rpm package

suse/kernel-syms-azure&distro=SUSE Linux Enterprise Module for Public Cloud 15 SP7

pkg:rpm/suse/kernel-syms-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP7

Vulnerabilities (2,117)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2026-23010	Hig	7.8	< 6.4.0-150700.20.27.1	6.4.0-150700.20.27.1	Jan 25, 2026	In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix use-after-free in inet6_addr_del(). syzbot reported use-after-free of inet6_ifaddr in inet6_addr_del(). [0] The cited commit accidentally moved ipv6_del_addr() for mngtmpaddr before reading its ifp->
CVE-2026-23001	Hig	7.8	< 6.4.0-150700.20.27.1	6.4.0-150700.20.27.1	Jan 25, 2026	In the Linux kernel, the following vulnerability has been resolved: macvlan: fix possible UAF in macvlan_forward_source() Add RCU protection on (struct macvlan_source_entry)->vlan. Whenever macvlan_hash_del_source() is called, we must clear entry->vlan pointer before RCU grace
CVE-2026-22999	Hig	7.8	< 6.4.0-150700.20.27.1	6.4.0-150700.20.27.1	Jan 25, 2026	In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_qfq: do not free existing class in qfq_change_class() Fixes qfq_change_class() error case. cl->qdisc and cl should only be freed if a new class and qdisc were allocated, or we risk various UAF.
CVE-2026-22997	Hig	7.5	< 6.4.0-150700.20.27.1	6.4.0-150700.20.27.1	Jan 25, 2026	In the Linux kernel, the following vulnerability has been resolved: net: can: j1939: j1939_xtp_rx_rts_session_active(): deactivate session upon receiving the second rts Since j1939_session_deactivate_activate_next() in j1939_tp_rxtimer() is called only when the timer is enabled
CVE-2026-23011		—	< 6.4.0-150700.20.27.1	6.4.0-150700.20.27.1	Jan 25, 2026	In the Linux kernel, the following vulnerability has been resolved: ipv4: ip_gre: make ipgre_header() robust Analog to commit db5b4e39c4e6 ("ip6_gre: make ip6gre_header() robust") Over the years, syzbot found many ways to crash the kernel in ipgre_header() [1]. This involves
CVE-2026-23006		—	< 6.4.0-150700.20.27.1	6.4.0-150700.20.27.1	Jan 25, 2026	In the Linux kernel, the following vulnerability has been resolved: ASoC: tlv320adcx140: fix null pointer The "snd_soc_component" in "adcx140_priv" was only used once but never set. It was only used for reaching "dev" which is already present in "adcx140_priv".
CVE-2026-23005		—	< 6.4.0-150700.20.27.1	6.4.0-150700.20.27.1	Jan 25, 2026	In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Clear XSTATE_BV[i] in guest XSAVE state whenever XFD[i]=1 When loading guest XSAVE state via KVM_SET_XSAVE, and when updating XFD in response to a guest WRMSR, clear XFD-disabled features in the saved
CVE-2026-23000		—	< 6.4.0-150700.20.27.1	6.4.0-150700.20.27.1	Jan 25, 2026	In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix crash on profile change rollback failure mlx5e_netdev_change_profile can fail to attach a new profile and can fail to rollback to old profile, in such case, we could end up with a dangling netdev
CVE-2026-22996		—	< 6.4.0-150700.20.27.1	6.4.0-150700.20.27.1	Jan 25, 2026	In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Don't store mlx5e_priv in mlx5e_dev devlink priv mlx5e_priv is an unstable structure that can be memset(0) if profile attaching fails, mlx5e_priv in mlx5e_dev devlink private is used to reference the
CVE-2025-71163		—	< 6.4.0-150700.20.27.1	6.4.0-150700.20.27.1	Jan 25, 2026	In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: fix device leaks on compat bind and unbind Make sure to drop the reference taken when looking up the idxd device as part of the compat bind and unbind sysfs interface.
CVE-2025-71162		—	< 6.4.0-150700.20.27.1	6.4.0-150700.20.27.1	Jan 25, 2026	In the Linux kernel, the following vulnerability has been resolved: dmaengine: tegra-adma: Fix use-after-free A use-after-free bug exists in the Tegra ADMA driver when audio streams are terminated, particularly during XRUN conditions. The issue occurs when the DMA buffer is fre
CVE-2026-22993	Med	5.5	< 6.4.0-150700.20.27.1	6.4.0-150700.20.27.1	Jan 23, 2026	In the Linux kernel, the following vulnerability has been resolved: idpf: Fix RSS LUT NULL ptr issue after soft reset During soft reset, the RSS LUT is freed and not restored unless the interface is up. If an ethtool command that accesses the rss lut is attempted immediately af
CVE-2026-22992	Hig	7.5	< 6.4.0-150700.20.27.1	6.4.0-150700.20.27.1	Jan 23, 2026	In the Linux kernel, the following vulnerability has been resolved: libceph: return the handler error from mon_handle_auth_done() Currently any error from ceph_auth_handle_reply_done() is propagated via finish_auth() but isn't returned from mon_handle_auth_done(). This results
CVE-2026-22991	Hig	7.5	< 6.4.0-150700.20.27.1	6.4.0-150700.20.27.1	Jan 23, 2026	In the Linux kernel, the following vulnerability has been resolved: libceph: make free_choose_arg_map() resilient to partial allocation free_choose_arg_map() may dereference a NULL pointer if its caller fails after a partial allocation. For example, in decode_choose_args(), if
CVE-2026-22990	Hig	7.5	< 6.4.0-150700.20.27.1	6.4.0-150700.20.27.1	Jan 23, 2026	In the Linux kernel, the following vulnerability has been resolved: libceph: replace overzealous BUG_ON in osdmap_apply_incremental() If the osdmap is (maliciously) corrupted such that the incremental osdmap epoch is different from what is expected, there is no need to BUG. In
CVE-2026-22988	Hig	7.8	< 6.4.0-150700.20.27.1	6.4.0-150700.20.27.1	Jan 23, 2026	In the Linux kernel, the following vulnerability has been resolved: arp: do not assume dev_hard_header() does not change skb->head arp_create() is the only dev_hard_header() caller making assumption about skb->head being unchanged. A recent commit broke this assumption. Initi
CVE-2026-22985	Med	5.5	< 6.4.0-150700.20.27.1	6.4.0-150700.20.27.1	Jan 23, 2026	In the Linux kernel, the following vulnerability has been resolved: idpf: Fix RSS LUT NULL pointer crash on early ethtool operations The RSS LUT is not initialized until the interface comes up, causing the following NULL pointer crash when ethtool operations like rxhash on/off
CVE-2026-22984	Cri	9.8	< 6.4.0-150700.20.27.1	6.4.0-150700.20.27.1	Jan 23, 2026	In the Linux kernel, the following vulnerability has been resolved: libceph: prevent potential out-of-bounds reads in handle_auth_done() Perform an explicit bounds check on payload_len to avoid a possible out-of-bounds access in the callout. [ idryomov: changelog ]
CVE-2026-22978		—	< 6.4.0-150700.20.27.1	6.4.0-150700.20.27.1	Jan 23, 2026	In the Linux kernel, the following vulnerability has been resolved: wifi: avoid kernel-infoleak from struct iw_point struct iw_point has a 32bit hole on 64bit arches. struct iw_point { void __user pointer; / Pointer to the data (in user space) */ __u16 l
CVE-2025-71149		—	< 6.4.0-150700.20.27.1	6.4.0-150700.20.27.1	Jan 23, 2026	Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

CVE-2026-23010HigJan 25, 2026
affected < 6.4.0-150700.20.27.1fixed 6.4.0-150700.20.27.1
In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix use-after-free in inet6_addr_del(). syzbot reported use-after-free of inet6_ifaddr in inet6_addr_del(). [0] The cited commit accidentally moved ipv6_del_addr() for mngtmpaddr before reading its ifp->
CVE-2026-23001HigJan 25, 2026
affected < 6.4.0-150700.20.27.1fixed 6.4.0-150700.20.27.1
In the Linux kernel, the following vulnerability has been resolved: macvlan: fix possible UAF in macvlan_forward_source() Add RCU protection on (struct macvlan_source_entry)->vlan. Whenever macvlan_hash_del_source() is called, we must clear entry->vlan pointer before RCU grace
CVE-2026-22999HigJan 25, 2026
affected < 6.4.0-150700.20.27.1fixed 6.4.0-150700.20.27.1
In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_qfq: do not free existing class in qfq_change_class() Fixes qfq_change_class() error case. cl->qdisc and cl should only be freed if a new class and qdisc were allocated, or we risk various UAF.
CVE-2026-22997HigJan 25, 2026
affected < 6.4.0-150700.20.27.1fixed 6.4.0-150700.20.27.1
In the Linux kernel, the following vulnerability has been resolved: net: can: j1939: j1939_xtp_rx_rts_session_active(): deactivate session upon receiving the second rts Since j1939_session_deactivate_activate_next() in j1939_tp_rxtimer() is called only when the timer is enabled
CVE-2026-23011Jan 25, 2026
affected < 6.4.0-150700.20.27.1fixed 6.4.0-150700.20.27.1
In the Linux kernel, the following vulnerability has been resolved: ipv4: ip_gre: make ipgre_header() robust Analog to commit db5b4e39c4e6 ("ip6_gre: make ip6gre_header() robust") Over the years, syzbot found many ways to crash the kernel in ipgre_header() [1]. This involves
CVE-2026-23006Jan 25, 2026
affected < 6.4.0-150700.20.27.1fixed 6.4.0-150700.20.27.1
In the Linux kernel, the following vulnerability has been resolved: ASoC: tlv320adcx140: fix null pointer The "snd_soc_component" in "adcx140_priv" was only used once but never set. It was only used for reaching "dev" which is already present in "adcx140_priv".
CVE-2026-23005Jan 25, 2026
affected < 6.4.0-150700.20.27.1fixed 6.4.0-150700.20.27.1
In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Clear XSTATE_BV[i] in guest XSAVE state whenever XFD[i]=1 When loading guest XSAVE state via KVM_SET_XSAVE, and when updating XFD in response to a guest WRMSR, clear XFD-disabled features in the saved
CVE-2026-23000Jan 25, 2026
affected < 6.4.0-150700.20.27.1fixed 6.4.0-150700.20.27.1
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix crash on profile change rollback failure mlx5e_netdev_change_profile can fail to attach a new profile and can fail to rollback to old profile, in such case, we could end up with a dangling netdev
CVE-2026-22996Jan 25, 2026
affected < 6.4.0-150700.20.27.1fixed 6.4.0-150700.20.27.1
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Don't store mlx5e_priv in mlx5e_dev devlink priv mlx5e_priv is an unstable structure that can be memset(0) if profile attaching fails, mlx5e_priv in mlx5e_dev devlink private is used to reference the
CVE-2025-71163Jan 25, 2026
affected < 6.4.0-150700.20.27.1fixed 6.4.0-150700.20.27.1
In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: fix device leaks on compat bind and unbind Make sure to drop the reference taken when looking up the idxd device as part of the compat bind and unbind sysfs interface.
CVE-2025-71162Jan 25, 2026
affected < 6.4.0-150700.20.27.1fixed 6.4.0-150700.20.27.1
In the Linux kernel, the following vulnerability has been resolved: dmaengine: tegra-adma: Fix use-after-free A use-after-free bug exists in the Tegra ADMA driver when audio streams are terminated, particularly during XRUN conditions. The issue occurs when the DMA buffer is fre
CVE-2026-22993MedJan 23, 2026
affected < 6.4.0-150700.20.27.1fixed 6.4.0-150700.20.27.1
In the Linux kernel, the following vulnerability has been resolved: idpf: Fix RSS LUT NULL ptr issue after soft reset During soft reset, the RSS LUT is freed and not restored unless the interface is up. If an ethtool command that accesses the rss lut is attempted immediately af
CVE-2026-22992HigJan 23, 2026
affected < 6.4.0-150700.20.27.1fixed 6.4.0-150700.20.27.1
In the Linux kernel, the following vulnerability has been resolved: libceph: return the handler error from mon_handle_auth_done() Currently any error from ceph_auth_handle_reply_done() is propagated via finish_auth() but isn't returned from mon_handle_auth_done(). This results
CVE-2026-22991HigJan 23, 2026
affected < 6.4.0-150700.20.27.1fixed 6.4.0-150700.20.27.1
In the Linux kernel, the following vulnerability has been resolved: libceph: make free_choose_arg_map() resilient to partial allocation free_choose_arg_map() may dereference a NULL pointer if its caller fails after a partial allocation. For example, in decode_choose_args(), if
CVE-2026-22990HigJan 23, 2026
affected < 6.4.0-150700.20.27.1fixed 6.4.0-150700.20.27.1
In the Linux kernel, the following vulnerability has been resolved: libceph: replace overzealous BUG_ON in osdmap_apply_incremental() If the osdmap is (maliciously) corrupted such that the incremental osdmap epoch is different from what is expected, there is no need to BUG. In
CVE-2026-22988HigJan 23, 2026
affected < 6.4.0-150700.20.27.1fixed 6.4.0-150700.20.27.1
In the Linux kernel, the following vulnerability has been resolved: arp: do not assume dev_hard_header() does not change skb->head arp_create() is the only dev_hard_header() caller making assumption about skb->head being unchanged. A recent commit broke this assumption. Initi
CVE-2026-22985MedJan 23, 2026
affected < 6.4.0-150700.20.27.1fixed 6.4.0-150700.20.27.1
In the Linux kernel, the following vulnerability has been resolved: idpf: Fix RSS LUT NULL pointer crash on early ethtool operations The RSS LUT is not initialized until the interface comes up, causing the following NULL pointer crash when ethtool operations like rxhash on/off
CVE-2026-22984CriJan 23, 2026
affected < 6.4.0-150700.20.27.1fixed 6.4.0-150700.20.27.1
In the Linux kernel, the following vulnerability has been resolved: libceph: prevent potential out-of-bounds reads in handle_auth_done() Perform an explicit bounds check on payload_len to avoid a possible out-of-bounds access in the callout. [ idryomov: changelog ]
CVE-2026-22978Jan 23, 2026
affected < 6.4.0-150700.20.27.1fixed 6.4.0-150700.20.27.1
In the Linux kernel, the following vulnerability has been resolved: wifi: avoid kernel-infoleak from struct iw_point struct iw_point has a 32bit hole on 64bit arches. struct iw_point { void __user *pointer; /* Pointer to the data (in user space) */ __u16 l
CVE-2025-71149Jan 23, 2026
affected < 6.4.0-150700.20.27.1fixed 6.4.0-150700.20.27.1
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.

Page 1 of 106