VYPR

rpm package

suse/kernel-syms&distro=SUSE Linux Enterprise Server LTSS Extended Security 12 SP5

pkg:rpm/suse/kernel-syms&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5

Vulnerabilities (1,794)

  • CVE-2025-38714HigSep 4, 2025
    affected < 4.12.14-122.280.1fixed 4.12.14-122.280.1

    In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix slab-out-of-bounds in hfsplus_bnode_read() The hfsplus_bnode_read() method can trigger the issue: [ 174.852007][ T9784] ================================================================== [ 174.8

  • CVE-2025-38713HigSep 4, 2025
    affected < 4.12.14-122.275.1fixed 4.12.14-122.275.1

    In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() The hfsplus_readdir() method is capable to crash by calling hfsplus_uni2asc(): [ 667.121659][ T9805] =================================================

  • CVE-2025-38712MedSep 4, 2025
    affected < 4.12.14-122.275.1fixed 4.12.14-122.275.1

    In the Linux kernel, the following vulnerability has been resolved: hfsplus: don't use BUG_ON() in hfsplus_create_attributes_file() When the volume header contains erroneous values that do not reflect the actual state of the filesystem, hfsplus_fill_super() assumes that the att

  • CVE-2025-38702HigSep 4, 2025
    affected < 4.12.14-122.275.1fixed 4.12.14-122.275.1

    In the Linux kernel, the following vulnerability has been resolved: fbdev: fix potential buffer overflow in do_register_framebuffer() The current implementation may lead to buffer overflow when: 1. Unregistration creates NULL gaps in registered_fb[] 2. All array slots become

  • CVE-2025-38701MedSep 4, 2025
    affected < 4.12.14-122.275.1fixed 4.12.14-122.275.1

    In the Linux kernel, the following vulnerability has been resolved: ext4: do not BUG when INLINE_DATA_FL lacks system.data xattr A syzbot fuzzed image triggered a BUG_ON in ext4_update_inline_data() when an inode had the INLINE_DATA_FL flag set but was missing the system.data e

  • CVE-2025-38700MedSep 4, 2025
    affected < 4.12.14-122.280.1fixed 4.12.14-122.280.1

    In the Linux kernel, the following vulnerability has been resolved: scsi: libiscsi: Initialize iscsi_conn->dd_data only if memory is allocated In case of an ib_fast_reg_mr allocation failure during iSER setup, the machine hits a panic because iscsi_conn->dd_data is initialized

  • CVE-2025-38699HigSep 4, 2025
    affected < 4.12.14-122.280.1fixed 4.12.14-122.280.1

    In the Linux kernel, the following vulnerability has been resolved: scsi: bfa: Double-free fix When the bfad_im_probe() function fails during initialization, the memory pointed to by bfad->im is freed without setting bfad->im to NULL. Subsequently, during driver uninstallation

  • CVE-2025-38695MedSep 4, 2025
    affected < 4.12.14-122.280.1fixed 4.12.14-122.280.1

    In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Check for hdwq null ptr when cleaning up lpfc_vport structure If a call to lpfc_sli4_read_rev() from lpfc_sli4_hba_setup() fails, the resultant cleanup routine lpfc_sli4_vport_delete_fcp_xri_aborted

  • CVE-2025-38691MedSep 4, 2025
    affected < 4.12.14-122.280.1fixed 4.12.14-122.280.1

    In the Linux kernel, the following vulnerability has been resolved: pNFS: Fix uninited ptr deref in block/scsi layout The error occurs on the third attempt to encode extents. When function ext_tree_prepare_commit() reallocates a larger buffer to retry encoding extents, the "lay

  • CVE-2025-38685HigSep 4, 2025
    affected < 4.12.14-122.275.1fixed 4.12.14-122.275.1

    In the Linux kernel, the following vulnerability has been resolved: fbdev: Fix vmalloc out-of-bounds write in fast_imageblit This issue triggers when a userspace program does an ioctl FBIOPUT_CON2FBMAP by passing console number and frame buffer number. Ideally this maps console

  • CVE-2025-38680HigSep 4, 2025
    affected < 4.12.14-122.280.1fixed 4.12.14-122.280.1

    In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Fix 1-byte out-of-bounds read in uvc_parse_format() The buffer length check before calling uvc_parse_format() only ensured that the buffer has at least 3 bytes (buflen > 2), buf the function ac

  • CVE-2025-38718Sep 4, 2025
    affected < 4.12.14-122.280.1fixed 4.12.14-122.280.1

    In the Linux kernel, the following vulnerability has been resolved: sctp: linearize cloned gso packets in sctp_rcv A cloned head skb still shares these frag skbs in fraglist with the original head skb. It's not safe to access these frag skbs. syzbot reported two use-of-uniniti

  • CVE-2025-38705Sep 4, 2025
    affected < 4.12.14-122.275.1fixed 4.12.14-122.275.1

    In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: fix null pointer access Writing a string without delimiters (' ', '\n', '\0') to the under gpu_od/fan_ctrl sysfs or pp_power_profile_mode for the CUSTOM profile will result in a null pointer derefer

  • CVE-2024-58240HigAug 28, 2025
    affected < 4.12.14-122.275.1fixed 4.12.14-122.275.1

    In the Linux kernel, the following vulnerability has been resolved: tls: separate no-async decryption request handling from async If we're not doing async, the handling is much simpler. There's no reference counting, we just need to wait for the completion to wake us up and ret

  • CVE-2025-38665Aug 22, 2025
    affected < 4.12.14-122.275.1fixed 4.12.14-122.275.1

    In the Linux kernel, the following vulnerability has been resolved: can: netlink: can_changelink(): fix NULL pointer deref of struct can_priv::do_set_mode Andrei Lalaev reported a NULL pointer deref when a CAN device is restarted from Bus Off and the driver does not implement t

  • CVE-2025-38656Aug 22, 2025
    affected < 4.12.14-122.293.1fixed 4.12.14-122.293.1

    In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: Fix error code in iwl_op_mode_dvm_start() Preserve the error code if iwl_setup_deferred_work() fails. The current code returns ERR_PTR(0) (which is NULL) on this path. I believe the missing err

  • CVE-2025-38644Aug 22, 2025
    affected < 4.12.14-122.272.1fixed 4.12.14-122.272.1

    In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: reject TDLS operations when station is not associated syzbot triggered a WARN in ieee80211_tdls_oper() by sending NL80211_TDLS_ENABLE_LINK immediately after NL80211_CMD_CONNECT, before associati

  • CVE-2025-38639Aug 22, 2025
    affected < 4.12.14-122.275.1fixed 4.12.14-122.275.1

    In the Linux kernel, the following vulnerability has been resolved: netfilter: xt_nfacct: don't assume acct name is null-terminated BUG: KASAN: slab-out-of-bounds in .. lib/vsprintf.c:721 Read of size 1 at addr ffff88801eac95c8 by task syz-executor183/5851 [..] string+0x231/0x

  • CVE-2025-38632Aug 22, 2025
    affected < 4.12.14-122.275.1fixed 4.12.14-122.275.1

    In the Linux kernel, the following vulnerability has been resolved: pinmux: fix race causing mux_owner NULL with active mux_usecount commit 5a3e85c3c397 ("pinmux: Use sequential access to access desc->pinmux data") tried to address the issue when two client of the same gpio cal

  • CVE-2025-38624Aug 22, 2025
    affected < 4.12.14-122.275.1fixed 4.12.14-122.275.1

    In the Linux kernel, the following vulnerability has been resolved: PCI: pnv_php: Clean up allocated IRQs on unplug When the root of a nested PCIe bridge configuration is unplugged, the pnv_php driver leaked the allocated IRQ resources for the child bridges' hotplug event notif

Page 32 of 90