VYPR

rpm package

suse/kernel-zfcpdump&distro=SUSE Linux Enterprise Module for Basesystem 15 SP7

pkg:rpm/suse/kernel-zfcpdump&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7

Vulnerabilities (2,262)

  • CVE-2025-38718Sep 4, 2025
    affected < 6.4.0-150700.53.22.1fixed 6.4.0-150700.53.22.1

    In the Linux kernel, the following vulnerability has been resolved: sctp: linearize cloned gso packets in sctp_rcv A cloned head skb still shares these frag skbs in fraglist with the original head skb. It's not safe to access these frag skbs. syzbot reported two use-of-uniniti

  • CVE-2025-38709Sep 4, 2025
    affected < 6.4.0-150700.53.19.1fixed 6.4.0-150700.53.19.1

    In the Linux kernel, the following vulnerability has been resolved: loop: Avoid updating block size under exclusive owner Syzbot came up with a reproducer where a loop device block size is changed underneath a mounted filesystem. This causes a mismatch between the block device

  • CVE-2025-38705Sep 4, 2025
    affected < 6.4.0-150700.53.19.1fixed 6.4.0-150700.53.19.1

    In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: fix null pointer access Writing a string without delimiters (' ', '\n', '\0') to the under gpu_od/fan_ctrl sysfs or pp_power_profile_mode for the CUSTOM profile will result in a null pointer derefer

  • CVE-2025-38703Sep 4, 2025
    affected < 6.4.0-150700.53.19.1fixed 6.4.0-150700.53.19.1

    In the Linux kernel, the following vulnerability has been resolved: drm/xe: Make dma-fences compliant with the safe access rules Xe can free some of the data pointed to by the dma-fences it exports. Most notably the timeline name can get freed if userspace closes the associated

  • CVE-2025-38692Sep 4, 2025
    affected < 6.4.0-150700.53.22.1fixed 6.4.0-150700.53.22.1

    In the Linux kernel, the following vulnerability has been resolved: exfat: add cluster chain loop check for dir An infinite loop may occur if the following conditions occur due to file system corruption. (1) Condition for exfat_count_dir_entries() to loop infinitely. - The

  • CVE-2025-38678Sep 3, 2025
    affected < 6.4.0-150700.53.19.1fixed 6.4.0-150700.53.19.1

    In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: reject duplicate device on updates A chain/flowtable update with duplicated devices in the same batch is possible. Unfortunately, netdev event path only removes the first device that is fo

  • CVE-2024-58240HigAug 28, 2025
    affected < 6.4.0-150700.53.22.1fixed 6.4.0-150700.53.22.1

    In the Linux kernel, the following vulnerability has been resolved: tls: separate no-async decryption request handling from async If we're not doing async, the handling is much simpler. There's no reference counting, we just need to wait for the completion to wake us up and ret

  • CVE-2025-38676HigAug 26, 2025
    affected < 6.4.0-150700.53.19.1fixed 6.4.0-150700.53.19.1

    In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Avoid stack buffer overflow from kernel cmdline While the kernel command line is considered trusted in most environments, avoid writing 1 byte past the end of "acpiid" if the "str" argument is maximu

  • CVE-2025-38670HigAug 22, 2025
    affected < 6.4.0-150700.53.16.1fixed 6.4.0-150700.53.16.1

    In the Linux kernel, the following vulnerability has been resolved: arm64/entry: Mask DAIF in cpu_switch_to(), call_on_irq_stack() `cpu_switch_to()` and `call_on_irq_stack()` manipulate SP to change to different stacks along with the Shadow Call Stack if it is enabled. Those tw

  • CVE-2025-38671Aug 22, 2025
    affected < 6.4.0-150700.53.16.1fixed 6.4.0-150700.53.16.1

    In the Linux kernel, the following vulnerability has been resolved: i2c: qup: jump out of the loop in case of timeout Original logic only sets the return value but doesn't jump out of the loop if the bus is kept active by a client. This is not expected. A malicious or buggy i2c

  • CVE-2025-38668Aug 22, 2025
    affected < 6.4.0-150700.53.16.1fixed 6.4.0-150700.53.16.1

    In the Linux kernel, the following vulnerability has been resolved: regulator: core: fix NULL dereference on unbind due to stale coupling data Failing to reset coupling_desc.n_coupled after freeing coupled_rdevs can lead to NULL pointer dereference when regulators are accessed

  • CVE-2025-38665Aug 22, 2025
    affected < 6.4.0-150700.53.16.1fixed 6.4.0-150700.53.16.1

    In the Linux kernel, the following vulnerability has been resolved: can: netlink: can_changelink(): fix NULL pointer deref of struct can_priv::do_set_mode Andrei Lalaev reported a NULL pointer deref when a CAN device is restarted from Bus Off and the driver does not implement t

  • CVE-2025-38664Aug 22, 2025
    affected < 6.4.0-150700.53.19.1fixed 6.4.0-150700.53.19.1

    In the Linux kernel, the following vulnerability has been resolved: ice: Fix a null pointer dereference in ice_copy_and_init_pkg() Add check for the return value of devm_kmemdup() to prevent potential null pointer dereference.

  • CVE-2025-38663Aug 22, 2025
    affected < 6.4.0-150700.53.16.1fixed 6.4.0-150700.53.16.1

    In the Linux kernel, the following vulnerability has been resolved: nilfs2: reject invalid file types when reading inodes To prevent inodes with invalid file types from tripping through the vfs and causing malfunctions or assertion failures, add a missing sanity check when read

  • CVE-2025-38660Aug 22, 2025
    affected < 6.4.0-150700.53.19.1fixed 6.4.0-150700.53.19.1

    In the Linux kernel, the following vulnerability has been resolved: [ceph] parse_longname(): strrchr() expects NUL-terminated string ... and parse_longname() is not guaranteed that. That's the reason why it uses kmemdup_nul() to build the argument for kstrtou64(); the problem

  • CVE-2025-38659Aug 22, 2025
    affected < 6.4.0-150700.53.19.1fixed 6.4.0-150700.53.19.1

    In the Linux kernel, the following vulnerability has been resolved: gfs2: No more self recovery When a node withdraws and it turns out that it is the only node that has the filesystem mounted, gfs2 currently tries to replay the local journal to bring the filesystem back into a

  • CVE-2025-38656Aug 22, 2025
    affected < 6.4.0-150700.53.16.1fixed 6.4.0-150700.53.16.1

    In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: Fix error code in iwl_op_mode_dvm_start() Preserve the error code if iwl_setup_deferred_work() fails. The current code returns ERR_PTR(0) (which is NULL) on this path. I believe the missing err

  • CVE-2025-38653Aug 22, 2025
    affected < 6.4.0-150700.53.22.1fixed 6.4.0-150700.53.22.1

    In the Linux kernel, the following vulnerability has been resolved: proc: use the same treatment to check proc_lseek as ones for proc_read_iter et.al Check pde->proc_ops->proc_lseek directly may cause UAF in rmmod scenario. It's a gap in proc_reg_open() after commit 654b33ada4

  • CVE-2025-38650Aug 22, 2025
    affected < 6.4.0-150700.53.16.1fixed 6.4.0-150700.53.16.1

    In the Linux kernel, the following vulnerability has been resolved: hfsplus: remove mutex_lock check in hfsplus_free_extents Syzbot reported an issue in hfsplus filesystem: ------------[ cut here ]------------ WARNING: CPU: 0 PID: 4400 at fs/hfsplus/extents.c:346 hfsplus_free

  • CVE-2025-38646Aug 22, 2025
    affected < 6.4.0-150700.53.16.1fixed 6.4.0-150700.53.16.1

    In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: avoid NULL dereference when RX problematic packet on unsupported 6 GHz band With a quite rare chance, RX report might be problematic to make SW think a packet is received on 6 GHz band even if the

Page 64 of 114