VYPR

rpm package

suse/kernel-syms-azure&distro=SUSE Linux Enterprise Module for Public Cloud 15 SP7

pkg:rpm/suse/kernel-syms-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP7

Vulnerabilities (2,117)

  • CVE-2025-38665Aug 22, 2025
    affected < 6.4.0-150700.20.15.1fixed 6.4.0-150700.20.15.1

    In the Linux kernel, the following vulnerability has been resolved: can: netlink: can_changelink(): fix NULL pointer deref of struct can_priv::do_set_mode Andrei Lalaev reported a NULL pointer deref when a CAN device is restarted from Bus Off and the driver does not implement t

  • CVE-2025-38664Aug 22, 2025
    affected < 6.4.0-150700.20.15.1fixed 6.4.0-150700.20.15.1

    In the Linux kernel, the following vulnerability has been resolved: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() Add check for the return value of devm_kmemdup() to prevent potential null pointer dereference.

  • CVE-2025-38663Aug 22, 2025
    affected < 6.4.0-150700.20.15.1fixed 6.4.0-150700.20.15.1

    In the Linux kernel, the following vulnerability has been resolved: nilfs2: reject invalid file types when reading inodes To prevent inodes with invalid file types from tripping through the vfs and causing malfunctions or assertion failures, add a missing sanity check when read

  • CVE-2025-38660Aug 22, 2025
    affected < 6.4.0-150700.20.15.1fixed 6.4.0-150700.20.15.1

    In the Linux kernel, the following vulnerability has been resolved: [ceph] parse_longname(): strrchr() expects NUL-terminated string ... and parse_longname() is not guaranteed that. That's the reason why it uses kmemdup_nul() to build the argument for kstrtou64(); the problem

  • CVE-2025-38656Aug 22, 2025
    affected < 6.4.0-150700.20.15.1fixed 6.4.0-150700.20.15.1

    In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: Fix error code in iwl_op_mode_dvm_start() Preserve the error code if iwl_setup_deferred_work() fails. The current code returns ERR_PTR(0) (which is NULL) on this path. I believe the missing err

  • CVE-2025-38653Aug 22, 2025
    affected < 6.4.0-150700.20.18.1fixed 6.4.0-150700.20.18.1

    In the Linux kernel, the following vulnerability has been resolved: proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al Check pde->proc_ops->proc_lseek directly may cause UAF in rmmod scenario. It's a gap in proc_reg_open() after commit 654b33ada4

  • CVE-2025-38650Aug 22, 2025
    affected < 6.4.0-150700.20.15.1fixed 6.4.0-150700.20.15.1

    In the Linux kernel, the following vulnerability has been resolved: hfsplus: remove mutex_lock check in hfsplus_free_extents Syzbot reported an issue in hfsplus filesystem: ------------[ cut here ]------------ WARNING: CPU: 0 PID: 4400 at fs/hfsplus/extents.c:346 hfsplus_free

  • CVE-2025-38646Aug 22, 2025
    affected < 6.4.0-150700.20.15.1fixed 6.4.0-150700.20.15.1

    In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: avoid NULL dereference when RX problematic packet on unsupported 6 GHz band With a quite rare chance, RX report might be problematic to make SW think a packet is received on 6 GHz band even if the

  • CVE-2025-38645Aug 22, 2025
    affected < 6.4.0-150700.20.15.1fixed 6.4.0-150700.20.15.1

    In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Check device memory pointer before usage Add a NULL check before accessing device memory to prevent a crash if dev->dm allocation in mlx5_init_once() fails.

  • CVE-2025-38644Aug 22, 2025
    affected < 6.4.0-150700.20.15.1fixed 6.4.0-150700.20.15.1

    In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: reject TDLS operations when station is not associated syzbot triggered a WARN in ieee80211_tdls_oper() by sending NL80211_TDLS_ENABLE_LINK immediately after NL80211_CMD_CONNECT, before associati

  • CVE-2025-38643Aug 22, 2025
    affected < 6.4.0-150700.20.15.1fixed 6.4.0-150700.20.15.1

    In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: Add missing lock in cfg80211_check_and_end_cac() Callers of wdev_chandef() must hold the wiphy mutex. But the worker cfg80211_propagate_cac_done_wk() never takes the lock. Which triggers the wa

  • CVE-2025-38640Aug 22, 2025
    affected < 6.4.0-150700.20.15.1fixed 6.4.0-150700.20.15.1

    In the Linux kernel, the following vulnerability has been resolved: bpf: Disable migration in nf_hook_run_bpf(). syzbot reported that the netfilter bpf prog can be called without migration disabled in xmit path. Then the assertion in __bpf_prog_run() fails, triggering the spla

  • CVE-2025-38639Aug 22, 2025
    affected < 6.4.0-150700.20.15.1fixed 6.4.0-150700.20.15.1

    In the Linux kernel, the following vulnerability has been resolved: netfilter: xt_nfacct: don't assume acct name is null-terminated BUG: KASAN: slab-out-of-bounds in .. lib/vsprintf.c:721 Read of size 1 at addr ffff88801eac95c8 by task syz-executor183/5851 [..] string+0x231/0x

  • CVE-2025-38635Aug 22, 2025
    affected < 6.4.0-150700.20.15.1fixed 6.4.0-150700.20.15.1

    In the Linux kernel, the following vulnerability has been resolved: clk: davinci: Add NULL check in davinci_lpsc_clk_register() devm_kasprintf() returns NULL when memory allocation fails. Currently, davinci_lpsc_clk_register() does not check for this case, which results in a NU

  • CVE-2025-38634Aug 22, 2025
    affected < 6.4.0-150700.20.15.1fixed 6.4.0-150700.20.15.1

    In the Linux kernel, the following vulnerability has been resolved: power: supply: cpcap-charger: Fix null check for power_supply_get_by_name In the cpcap_usb_detect() function, the power_supply_get_by_name() function may return `NULL` instead of an error pointer. To prevent po

  • CVE-2025-38632Aug 22, 2025
    affected < 6.4.0-150700.20.15.1fixed 6.4.0-150700.20.15.1

    In the Linux kernel, the following vulnerability has been resolved: pinmux: fix race causing mux_owner NULL with active mux_usecount commit 5a3e85c3c397 ("pinmux: Use sequential access to access desc->pinmux data") tried to address the issue when two client of the same gpio cal

  • CVE-2025-38630Aug 22, 2025
    affected < 6.4.0-150700.20.15.1fixed 6.4.0-150700.20.15.1

    In the Linux kernel, the following vulnerability has been resolved: fbdev: imxfb: Check fb_add_videomode to prevent null-ptr-deref fb_add_videomode() can fail with -ENOMEM when its internal kmalloc() cannot allocate a struct fb_modelist. If that happens, the modelist stays emp

  • CVE-2025-38628Aug 22, 2025
    affected < 6.4.0-150700.20.15.1fixed 6.4.0-150700.20.15.1

    In the Linux kernel, the following vulnerability has been resolved: vdpa/mlx5: Fix release of uninitialized resources on error path The commit in the fixes tag made sure that mlx5_vdpa_free() is the single entrypoint for removing the vdpa device resources added in mlx5_vdpa_dev

  • CVE-2025-38624Aug 22, 2025
    affected < 6.4.0-150700.20.15.1fixed 6.4.0-150700.20.15.1

    In the Linux kernel, the following vulnerability has been resolved: PCI: pnv_php: Clean up allocated IRQs on unplug When the root of a nested PCIe bridge configuration is unplugged, the pnv_php driver leaked the allocated IRQ resources for the child bridges' hotplug event notif

  • CVE-2025-38623Aug 22, 2025
    affected < 6.4.0-150700.20.15.1fixed 6.4.0-150700.20.15.1

    In the Linux kernel, the following vulnerability has been resolved: PCI: pnv_php: Fix surprise plug detection and recovery The existing PowerNV hotplug code did not handle surprise plug events correctly, leading to a complete failure of the hotplug system after device removal a

Page 57 of 106