rpm package

suse/kernel-source-rt&distro=SUSE Real Time Module 15 SP7

pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP7

Vulnerabilities (2,100)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2026-23414	Hig	7.5	< 6.4.0-150700.7.37.2	6.4.0-150700.7.37.2	Apr 2, 2026	In the Linux kernel, the following vulnerability has been resolved: tls: Purge async_hold in tls_decrypt_async_wait() The async_hold queue pins encrypted input skbs while the AEAD engine references their scatterlist data. Once tls_decrypt_async_wait() returns, every AEAD operat
CVE-2026-23413	Hig	7.8	< 6.4.0-150700.7.37.2	6.4.0-150700.7.37.2	Apr 2, 2026	In the Linux kernel, the following vulnerability has been resolved: clsact: Fix use-after-free in init/destroy rollback asymmetry Fix a use-after-free in the clsact qdisc upon init/destroy rollback asymmetry. The latter is achieved by first fully initializing a clsact instance,
CVE-2026-23398	Med	5.5	< 6.4.0-150700.7.37.2	6.4.0-150700.7.37.2	Mar 26, 2026	In the Linux kernel, the following vulnerability has been resolved: icmp: fix NULL pointer dereference in icmp_tag_validation() icmp_tag_validation() unconditionally dereferences the result of rcu_dereference(inet_protos[proto]) without checking for NULL. The inet_protos[] arra
CVE-2026-31788	Hig	8.2	< 6.4.0-150700.7.37.2	6.4.0-150700.7.37.2	Mar 25, 2026	In the Linux kernel, the following vulnerability has been resolved: xen/privcmd: restrict usage in unprivileged domU The Xen privcmd driver allows to issue arbitrary hypercalls from user space processes. This is normally no problem, as access is usually limited to root and the
CVE-2026-23386	Med	5.5	< 6.4.0-150700.7.37.2	6.4.0-150700.7.37.2	Mar 25, 2026	In the Linux kernel, the following vulnerability has been resolved: gve: fix incorrect buffer cleanup in gve_tx_clean_pending_packets for QPL In DQ-QPL mode, gve_tx_clean_pending_packets() incorrectly uses the RDA buffer cleanup path. It iterates num_bufs times and attempts to
CVE-2026-23381	Med	5.5	< 6.4.0-150700.7.37.2	6.4.0-150700.7.37.2	Mar 25, 2026	In the Linux kernel, the following vulnerability has been resolved: net: bridge: fix nd_tbl NULL dereference when IPv6 is disabled When booting with the 'ipv6.disable=1' parameter, the nd_tbl is never initialized because inet6_init() exits before ndisc_init() is called which in
CVE-2026-23379	Med	5.5	< 6.4.0-150700.7.37.2	6.4.0-150700.7.37.2	Mar 25, 2026	In the Linux kernel, the following vulnerability has been resolved: net/sched: ets: fix divide by zero in the offload path Offloading ETS requires computing each class' WRR weight: this is done by averaging over the sums of quanta as 'q_sum' and 'q_psum'. Using unsigned int, th
CVE-2026-23361	Hig	7.8	< 6.4.0-150700.7.37.2	6.4.0-150700.7.37.2	Mar 25, 2026	In the Linux kernel, the following vulnerability has been resolved: PCI: dwc: ep: Flush MSI-X write before unmapping its ATU entry Endpoint drivers use dw_pcie_ep_raise_msix_irq() to raise an MSI-X interrupt to the host using a writel(), which generates a PCI posted write trans
CVE-2026-23319	Hig	7.8	< 6.4.0-150700.7.37.2	6.4.0-150700.7.37.2	Mar 25, 2026	In the Linux kernel, the following vulnerability has been resolved: bpf: Fix a UAF issue in bpf_trampoline_link_cgroup_shim The root cause of this bug is that when 'bpf_link_put' reduces the refcount of 'shim_link->link.link' to zero, the resource is considered released but may
CVE-2026-23317	Hig	7.8	< 6.4.0-150700.7.37.2	6.4.0-150700.7.37.2	Mar 25, 2026	In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Return the correct value in vmw_translate_ptr functions Before the referenced fixes these functions used a lookup function that returned a pointer. This was changed to another lookup function that r
CVE-2026-23293		—	< 6.4.0-150700.7.37.2	6.4.0-150700.7.37.2	Mar 25, 2026	In the Linux kernel, the following vulnerability has been resolved: net: vxlan: fix nd_tbl NULL dereference when IPv6 is disabled When booting with the 'ipv6.disable=1' parameter, the nd_tbl is never initialized because inet6_init() exits before ndisc_init() is called which ini
CVE-2026-23281	Hig	7.8	< 6.4.0-150700.7.37.2	6.4.0-150700.7.37.2	Mar 25, 2026	In the Linux kernel, the following vulnerability has been resolved: wifi: libertas: fix use-after-free in lbs_free_adapter() The lbs_free_adapter() function uses timer_delete() (non-synchronous) for both command_timer and tx_lockup_timer before the structure is freed. This is i
CVE-2026-23292		—	< 6.4.0-150700.7.37.2	6.4.0-150700.7.37.2	Mar 25, 2026	In the Linux kernel, the following vulnerability has been resolved: scsi: target: Fix recursive locking in __configfs_open_file() In flush_write_buffer, &p->frag_sem is acquired and then the loaded store function is called, which, here, is target_core_item_dbroot_store(). This
CVE-2026-23278	Hig	7.8	< 6.4.0-150700.7.37.2	6.4.0-150700.7.37.2	Mar 20, 2026	In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: always walk all pending catchall elements During transaction processing we might have more than one catchall element: 1 live catchall element and 1 pending element that is coming as part o
CVE-2026-23277		—	< 6.4.0-150700.7.37.2	6.4.0-150700.7.37.2	Mar 20, 2026	In the Linux kernel, the following vulnerability has been resolved: net/sched: teql: fix NULL pointer dereference in iptunnel_xmit on TEQL slave xmit teql_master_xmit() calls netdev_start_xmit(skb, slave) to transmit through slave devices, but does not update skb->dev to the sl
CVE-2026-23274	Hig	7.8	< 6.4.0-150700.7.37.2	6.4.0-150700.7.37.2	Mar 20, 2026	In the Linux kernel, the following vulnerability has been resolved: netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels IDLETIMER revision 0 rules reuse existing timers by label and always call mod_timer() on timer->timer. If the label was created first by revisio
CVE-2026-23272	Hig	7.8	< 6.4.0-150700.7.37.2	6.4.0-150700.7.37.2	Mar 20, 2026	In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: unconditionally bump set->nelems before insertion In case that the set is full, a new element gets published then removed without waiting for the RCU grace period, while RCU reader can be
CVE-2026-23270	Hig	7.8	< 6.4.0-150700.7.37.2	6.4.0-150700.7.37.2	Mar 18, 2026	In the Linux kernel, the following vulnerability has been resolved: net/sched: Only allow act_ct to bind to clsact/ingress qdiscs and shared blocks As Paolo said earlier [1]: "Since the blamed commit below, classify can return TC_ACT_CONSUMED while the current skb being held b
CVE-2026-23269	Hig	7.1	< 6.4.0-150700.7.34.1	6.4.0-150700.7.34.1	Mar 18, 2026	In the Linux kernel, the following vulnerability has been resolved: apparmor: validate DFA start states are in bounds in unpack_pdb Start states are read from untrusted data and used as indexes into the DFA state tables. The aa_dfa_next() function call in unpack_pdb() will acce
CVE-2026-23268	Hig	7.8	< 6.4.0-150700.7.34.1	6.4.0-150700.7.34.1	Mar 18, 2026	In the Linux kernel, the following vulnerability has been resolved: apparmor: fix unprivileged local user can do privileged policy management An unprivileged local user can load, replace, and remove profiles by opening the apparmorfs interfaces, via a confused deputy attack, by

CVE-2026-23414HigApr 2, 2026
affected < 6.4.0-150700.7.37.2fixed 6.4.0-150700.7.37.2
In the Linux kernel, the following vulnerability has been resolved: tls: Purge async_hold in tls_decrypt_async_wait() The async_hold queue pins encrypted input skbs while the AEAD engine references their scatterlist data. Once tls_decrypt_async_wait() returns, every AEAD operat
CVE-2026-23413HigApr 2, 2026
affected < 6.4.0-150700.7.37.2fixed 6.4.0-150700.7.37.2
In the Linux kernel, the following vulnerability has been resolved: clsact: Fix use-after-free in init/destroy rollback asymmetry Fix a use-after-free in the clsact qdisc upon init/destroy rollback asymmetry. The latter is achieved by first fully initializing a clsact instance,
CVE-2026-23398MedMar 26, 2026
affected < 6.4.0-150700.7.37.2fixed 6.4.0-150700.7.37.2
In the Linux kernel, the following vulnerability has been resolved: icmp: fix NULL pointer dereference in icmp_tag_validation() icmp_tag_validation() unconditionally dereferences the result of rcu_dereference(inet_protos[proto]) without checking for NULL. The inet_protos[] arra
CVE-2026-31788HigMar 25, 2026
affected < 6.4.0-150700.7.37.2fixed 6.4.0-150700.7.37.2
In the Linux kernel, the following vulnerability has been resolved: xen/privcmd: restrict usage in unprivileged domU The Xen privcmd driver allows to issue arbitrary hypercalls from user space processes. This is normally no problem, as access is usually limited to root and the
CVE-2026-23386MedMar 25, 2026
affected < 6.4.0-150700.7.37.2fixed 6.4.0-150700.7.37.2
In the Linux kernel, the following vulnerability has been resolved: gve: fix incorrect buffer cleanup in gve_tx_clean_pending_packets for QPL In DQ-QPL mode, gve_tx_clean_pending_packets() incorrectly uses the RDA buffer cleanup path. It iterates num_bufs times and attempts to
CVE-2026-23381MedMar 25, 2026
affected < 6.4.0-150700.7.37.2fixed 6.4.0-150700.7.37.2
In the Linux kernel, the following vulnerability has been resolved: net: bridge: fix nd_tbl NULL dereference when IPv6 is disabled When booting with the 'ipv6.disable=1' parameter, the nd_tbl is never initialized because inet6_init() exits before ndisc_init() is called which in
CVE-2026-23379MedMar 25, 2026
affected < 6.4.0-150700.7.37.2fixed 6.4.0-150700.7.37.2
In the Linux kernel, the following vulnerability has been resolved: net/sched: ets: fix divide by zero in the offload path Offloading ETS requires computing each class' WRR weight: this is done by averaging over the sums of quanta as 'q_sum' and 'q_psum'. Using unsigned int, th
CVE-2026-23361HigMar 25, 2026
affected < 6.4.0-150700.7.37.2fixed 6.4.0-150700.7.37.2
In the Linux kernel, the following vulnerability has been resolved: PCI: dwc: ep: Flush MSI-X write before unmapping its ATU entry Endpoint drivers use dw_pcie_ep_raise_msix_irq() to raise an MSI-X interrupt to the host using a writel(), which generates a PCI posted write trans
CVE-2026-23319HigMar 25, 2026
affected < 6.4.0-150700.7.37.2fixed 6.4.0-150700.7.37.2
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix a UAF issue in bpf_trampoline_link_cgroup_shim The root cause of this bug is that when 'bpf_link_put' reduces the refcount of 'shim_link->link.link' to zero, the resource is considered released but may
CVE-2026-23317HigMar 25, 2026
affected < 6.4.0-150700.7.37.2fixed 6.4.0-150700.7.37.2
In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Return the correct value in vmw_translate_ptr functions Before the referenced fixes these functions used a lookup function that returned a pointer. This was changed to another lookup function that r
CVE-2026-23293Mar 25, 2026
affected < 6.4.0-150700.7.37.2fixed 6.4.0-150700.7.37.2
In the Linux kernel, the following vulnerability has been resolved: net: vxlan: fix nd_tbl NULL dereference when IPv6 is disabled When booting with the 'ipv6.disable=1' parameter, the nd_tbl is never initialized because inet6_init() exits before ndisc_init() is called which ini
CVE-2026-23281HigMar 25, 2026
affected < 6.4.0-150700.7.37.2fixed 6.4.0-150700.7.37.2
In the Linux kernel, the following vulnerability has been resolved: wifi: libertas: fix use-after-free in lbs_free_adapter() The lbs_free_adapter() function uses timer_delete() (non-synchronous) for both command_timer and tx_lockup_timer before the structure is freed. This is i
CVE-2026-23292Mar 25, 2026
affected < 6.4.0-150700.7.37.2fixed 6.4.0-150700.7.37.2
In the Linux kernel, the following vulnerability has been resolved: scsi: target: Fix recursive locking in __configfs_open_file() In flush_write_buffer, &p->frag_sem is acquired and then the loaded store function is called, which, here, is target_core_item_dbroot_store(). This
CVE-2026-23278HigMar 20, 2026
affected < 6.4.0-150700.7.37.2fixed 6.4.0-150700.7.37.2
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: always walk all pending catchall elements During transaction processing we might have more than one catchall element: 1 live catchall element and 1 pending element that is coming as part o
CVE-2026-23277Mar 20, 2026
affected < 6.4.0-150700.7.37.2fixed 6.4.0-150700.7.37.2
In the Linux kernel, the following vulnerability has been resolved: net/sched: teql: fix NULL pointer dereference in iptunnel_xmit on TEQL slave xmit teql_master_xmit() calls netdev_start_xmit(skb, slave) to transmit through slave devices, but does not update skb->dev to the sl
CVE-2026-23274HigMar 20, 2026
affected < 6.4.0-150700.7.37.2fixed 6.4.0-150700.7.37.2
In the Linux kernel, the following vulnerability has been resolved: netfilter: xt_IDLETIMER: reject rev0 reuse of ALARM timer labels IDLETIMER revision 0 rules reuse existing timers by label and always call mod_timer() on timer->timer. If the label was created first by revisio
CVE-2026-23272HigMar 20, 2026
affected < 6.4.0-150700.7.37.2fixed 6.4.0-150700.7.37.2
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: unconditionally bump set->nelems before insertion In case that the set is full, a new element gets published then removed without waiting for the RCU grace period, while RCU reader can be
CVE-2026-23270HigMar 18, 2026
affected < 6.4.0-150700.7.37.2fixed 6.4.0-150700.7.37.2
In the Linux kernel, the following vulnerability has been resolved: net/sched: Only allow act_ct to bind to clsact/ingress qdiscs and shared blocks As Paolo said earlier [1]: "Since the blamed commit below, classify can return TC_ACT_CONSUMED while the current skb being held b
CVE-2026-23269HigMar 18, 2026
affected < 6.4.0-150700.7.34.1fixed 6.4.0-150700.7.34.1
In the Linux kernel, the following vulnerability has been resolved: apparmor: validate DFA start states are in bounds in unpack_pdb Start states are read from untrusted data and used as indexes into the DFA state tables. The aa_dfa_next() function call in unpack_pdb() will acce
CVE-2026-23268HigMar 18, 2026
affected < 6.4.0-150700.7.34.1fixed 6.4.0-150700.7.34.1
In the Linux kernel, the following vulnerability has been resolved: apparmor: fix unprivileged local user can do privileged policy management An unprivileged local user can load, replace, and remove profiles by opening the apparmorfs interfaces, via a confused deputy attack, by

Page 1 of 105