suse/kernel-zfcpdump&distro=SUSE Linux Enterprise Module for Basesystem 15 SP7

Vulnerabilities (2,262)

• CVE-2025-39702HigSep 5, 2025
  affected < 6.4.0-150700.53.22.1fixed 6.4.0-150700.53.22.1

  In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this.

• CVE-2025-39701HigSep 5, 2025
  affected < 6.4.0-150700.53.22.1fixed 6.4.0-150700.53.22.1

  In the Linux kernel, the following vulnerability has been resolved: ACPI: pfr_update: Fix the driver update version check The security-version-number check should be used rather than the runtime version check for driver updates. Otherwise, the firmware update would fail when t

• CVE-2025-39697MedSep 5, 2025
  affected < 6.4.0-150700.53.22.1fixed 6.4.0-150700.53.22.1

  In the Linux kernel, the following vulnerability has been resolved: NFS: Fix a race when updating an existing write After nfs_lock_and_join_requests() tests for whether the request is still attached to the mapping, nothing prevents a call to nfs_inode_remove_request() from succ

• CVE-2025-39694MedSep 5, 2025
  affected < 6.4.0-150700.53.22.1fixed 6.4.0-150700.53.22.1

  In the Linux kernel, the following vulnerability has been resolved: s390/sclp: Fix SCCB present check Tracing code called by the SCLP interrupt handler contains early exits if the SCCB address associated with an interrupt is NULL. This check is performed after physical to virtu

• CVE-2025-39693MedSep 5, 2025
  affected < 6.4.0-150700.53.22.1fixed 6.4.0-150700.53.22.1

  In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Avoid a NULL pointer dereference [WHY] Although unlikely drm_atomic_get_new_connector_state() or drm_atomic_get_old_connector_state() can return NULL. [HOW] Check returns before dereference.

• CVE-2025-39691HigSep 5, 2025
  affected < 6.4.0-150700.53.19.1fixed 6.4.0-150700.53.19.1

  In the Linux kernel, the following vulnerability has been resolved: fs/buffer: fix use-after-free when call bh_read() helper There's issue as follows: BUG: KASAN: stack-out-of-bounds in end_buffer_read_sync+0xe3/0x110 Read of size 8 at addr ffffc9000168f7f8 by task swapper/3/0

• CVE-2025-39689HigSep 5, 2025
  affected < 6.4.0-150700.53.31.1fixed 6.4.0-150700.53.31.1

  In the Linux kernel, the following vulnerability has been resolved: ftrace: Also allocate and copy hash for reading of filter files Currently the reader of set_ftrace_filter and set_ftrace_notrace just adds the pointer to the global tracer hash to its iterator. Unlike the write

• CVE-2025-39686HigSep 5, 2025
  affected < 6.4.0-150700.53.22.1fixed 6.4.0-150700.53.22.1

  In the Linux kernel, the following vulnerability has been resolved: comedi: Make insn_rw_emulate_bits() do insn->n samples The `insn_rw_emulate_bits()` function is used as a default handler for `INSN_READ` instructions for subdevices that have a handler for `INSN_BITS` but not

• CVE-2025-39685HigSep 5, 2025
  affected < 6.4.0-150700.53.22.1fixed 6.4.0-150700.53.22.1

  In the Linux kernel, the following vulnerability has been resolved: comedi: pcl726: Prevent invalid irq number The reproducer passed in an irq number(0x80008000) that was too large, which triggered the oob. Added an interrupt number check to prevent users from passing in an ir

• CVE-2025-39684MedSep 5, 2025
  affected < 6.4.0-150700.53.22.1fixed 6.4.0-150700.53.22.1

  In the Linux kernel, the following vulnerability has been resolved: comedi: Fix use of uninitialized memory in do_insn_ioctl() and do_insnlist_ioctl() syzbot reports a KMSAN kernel-infoleak in `do_insn_ioctl()`. A kernel buffer is allocated to hold `insn->n` samples (each of w

• CVE-2025-39683HigSep 5, 2025
  affected < 6.4.0-150700.53.22.1fixed 6.4.0-150700.53.22.1

  In the Linux kernel, the following vulnerability has been resolved: tracing: Limit access to parser->buffer when trace_get_user failed When the length of the string written to set_ftrace_filter exceeds FTRACE_BUFF_MAX, the following KASAN alarm will be triggered: BUG: KASAN: s

• CVE-2025-39682HigSep 5, 2025
  affected < 6.4.0-150700.53.19.1fixed 6.4.0-150700.53.19.1

  In the Linux kernel, the following vulnerability has been resolved: tls: fix handling of zero-length records on the rx_list Each recvmsg() call must process either - only contiguous DATA records (any number of them) - one non-DATA record If the next record has different type

• CVE-2025-39681MedSep 5, 2025
  affected < 6.4.0-150700.53.19.1fixed 6.4.0-150700.53.19.1

  In the Linux kernel, the following vulnerability has been resolved: x86/cpu/hygon: Add missing resctrl_cpu_detect() in bsp_init helper Since 923f3a2b48bd ("x86/resctrl: Query LLC monitoring properties once during boot") resctrl_cpu_detect() has been moved from common CPU in

• CVE-2025-39676MedSep 5, 2025
  affected < 6.4.0-150700.53.22.1fixed 6.4.0-150700.53.22.1

  In the Linux kernel, the following vulnerability has been resolved: scsi: qla4xxx: Prevent a potential error pointer dereference The qla4xxx_get_ep_fwdb() function is supposed to return NULL on error, but qla4xxx_ep_connect() returns error pointers. Propagating the error point

• CVE-2025-39675MedSep 5, 2025
  affected < 6.4.0-150700.53.22.1fixed 6.4.0-150700.53.22.1

  In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add null pointer check in mod_hdcp_hdcp1_create_session() The function mod_hdcp_hdcp1_create_session() calls the function get_first_active_display(), but does not check its return value. The re

• CVE-2025-39673MedSep 5, 2025
  affected < 6.4.0-150700.53.22.1fixed 6.4.0-150700.53.22.1

  In the Linux kernel, the following vulnerability has been resolved: ppp: fix race conditions in ppp_fill_forward_path ppp_fill_forward_path() has two race conditions: 1. The ppp->channels list can change between list_empty() and list_first_entry(), as ppp_lock() is not held

• CVE-2025-38736HigSep 5, 2025
  affected < 6.4.0-150700.53.22.1fixed 6.4.0-150700.53.22.1

  In the Linux kernel, the following vulnerability has been resolved: net: usb: asix_devices: Fix PHY address mask in MDIO bus initialization Syzbot reported shift-out-of-bounds exception on MDIO bus initialization. The PHY address should be masked to 5 bits (0-31). Without this

• CVE-2025-38735MedSep 5, 2025
  affected < 6.4.0-150700.53.22.1fixed 6.4.0-150700.53.22.1

  In the Linux kernel, the following vulnerability has been resolved: gve: prevent ethtool ops after shutdown A crash can occur if an ethtool operation is invoked after shutdown() is called. shutdown() is invoked during system shutdown to stop DMA operations without performing e

• CVE-2025-38732MedSep 5, 2025
  affected < 6.4.0-150700.53.19.1fixed 6.4.0-150700.53.19.1

  In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_reject: don't leak dst refcount for loopback packets recent patches to add a WARN() when replacing skb dst entry found an old bug: WARNING: include/linux/skbuff.h:1165 skb_dst_check_unset include

• CVE-2025-39726Sep 5, 2025
  affected < 6.4.0-150700.53.22.1fixed 6.4.0-150700.53.22.1

  In the Linux kernel, the following vulnerability has been resolved: s390/ism: fix concurrency management in ism_cmd() The s390x ISM device data sheet clearly states that only one request-response sequence is allowable per ISM function at any point in time. Unfortunately as of