rpm package

suse/kernel-syms&distro=SUSE Linux Enterprise Server 12 SP5-LTSS

pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSS

Vulnerabilities (1,878)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2026-31540	Med	5.5	< 4.12.14-122.317.1	4.12.14-122.317.1	Apr 24, 2026	In the Linux kernel, the following vulnerability has been resolved: drm/i915/gt: Check set_default_submission() before deferencing When the i915 driver firmware binaries are not present, the set_default_submission pointer is not set. This pointer is dereferenced during suspend
CVE-2026-31532	Hig	7.8	< 4.12.14-122.317.1	4.12.14-122.317.1	Apr 23, 2026	In the Linux kernel, the following vulnerability has been resolved: can: raw: fix ro->uniq use-after-free in raw_rcv() raw_release() unregisters raw CAN receive filters via can_rx_unregister(), but receiver deletion is deferred with call_rcu(). This leaves a window where raw_rc
CVE-2026-31516	Hig	7.8	< 4.12.14-122.317.1	4.12.14-122.317.1	Apr 22, 2026	In the Linux kernel, the following vulnerability has been resolved: xfrm: prevent policy_hthresh.work from racing with netns teardown A XFRM_MSG_NEWSPDINFO request can queue the per-net work item policy_hthresh.work onto the system workqueue. The queued callback, xfrm_hash_reb
CVE-2026-31515	Med	5.5	< 4.12.14-122.317.1	4.12.14-122.317.1	Apr 22, 2026	In the Linux kernel, the following vulnerability has been resolved: af_key: validate families in pfkey_send_migrate() syzbot was able to trigger a crash in skb_put() [1] Issue is that pfkey_send_migrate() does not check old/new families, and that set_ipsecrequest() @family arg
CVE-2026-31500	Hig	7.8	< 4.12.14-122.317.1	4.12.14-122.317.1	Apr 22, 2026	In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btintel: serialize btintel_hw_error() with hci_req_sync_lock btintel_hw_error() issues two __hci_cmd_sync() calls (HCI_OP_RESET and Intel exception-info retrieval) without holding hci_req_sync_lock()
CVE-2026-31498	Med	5.5	< 4.12.14-122.317.1	4.12.14-122.317.1	Apr 22, 2026	In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix ERTM re-init and zero pdu_len infinite loop l2cap_config_req() processes CONFIG_REQ for channels in BT_CONNECTED state to support L2CAP reconfiguration (e.g. MTU changes). However, since b
CVE-2026-31469	Hig	7.8	< 4.12.14-122.317.1	4.12.14-122.317.1	Apr 22, 2026	In the Linux kernel, the following vulnerability has been resolved: virtio_net: Fix UAF on dst_ops when IFF_XMIT_DST_RELEASE is cleared and napi_tx is false A UAF issue occurs when the virtio_net driver is configured with napi_tx=N and the device's IFF_XMIT_DST_RELEASE flag is
CVE-2026-31464	Hig	8.1	< 4.12.14-122.317.1	4.12.14-122.317.1	Apr 22, 2026	In the Linux kernel, the following vulnerability has been resolved: scsi: ibmvfc: Fix OOB access in ibmvfc_discover_targets_done() A malicious or compromised VIO server can return a num_written value in the discover targets MAD response that exceeds max_targets. This value is s
CVE-2026-31452	Hig	7.8	< 4.12.14-122.317.1	4.12.14-122.317.1	Apr 22, 2026	In the Linux kernel, the following vulnerability has been resolved: ext4: convert inline data to extents when truncate exceeds inline size Add a check in ext4_setattr() to convert files from inline data storage to extent-based storage when truncate() grows the file size beyond
CVE-2026-31447	Hig	7.8	< 4.12.14-122.317.1	4.12.14-122.317.1	Apr 22, 2026	In the Linux kernel, the following vulnerability has been resolved: ext4: reject mount if bigalloc with s_first_data_block != 0 bigalloc with s_first_data_block != 0 is not supported, reject mounting it.
CVE-2026-31421	Med	5.5	< 4.12.14-122.317.1	4.12.14-122.317.1	Apr 13, 2026	In the Linux kernel, the following vulnerability has been resolved: net/sched: cls_fw: fix NULL pointer dereference on shared blocks The old-method path in fw_classify() calls tcf_block_q() and dereferences q->handle. Shared blocks leave block->q NULL, causing a NULL deref whe
CVE-2026-31415	Med	5.5	< 4.12.14-122.317.1	4.12.14-122.317.1	Apr 13, 2026	In the Linux kernel, the following vulnerability has been resolved: ipv6: avoid overflows in ip6_datagram_send_ctl() Yiming Qian reported : I believe I found a locally triggerable kernel bug in the IPv6 sendmsg ancillary-data path that can panic the kernel via `skb_un
CVE-2026-31405	Cri	9.8	< 4.12.14-122.317.1	4.12.14-122.317.1	Apr 6, 2026	In the Linux kernel, the following vulnerability has been resolved: media: dvb-net: fix OOB access in ULE extension header tables The ule_mandatory_ext_handlers[] and ule_optional_ext_handlers[] tables in handle_one_ule_extension() are declared with 255 elements (valid indices
CVE-2026-23448	Hig	7.8	< 4.12.14-122.317.1	4.12.14-122.317.1	Apr 3, 2026	In the Linux kernel, the following vulnerability has been resolved: net: usb: cdc_ncm: add ndpoffset to NDP16 nframes bounds check cdc_ncm_rx_verify_ndp16() validates that the NDP header and its DPE entries fit within the skb. The first check correctly accounts for ndpoffset:
CVE-2026-23444	Hig	7.8	< 4.12.14-122.317.1	4.12.14-122.317.1	Apr 3, 2026	In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: always free skb on ieee80211_tx_prepare_skb() failure ieee80211_tx_prepare_skb() has three error paths, but only two of them free the skb. The first error path (ieee80211_tx_prepare() returning
CVE-2026-23396	Med	5.5	< 4.12.14-122.317.1	4.12.14-122.317.1	Mar 26, 2026	In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix NULL deref in mesh_matches_local() mesh_matches_local() unconditionally dereferences ie->mesh_config to compare mesh configuration parameters. When called from mesh_rx_csa_frame(), the parse
CVE-2026-23367	Med	5.5	< 4.12.14-122.317.1	4.12.14-122.317.1	Mar 25, 2026	In the Linux kernel, the following vulnerability has been resolved: wifi: radiotap: reject radiotap with unknown bits The radiotap parser is currently only used with the radiotap namespace (not with vendor namespaces), but if the undefined field 18 is used, the alignment/size i
CVE-2026-23303	Med	5.5	< 4.12.14-122.317.1	4.12.14-122.317.1	Mar 25, 2026	In the Linux kernel, the following vulnerability has been resolved: smb: client: Don't log plaintext credentials in cifs_set_cifscreds When debug logging is enabled, cifs_set_cifscreds() logs the key payload and exposes the plaintext username and password. Remove the debug log
CVE-2026-23279	Med	5.5	< 4.12.14-122.317.1	4.12.14-122.317.1	Mar 25, 2026	In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix NULL pointer dereference in mesh_rx_csa_frame() In mesh_rx_csa_frame(), elems->mesh_chansw_params_ie is dereferenced at lines 1638 and 1642 without a prior NULL check: ifmsh->chsw_ttl =
CVE-2026-23271	Hig	7.8	< 4.12.14-122.317.1	4.12.14-122.317.1	Mar 20, 2026	In the Linux kernel, the following vulnerability has been resolved: perf: Fix __perf_event_overflow() vs perf_remove_from_context() race Make sure that __perf_event_overflow() runs with IRQs disabled for all possible callchains. Specifically the software events can end up runni

CVE-2026-31540MedApr 24, 2026
affected < 4.12.14-122.317.1fixed 4.12.14-122.317.1
In the Linux kernel, the following vulnerability has been resolved: drm/i915/gt: Check set_default_submission() before deferencing When the i915 driver firmware binaries are not present, the set_default_submission pointer is not set. This pointer is dereferenced during suspend
CVE-2026-31532HigApr 23, 2026
affected < 4.12.14-122.317.1fixed 4.12.14-122.317.1
In the Linux kernel, the following vulnerability has been resolved: can: raw: fix ro->uniq use-after-free in raw_rcv() raw_release() unregisters raw CAN receive filters via can_rx_unregister(), but receiver deletion is deferred with call_rcu(). This leaves a window where raw_rc
CVE-2026-31516HigApr 22, 2026
affected < 4.12.14-122.317.1fixed 4.12.14-122.317.1
In the Linux kernel, the following vulnerability has been resolved: xfrm: prevent policy_hthresh.work from racing with netns teardown A XFRM_MSG_NEWSPDINFO request can queue the per-net work item policy_hthresh.work onto the system workqueue. The queued callback, xfrm_hash_reb
CVE-2026-31515MedApr 22, 2026
affected < 4.12.14-122.317.1fixed 4.12.14-122.317.1
In the Linux kernel, the following vulnerability has been resolved: af_key: validate families in pfkey_send_migrate() syzbot was able to trigger a crash in skb_put() [1] Issue is that pfkey_send_migrate() does not check old/new families, and that set_ipsecrequest() @family arg
CVE-2026-31500HigApr 22, 2026
affected < 4.12.14-122.317.1fixed 4.12.14-122.317.1
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btintel: serialize btintel_hw_error() with hci_req_sync_lock btintel_hw_error() issues two __hci_cmd_sync() calls (HCI_OP_RESET and Intel exception-info retrieval) without holding hci_req_sync_lock()
CVE-2026-31498MedApr 22, 2026
affected < 4.12.14-122.317.1fixed 4.12.14-122.317.1
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix ERTM re-init and zero pdu_len infinite loop l2cap_config_req() processes CONFIG_REQ for channels in BT_CONNECTED state to support L2CAP reconfiguration (e.g. MTU changes). However, since b
CVE-2026-31469HigApr 22, 2026
affected < 4.12.14-122.317.1fixed 4.12.14-122.317.1
In the Linux kernel, the following vulnerability has been resolved: virtio_net: Fix UAF on dst_ops when IFF_XMIT_DST_RELEASE is cleared and napi_tx is false A UAF issue occurs when the virtio_net driver is configured with napi_tx=N and the device's IFF_XMIT_DST_RELEASE flag is
CVE-2026-31464HigApr 22, 2026
affected < 4.12.14-122.317.1fixed 4.12.14-122.317.1
In the Linux kernel, the following vulnerability has been resolved: scsi: ibmvfc: Fix OOB access in ibmvfc_discover_targets_done() A malicious or compromised VIO server can return a num_written value in the discover targets MAD response that exceeds max_targets. This value is s
CVE-2026-31452HigApr 22, 2026
affected < 4.12.14-122.317.1fixed 4.12.14-122.317.1
In the Linux kernel, the following vulnerability has been resolved: ext4: convert inline data to extents when truncate exceeds inline size Add a check in ext4_setattr() to convert files from inline data storage to extent-based storage when truncate() grows the file size beyond
CVE-2026-31447HigApr 22, 2026
affected < 4.12.14-122.317.1fixed 4.12.14-122.317.1
In the Linux kernel, the following vulnerability has been resolved: ext4: reject mount if bigalloc with s_first_data_block != 0 bigalloc with s_first_data_block != 0 is not supported, reject mounting it.
CVE-2026-31421MedApr 13, 2026
affected < 4.12.14-122.317.1fixed 4.12.14-122.317.1
In the Linux kernel, the following vulnerability has been resolved: net/sched: cls_fw: fix NULL pointer dereference on shared blocks The old-method path in fw_classify() calls tcf_block_q() and dereferences q->handle. Shared blocks leave block->q NULL, causing a NULL deref whe
CVE-2026-31415MedApr 13, 2026
affected < 4.12.14-122.317.1fixed 4.12.14-122.317.1
In the Linux kernel, the following vulnerability has been resolved: ipv6: avoid overflows in ip6_datagram_send_ctl() Yiming Qian reported : I believe I found a locally triggerable kernel bug in the IPv6 sendmsg ancillary-data path that can panic the kernel via `skb_un
CVE-2026-31405CriApr 6, 2026
affected < 4.12.14-122.317.1fixed 4.12.14-122.317.1
In the Linux kernel, the following vulnerability has been resolved: media: dvb-net: fix OOB access in ULE extension header tables The ule_mandatory_ext_handlers[] and ule_optional_ext_handlers[] tables in handle_one_ule_extension() are declared with 255 elements (valid indices
CVE-2026-23448HigApr 3, 2026
affected < 4.12.14-122.317.1fixed 4.12.14-122.317.1
In the Linux kernel, the following vulnerability has been resolved: net: usb: cdc_ncm: add ndpoffset to NDP16 nframes bounds check cdc_ncm_rx_verify_ndp16() validates that the NDP header and its DPE entries fit within the skb. The first check correctly accounts for ndpoffset:
CVE-2026-23444HigApr 3, 2026
affected < 4.12.14-122.317.1fixed 4.12.14-122.317.1
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: always free skb on ieee80211_tx_prepare_skb() failure ieee80211_tx_prepare_skb() has three error paths, but only two of them free the skb. The first error path (ieee80211_tx_prepare() returning
CVE-2026-23396MedMar 26, 2026
affected < 4.12.14-122.317.1fixed 4.12.14-122.317.1
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix NULL deref in mesh_matches_local() mesh_matches_local() unconditionally dereferences ie->mesh_config to compare mesh configuration parameters. When called from mesh_rx_csa_frame(), the parse
CVE-2026-23367MedMar 25, 2026
affected < 4.12.14-122.317.1fixed 4.12.14-122.317.1
In the Linux kernel, the following vulnerability has been resolved: wifi: radiotap: reject radiotap with unknown bits The radiotap parser is currently only used with the radiotap namespace (not with vendor namespaces), but if the undefined field 18 is used, the alignment/size i
CVE-2026-23303MedMar 25, 2026
affected < 4.12.14-122.317.1fixed 4.12.14-122.317.1
In the Linux kernel, the following vulnerability has been resolved: smb: client: Don't log plaintext credentials in cifs_set_cifscreds When debug logging is enabled, cifs_set_cifscreds() logs the key payload and exposes the plaintext username and password. Remove the debug log
CVE-2026-23279MedMar 25, 2026
affected < 4.12.14-122.317.1fixed 4.12.14-122.317.1
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix NULL pointer dereference in mesh_rx_csa_frame() In mesh_rx_csa_frame(), elems->mesh_chansw_params_ie is dereferenced at lines 1638 and 1642 without a prior NULL check: ifmsh->chsw_ttl =
CVE-2026-23271HigMar 20, 2026
affected < 4.12.14-122.317.1fixed 4.12.14-122.317.1
In the Linux kernel, the following vulnerability has been resolved: perf: Fix __perf_event_overflow() vs perf_remove_from_context() race Make sure that __perf_event_overflow() runs with IRQs disabled for all possible callchains. Specifically the software events can end up runni

Page 4 of 94