.13.1
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Kill timer properly at removal The USB-audio MIDI code initializes the timer, but in a rare case, the driver might be freed without the disconnect call. This leaves the timer in an active stat
- CVE-2025-38103Jul 3, 2025affected < 6.4.0-150700.7.16.1fixed 6.4.0-150700.7.16.1
In the Linux kernel, the following vulnerability has been resolved: HID: usbhid: Eliminate recurrent out-of-bounds bug in usbhid_parse() Update struct hid_descriptor to better reflect the mandatory and optional parts of the HID Descriptor as per USB HID 1.11 specification. Note
- CVE-2025-38102Jul 3, 2025affected < 6.4.0-150700.7.13.1fixed 6.4.0-150700.7.13.1
In the Linux kernel, the following vulnerability has been resolved: VMCI: fix race between vmci_host_setup_notify and vmci_ctx_unset_notify During our test, it is found that a warning can be trigger in try_grab_folio as follow: ------------[ cut here ]------------ WARNING:
- CVE-2025-38099Jul 3, 2025affected < 6.4.0-150700.7.13.1fixed 6.4.0-150700.7.13.1
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Disable SCO support if READ_VOICE_SETTING is unsupported/broken A SCO connection without the proper voice_setting can cause the controller to lock up.
- CVE-2025-38098Jul 3, 2025affected < 6.4.0-150700.7.13.1fixed 6.4.0-150700.7.13.1
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Don't treat wb connector as physical in create_validate_stream_for_sink Don't try to operate on a drm_wb_connector as an amdgpu_dm_connector. While dereferencing aconnector->base will "work" it
- CVE-2025-38097Jul 3, 2025affected < 6.4.0-150700.7.13.1fixed 6.4.0-150700.7.13.1
In the Linux kernel, the following vulnerability has been resolved: espintcp: remove encap socket caching to avoid reference leak The current scheme for caching the encap socket can lead to reference leaks when we try to delete the netns. The reference chain is: xfrm_state ->
- CVE-2025-38095Jul 3, 2025affected < 6.4.0-150700.7.13.1fixed 6.4.0-150700.7.13.1
In the Linux kernel, the following vulnerability has been resolved: dma-buf: insert memory barrier before updating num_fences smp_store_mb() inserts memory barrier after storing operation. It is different with what the comment is originally aiming so Null pointer dereference ca
- CVE-2025-38094Jul 3, 2025affected < 6.4.0-150700.7.13.1fixed 6.4.0-150700.7.13.1
In the Linux kernel, the following vulnerability has been resolved: net: cadence: macb: Fix a possible deadlock in macb_halt_tx. There is a situation where after THALT is set high, TGO stays high as well. Because jiffies are never updated, as we are in a context with interrupts
- CVE-2025-38091Jul 2, 2025affected < 6.4.0-150700.7.13.1fixed 6.4.0-150700.7.13.1
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: check stream id dml21 wrapper to get plane_id [Why & How] Fix a false positive warning which occurs due to lack of correct checks when querying plane_id in DML21. This fixes the warning when pe
- CVE-2025-38090Jun 30, 2025affected < 6.4.0-150700.7.13.1fixed 6.4.0-150700.7.13.1
In the Linux kernel, the following vulnerability has been resolved: drivers/rapidio/rio_cm.c: prevent possible heap overwrite In riocm_cdev_ioctl(RIO_CM_CHAN_SEND) -> cm_chan_msg_send() -> riocm_ch_send() cm_chan_msg_send() checks that userspace didn't send too much
- CVE-2025-38089Jun 30, 2025affected < 6.4.0-150700.7.13.1fixed 6.4.0-150700.7.13.1
In the Linux kernel, the following vulnerability has been resolved: sunrpc: handle SVC_GARBAGE during svc auth processing as auth error tianshuo han reported a remotely-triggerable crash if the client sends a kernel RPC server a specially crafted packet. If decoding the RPC rep
- CVE-2025-38088Jun 30, 2025affected < 6.4.0-150700.7.13.1fixed 6.4.0-150700.7.13.1
In the Linux kernel, the following vulnerability has been resolved: powerpc/powernv/memtrace: Fix out of bounds issue in memtrace mmap memtrace mmap issue has an out of bounds issue. This patch fixes the by checking that the requested mapping region size should stay within the
- CVE-2025-38087Jun 30, 2025affected < 6.4.0-150700.7.13.1fixed 6.4.0-150700.7.13.1
In the Linux kernel, the following vulnerability has been resolved: net/sched: fix use-after-free in taprio_dev_notifier Since taprio’s taprio_dev_notifier() isn’t protected by an RCU read-side critical section, a race with advance_sched() can lead to a use-after-free. Adding
- CVE-2025-38085Jun 28, 2025affected < 6.4.0-150700.7.13.1fixed 6.4.0-150700.7.13.1
In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race huge_pmd_unshare() drops a reference on a page table that may have previously been shared across processes, potentially turning it into a normal page table us
Page 84 of 105