rpm package
suse/kernel-syms&distro=SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS
pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSS
Vulnerabilities (2,843)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-38200 | Med | 5.5 | < 5.14.21-150400.24.173.1 | 5.14.21-150400.24.173.1 | Jul 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: i40e: fix MMIO write access to an invalid page in i40e_clear_hw When the device sends a specific input, an integer underflow can occur, leading to MMIO write access to an invalid page. Prevent the integer unde | |
| CVE-2025-38184 | Med | 5.5 | < 5.14.21-150400.24.179.1 | 5.14.21-150400.24.179.1 | Jul 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer The reproduction steps: 1. create a tun interface 2. enable l2 bearer 3. TIPC_NL_UDP_GET_REMOTEIP with media name set to tun tipc: Started i | |
| CVE-2025-38181 | Med | 5.5 | < 5.14.21-150400.24.173.1 | 5.14.21-150400.24.173.1 | Jul 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: calipso: Fix null-ptr-deref in calipso_req_{set,del}attr(). syzkaller reported a null-ptr-deref in sock_omalloc() while allocating a CALIPSO option. [0] The NULL is of struct sock, which was fetched by sk_to_ | |
| CVE-2025-38180 | Hig | 7.8 | < 5.14.21-150400.24.176.1 | 5.14.21-150400.24.176.1 | Jul 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: net: atm: fix /proc/net/atm/lec handling /proc/net/atm/lec must ensure safety against dev_lec[] changes. It appears it had dev_put() calls without prior dev_hold(), leading to imbalance and UAF. | |
| CVE-2025-38177 | Med | 5.5 | < 5.14.21-150400.24.173.1 | 5.14.21-150400.24.173.1 | Jul 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: sch_hfsc: make hfsc_qlen_notify() idempotent hfsc_qlen_notify() is not idempotent either and not friendly to its callers, like fq_codel_dequeue(). Let's make it idempotent to ease qdisc_tree_reduce_backlog() ca | |
| CVE-2025-38159 | Hig | 7.1 | < 5.14.21-150400.24.194.1 | 5.14.21-150400.24.194.1 | Jul 3, 2025 | In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds Set the size to 6 instead of 2, since 'para' array is passed to 'rtw_fw_bt_wifi_control(rtwdev, para[0], ¶[1])', which reads 5 bytes: | |
| CVE-2025-38129 | Hig | 7.8 | < 5.14.21-150400.24.194.1 | 5.14.21-150400.24.194.1 | Jul 3, 2025 | In the Linux kernel, the following vulnerability has been resolved: page_pool: Fix use-after-free in page_pool_recycle_in_ring syzbot reported a uaf in page_pool_recycle_in_ring: BUG: KASAN: slab-use-after-free in lock_release+0x151/0xa30 kernel/locking/lockdep.c:5862 Read of | |
| CVE-2025-38120 | Med | 5.5 | < 5.14.21-150400.24.173.1 | 5.14.21-150400.24.173.1 | Jul 3, 2025 | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_set_pipapo_avx2: fix initial map fill If the first field doesn't cover the entire start map, then we must zero out the remainder, else we leak those bits into the next match round map. The early | |
| CVE-2025-38111 | Hig | 7.1 | < 5.14.21-150400.24.179.1 | 5.14.21-150400.24.179.1 | Jul 3, 2025 | In the Linux kernel, the following vulnerability has been resolved: net/mdiobus: Fix potential out-of-bounds read/write access When using publicly available tools like 'mdio-tools' to read/write data from/to network interface and its PHY via mdiobus, there is no verification of | |
| CVE-2025-38088 | Hig | 7.1 | < 5.14.21-150400.24.173.1 | 5.14.21-150400.24.173.1 | Jun 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: powerpc/powernv/memtrace: Fix out of bounds issue in memtrace mmap memtrace mmap issue has an out of bounds issue. This patch fixes the by checking that the requested mapping region size should stay within the | |
| CVE-2025-38085 | Med | 4.7 | < 5.14.21-150400.24.179.1 | 5.14.21-150400.24.179.1 | Jun 28, 2025 | In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race huge_pmd_unshare() drops a reference on a page table that may have previously been shared across processes, potentially turning it into a normal page table us | |
| CVE-2025-38084 | Med | 5.5 | < 5.14.21-150400.24.179.1 | 5.14.21-150400.24.179.1 | Jun 28, 2025 | In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: unshare page tables during VMA split, not before Currently, __split_vma() triggers hugetlb page table unsharing through vm_ops->may_split(). This happens before the VMA lock and rmap locks are take | |
| CVE-2025-38083 | Med | 4.7 | < 5.14.21-150400.24.170.1 | 5.14.21-150400.24.170.1 | Jun 20, 2025 | In the Linux kernel, the following vulnerability has been resolved: net_sched: prio: fix a race in prio_tune() Gerrard Tai reported a race condition in PRIO, whenever SFQ perturb timer fires at the wrong time. The race is as follows: CPU 0 CPU | |
| CVE-2022-50232 | Med | 5.5 | < 5.14.21-150400.24.194.1 | 5.14.21-150400.24.194.1 | Jun 18, 2025 | In the Linux kernel, the following vulnerability has been resolved: arm64: set UXN on swapper page tables [ This issue was fixed upstream by accident in c3cee924bd85 ("arm64: head: cover entire kernel image in initial ID map") as part of a large refactoring of the arm64 boo | |
| CVE-2022-50231 | Hig | 7.1 | < 5.14.21-150400.24.170.1 | 5.14.21-150400.24.170.1 | Jun 18, 2025 | In the Linux kernel, the following vulnerability has been resolved: crypto: arm64/poly1305 - fix a read out-of-bound A kasan error was reported during fuzzing: BUG: KASAN: slab-out-of-bounds in neon_poly1305_blocks.constprop.0+0x1b4/0x250 [poly1305_neon] Read of size 4 at addr | |
| CVE-2022-50229 | Hig | 7.8 | < 5.14.21-150400.24.170.1 | 5.14.21-150400.24.170.1 | Jun 18, 2025 | In the Linux kernel, the following vulnerability has been resolved: ALSA: bcd2000: Fix a UAF bug on the error path of probing When the driver fails in snd_card_register() at probe time, it will free the 'bcd2k->midi_out_urb' before killing it, which may cause a UAF bug. The fo | |
| CVE-2022-50228 | Med | 5.5 | < 5.14.21-150400.24.170.1 | 5.14.21-150400.24.170.1 | Jun 18, 2025 | In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Don't BUG if userspace injects an interrupt with GIF=0 Don't BUG/WARN on interrupt injection due to GIF being cleared, since it's trivial for userspace to force the situation via KVM_SET_VCPU_EVENTS ( | |
| CVE-2022-50226 | Med | 5.5 | < 5.14.21-150400.24.170.1 | 5.14.21-150400.24.170.1 | Jun 18, 2025 | In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - Use kzalloc for sev ioctl interfaces to prevent kernel memory leak For some sev ioctl interfaces, input may be passed that is less than or equal to SEV_FW_BLOB_MAX_SIZE, but larger than the data t | |
| CVE-2022-50222 | Med | 5.5 | < 5.14.21-150400.24.170.1 | 5.14.21-150400.24.170.1 | Jun 18, 2025 | In the Linux kernel, the following vulnerability has been resolved: tty: vt: initialize unicode screen buffer syzbot reports kernel infoleak at vcs_read() [1], for buffer can be read immediately after resize operation. Initialize buffer using kzalloc(). ---------- #include | |
| CVE-2022-50220 | Hig | 7.8 | < 5.14.21-150400.24.170.1 | 5.14.21-150400.24.170.1 | Jun 18, 2025 | In the Linux kernel, the following vulnerability has been resolved: usbnet: Fix linkwatch use-after-free on disconnect usbnet uses the work usbnet_deferred_kevent() to perform tasks which may sleep. On disconnect, completion of the work was originally awaited in ->ndo_stop(). |
- affected < 5.14.21-150400.24.173.1fixed 5.14.21-150400.24.173.1
In the Linux kernel, the following vulnerability has been resolved: i40e: fix MMIO write access to an invalid page in i40e_clear_hw When the device sends a specific input, an integer underflow can occur, leading to MMIO write access to an invalid page. Prevent the integer unde
- affected < 5.14.21-150400.24.179.1fixed 5.14.21-150400.24.179.1
In the Linux kernel, the following vulnerability has been resolved: tipc: fix null-ptr-deref when acquiring remote ip of ethernet bearer The reproduction steps: 1. create a tun interface 2. enable l2 bearer 3. TIPC_NL_UDP_GET_REMOTEIP with media name set to tun tipc: Started i
- affected < 5.14.21-150400.24.173.1fixed 5.14.21-150400.24.173.1
In the Linux kernel, the following vulnerability has been resolved: calipso: Fix null-ptr-deref in calipso_req_{set,del}attr(). syzkaller reported a null-ptr-deref in sock_omalloc() while allocating a CALIPSO option. [0] The NULL is of struct sock, which was fetched by sk_to_
- affected < 5.14.21-150400.24.176.1fixed 5.14.21-150400.24.176.1
In the Linux kernel, the following vulnerability has been resolved: net: atm: fix /proc/net/atm/lec handling /proc/net/atm/lec must ensure safety against dev_lec[] changes. It appears it had dev_put() calls without prior dev_hold(), leading to imbalance and UAF.
- affected < 5.14.21-150400.24.173.1fixed 5.14.21-150400.24.173.1
In the Linux kernel, the following vulnerability has been resolved: sch_hfsc: make hfsc_qlen_notify() idempotent hfsc_qlen_notify() is not idempotent either and not friendly to its callers, like fq_codel_dequeue(). Let's make it idempotent to ease qdisc_tree_reduce_backlog() ca
- affected < 5.14.21-150400.24.194.1fixed 5.14.21-150400.24.194.1
In the Linux kernel, the following vulnerability has been resolved: wifi: rtw88: fix the 'para' buffer size to avoid reading out of bounds Set the size to 6 instead of 2, since 'para' array is passed to 'rtw_fw_bt_wifi_control(rtwdev, para[0], ¶[1])', which reads 5 bytes:
- affected < 5.14.21-150400.24.194.1fixed 5.14.21-150400.24.194.1
In the Linux kernel, the following vulnerability has been resolved: page_pool: Fix use-after-free in page_pool_recycle_in_ring syzbot reported a uaf in page_pool_recycle_in_ring: BUG: KASAN: slab-use-after-free in lock_release+0x151/0xa30 kernel/locking/lockdep.c:5862 Read of
- affected < 5.14.21-150400.24.173.1fixed 5.14.21-150400.24.173.1
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_set_pipapo_avx2: fix initial map fill If the first field doesn't cover the entire start map, then we must zero out the remainder, else we leak those bits into the next match round map. The early
- affected < 5.14.21-150400.24.179.1fixed 5.14.21-150400.24.179.1
In the Linux kernel, the following vulnerability has been resolved: net/mdiobus: Fix potential out-of-bounds read/write access When using publicly available tools like 'mdio-tools' to read/write data from/to network interface and its PHY via mdiobus, there is no verification of
- affected < 5.14.21-150400.24.173.1fixed 5.14.21-150400.24.173.1
In the Linux kernel, the following vulnerability has been resolved: powerpc/powernv/memtrace: Fix out of bounds issue in memtrace mmap memtrace mmap issue has an out of bounds issue. This patch fixes the by checking that the requested mapping region size should stay within the
- affected < 5.14.21-150400.24.179.1fixed 5.14.21-150400.24.179.1
In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: fix huge_pmd_unshare() vs GUP-fast race huge_pmd_unshare() drops a reference on a page table that may have previously been shared across processes, potentially turning it into a normal page table us
- affected < 5.14.21-150400.24.179.1fixed 5.14.21-150400.24.179.1
In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: unshare page tables during VMA split, not before Currently, __split_vma() triggers hugetlb page table unsharing through vm_ops->may_split(). This happens before the VMA lock and rmap locks are take
- affected < 5.14.21-150400.24.170.1fixed 5.14.21-150400.24.170.1
In the Linux kernel, the following vulnerability has been resolved: net_sched: prio: fix a race in prio_tune() Gerrard Tai reported a race condition in PRIO, whenever SFQ perturb timer fires at the wrong time. The race is as follows: CPU 0 CPU
- affected < 5.14.21-150400.24.194.1fixed 5.14.21-150400.24.194.1
In the Linux kernel, the following vulnerability has been resolved: arm64: set UXN on swapper page tables [ This issue was fixed upstream by accident in c3cee924bd85 ("arm64: head: cover entire kernel image in initial ID map") as part of a large refactoring of the arm64 boo
- affected < 5.14.21-150400.24.170.1fixed 5.14.21-150400.24.170.1
In the Linux kernel, the following vulnerability has been resolved: crypto: arm64/poly1305 - fix a read out-of-bound A kasan error was reported during fuzzing: BUG: KASAN: slab-out-of-bounds in neon_poly1305_blocks.constprop.0+0x1b4/0x250 [poly1305_neon] Read of size 4 at addr
- affected < 5.14.21-150400.24.170.1fixed 5.14.21-150400.24.170.1
In the Linux kernel, the following vulnerability has been resolved: ALSA: bcd2000: Fix a UAF bug on the error path of probing When the driver fails in snd_card_register() at probe time, it will free the 'bcd2k->midi_out_urb' before killing it, which may cause a UAF bug. The fo
- affected < 5.14.21-150400.24.170.1fixed 5.14.21-150400.24.170.1
In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Don't BUG if userspace injects an interrupt with GIF=0 Don't BUG/WARN on interrupt injection due to GIF being cleared, since it's trivial for userspace to force the situation via KVM_SET_VCPU_EVENTS (
- affected < 5.14.21-150400.24.170.1fixed 5.14.21-150400.24.170.1
In the Linux kernel, the following vulnerability has been resolved: crypto: ccp - Use kzalloc for sev ioctl interfaces to prevent kernel memory leak For some sev ioctl interfaces, input may be passed that is less than or equal to SEV_FW_BLOB_MAX_SIZE, but larger than the data t
- affected < 5.14.21-150400.24.170.1fixed 5.14.21-150400.24.170.1
In the Linux kernel, the following vulnerability has been resolved: tty: vt: initialize unicode screen buffer syzbot reports kernel infoleak at vcs_read() [1], for buffer can be read immediately after resize operation. Initialize buffer using kzalloc(). ---------- #include
- affected < 5.14.21-150400.24.170.1fixed 5.14.21-150400.24.170.1
In the Linux kernel, the following vulnerability has been resolved: usbnet: Fix linkwatch use-after-free on disconnect usbnet uses the work usbnet_deferred_kevent() to perform tasks which may sleep. On disconnect, completion of the work was originally awaited in ->ndo_stop().
Page 45 of 143