VYPR

rpm package

suse/kernel-syms-rt&distro=SUSE Real Time Module 15 SP7

pkg:rpm/suse/kernel-syms-rt&distro=SUSE%20Real%20Time%20Module%2015%20SP7

Vulnerabilities (2,100)

  • CVE-2025-71064Jan 13, 2026
    affected < 6.4.0-150700.7.31.1fixed 6.4.0-150700.7.31.1

    In the Linux kernel, the following vulnerability has been resolved: net: hns3: using the num_tqps in the vf driver to apply for resources Currently, hdev->htqp is allocated using hdev->num_tqps, and kinfo->tqp is allocated using kinfo->num_tqps. However, kinfo->num_tqps is set

  • CVE-2025-68820Jan 13, 2026
    affected < 6.4.0-150700.7.31.1fixed 6.4.0-150700.7.31.1

    In the Linux kernel, the following vulnerability has been resolved: ext4: xattr: fix null pointer deref in ext4_raw_inode() If ext4_get_inode_loc() fails (e.g. if it returns -EFSCORRUPTED), iloc.bh will remain set to NULL. Since ext4_xattr_inode_dec_ref_all() lacks error checki

  • CVE-2025-68819Jan 13, 2026
    affected < 6.4.0-150700.7.31.1fixed 6.4.0-150700.7.31.1

    In the Linux kernel, the following vulnerability has been resolved: media: dvb-usb: dtv5100: fix out-of-bounds in dtv5100_i2c_msg() rlen value is a user-controlled value, but dtv5100_i2c_msg() does not check the size of the rlen value. Therefore, if it is set to a value larger

  • CVE-2025-68816Jan 13, 2026
    affected < 6.4.0-150700.7.31.1fixed 6.4.0-150700.7.31.1

    In the Linux kernel, the following vulnerability has been resolved: net/mlx5: fw_tracer, Validate format string parameters Add validation for format string parameters in the firmware tracer to prevent potential security vulnerabilities and crashes from malformed format strings

  • CVE-2025-68815Jan 13, 2026
    affected < 6.4.0-150700.7.31.1fixed 6.4.0-150700.7.31.1

    In the Linux kernel, the following vulnerability has been resolved: net/sched: ets: Remove drr class from the active list if it changes to strict Whenever a user issues an ets qdisc change command, transforming a drr class into a strict one, the ets code isn't checking whether

  • CVE-2025-68814Jan 13, 2026
    affected < 6.4.0-150700.7.31.1fixed 6.4.0-150700.7.31.1

    In the Linux kernel, the following vulnerability has been resolved: io_uring: fix filename leak in __io_openat_prep() __io_openat_prep() allocates a struct filename using getname(). However, for the condition of the file being installed in the fixed file table as well as havin

  • CVE-2025-68813Jan 13, 2026
    affected < 6.4.0-150700.7.31.1fixed 6.4.0-150700.7.31.1

    In the Linux kernel, the following vulnerability has been resolved: ipvs: fix ipv4 null-ptr-deref in route error path The IPv4 code path in __ip_vs_get_out_rt() calls dst_link_failure() without ensuring skb->dev is set, leading to a NULL pointer dereference in fib_compute_spec_

  • CVE-2025-68810Jan 13, 2026
    affected < 6.4.0-150700.7.34.1fixed 6.4.0-150700.7.34.1

    In the Linux kernel, the following vulnerability has been resolved: KVM: Disallow toggling KVM_MEM_GUEST_MEMFD on an existing memslot Reject attempts to disable KVM_MEM_GUEST_MEMFD on a memslot that was initially created with a guest_memfd binding, as KVM doesn't support toggli

  • CVE-2025-68808Jan 13, 2026
    affected < 6.4.0-150700.7.31.1fixed 6.4.0-150700.7.31.1

    In the Linux kernel, the following vulnerability has been resolved: media: vidtv: initialize local pointers upon transfer of memory ownership vidtv_channel_si_init() creates a temporary list (program, service, event) and ownership of the memory itself is transferred to the PAT/

  • CVE-2025-68804Jan 13, 2026
    affected < 6.4.0-150700.7.31.1fixed 6.4.0-150700.7.31.1

    In the Linux kernel, the following vulnerability has been resolved: platform/chrome: cros_ec_ishtp: Fix UAF after unbinding driver After unbinding the driver, another kthread `cros_ec_console_log_work` is still accessing the device, resulting an UAF and crash. The driver doesn

  • CVE-2025-68803Jan 13, 2026
    affected < 6.4.0-150700.7.31.1fixed 6.4.0-150700.7.31.1

    In the Linux kernel, the following vulnerability has been resolved: NFSD: NFSv4 file creation neglects setting ACL An NFSv4 client that sets an ACL with a named principal during file creation retrieves the ACL afterwards, and finds that it is only a default ACL (based on the mo

  • CVE-2025-68802Jan 13, 2026
    affected < 6.4.0-150700.7.31.1fixed 6.4.0-150700.7.31.1

    In the Linux kernel, the following vulnerability has been resolved: drm/xe: Limit num_syncs to prevent oversized allocations The exec and vm_bind ioctl allow userspace to specify an arbitrary num_syncs value. Without bounds checking, a very large num_syncs can force an excessiv

  • CVE-2025-68801Jan 13, 2026
    affected < 6.4.0-150700.7.31.1fixed 6.4.0-150700.7.31.1

    In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_router: Fix neighbour use-after-free We sometimes observe use-after-free when dereferencing a neighbour [1]. The problem seems to be that the driver stores a pointer to the neighbour, but withou

  • CVE-2025-68800Jan 13, 2026
    affected < 6.4.0-150700.7.31.1fixed 6.4.0-150700.7.31.1

    In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_mr: Fix use-after-free when updating multicast route stats Cited commit added a dedicated mutex (instead of RTNL) to protect the multicast route list, so that it will not change while the driver

  • CVE-2025-68798Jan 13, 2026
    affected < 6.4.0-150700.7.31.1fixed 6.4.0-150700.7.31.1

    In the Linux kernel, the following vulnerability has been resolved: perf/x86/amd: Check event before enable to avoid GPF On AMD machines cpuc->events[idx] can become NULL in a subtle race condition with NMI->throttle->x86_pmu_stop(). Check event for NULL in amd_pmu_enable_all(

  • CVE-2025-68797Jan 13, 2026
    affected < 6.4.0-150700.7.31.1fixed 6.4.0-150700.7.31.1

    In the Linux kernel, the following vulnerability has been resolved: char: applicom: fix NULL pointer dereference in ac_ioctl Discovered by Atuin - Automated Vulnerability Discovery Engine. In ac_ioctl, the validation of IndexCard and the check for a valid RamIO pointer are ski

  • CVE-2025-68795Jan 13, 2026
    affected < 6.4.0-150700.7.31.1fixed 6.4.0-150700.7.31.1

    In the Linux kernel, the following vulnerability has been resolved: ethtool: Avoid overflowing userspace buffer on stats query The ethtool -S command operates across three ioctl calls: ETHTOOL_GSSET_INFO for the size, ETHTOOL_GSTRINGS for the names, and ETHTOOL_GSTATS for the v

  • CVE-2025-68794Jan 13, 2026
    affected < 6.4.0-150700.7.37.1fixed 6.4.0-150700.7.37.1

    In the Linux kernel, the following vulnerability has been resolved: iomap: adjust read range correctly for non-block-aligned positions iomap_adjust_read_range() assumes that the position and length passed in are block-aligned. This is not always the case however, as shown in th

  • CVE-2025-68788Jan 13, 2026
    affected < 6.4.0-150700.7.31.1fixed 6.4.0-150700.7.31.1

    In the Linux kernel, the following vulnerability has been resolved: fsnotify: do not generate ACCESS/MODIFY events on child for special files inotify/fanotify do not allow users with no read access to a file to subscribe to events (e.g. IN_ACCESS/IN_MODIFY), but they do allow t

  • CVE-2025-68785Jan 13, 2026
    affected < 6.4.0-150700.7.34.1fixed 6.4.0-150700.7.34.1

    In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix middle attribute validation in push_nsh() action The push_nsh() action structure looks like this: OVS_ACTION_ATTR_PUSH_NSH(OVS_KEY_ATTR_NSH(OVS_NSH_KEY_ATTR_BASE,...)) The outermost OVS

Page 12 of 105