rpm package
suse/kgraft-patch-SLE12-SP5_Update_74&distro=SUSE Linux Enterprise Live Patching 12 SP5
pkg:rpm/suse/kgraft-patch-SLE12-SP5_Update_74&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012%20SP5
Vulnerabilities (140)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-50470 | — | < 1-8.5.1 | 1-8.5.1 | Oct 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: xhci: Remove device endpoints from bandwidth list when freeing the device Endpoints are normally deleted from the bandwidth list when they are dropped, before the virt device is freed. If xHC host is dying or | ||
| CVE-2025-39931 | Med | 5.5 | < 1-8.5.1 | 1-8.5.1 | Oct 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: crypto: af_alg - Set merge to zero early in af_alg_sendmsg If an error causes af_alg_sendmsg to abort, ctx->merge may contain a garbage value from the previous loop. This may then trigger a crash on the next e | |
| CVE-2025-39929 | Med | 5.5 | < 1-8.5.1 | 1-8.5.1 | Oct 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: smb: client: fix smbdirect_recv_io leak in smbd_negotiate() error path During tests of another unrelated patch I was able to trigger this error: Objects remaining on __kmem_cache_shutdown() | |
| CVE-2025-39949 | — | < 1-8.5.1 | 1-8.5.1 | Oct 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: qed: Don't collect too many protection override GRC elements In the protection override dump path, the firmware can return far too many GRC elements, resulting in attempting to write past the end of the previou | ||
| CVE-2025-39945 | — | < 1-8.5.1 | 1-8.5.1 | Oct 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: cnic: Fix use-after-free bugs in cnic_delete_task The original code uses cancel_delayed_work() in cnic_cm_stop_bnx2x_hw(), which does not guarantee that the delayed work item 'delete_task' has fully completed i | ||
| CVE-2023-53519 | Med | 5.5 | < 1-8.5.1 | 1-8.5.1 | Oct 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: media: v4l2-mem2mem: add lock to protect parameter num_rdy Getting below error when using KCSAN to check the driver. Adding lock to protect parameter num_rdy when getting the value with function: v4l2_m2m_num_s | |
| CVE-2023-53517 | Med | 5.5 | < 1-8.5.1 | 1-8.5.1 | Oct 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: tipc: do not update mtu if msg_max is too small in mtu negotiation When doing link mtu negotiation, a malicious peer may send Activate msg with a very small mtu, e.g. 4 in Shuang's testing, without checking for | |
| CVE-2022-50459 | — | < 1-8.5.1 | 1-8.5.1 | Oct 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: scsi: iscsi: iscsi_tcp: Fix null-ptr-deref while calling getpeername() Fix a NULL pointer crash that occurs when we are freeing the socket at the same time we access it via sysfs. The problem is that: 1. isc | ||
| CVE-2021-4460 | — | < 1-8.5.1 | 1-8.5.1 | Oct 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix UBSAN shift-out-of-bounds warning If get_num_sdma_queues or get_num_xgmi_sdma_queues is 0, we end up doing a shift operation where the number of bits shifted equals number of bits in the operand | ||
| CVE-2023-53484 | — | < 1-8.5.1 | 1-8.5.1 | Oct 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: lib: cpu_rmap: Avoid use after free on rmap->obj array entries When calling irq_set_affinity_notifier() with NULL at the notify argument, it will cause freeing of the glue pointer in the corresponding array ent | ||
| CVE-2023-53477 | — | < 1-8.5.1 | 1-8.5.1 | Oct 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: ipv6: Add lwtunnel encap size of all siblings in nexthop calculation In function rt6_nlmsg_size(), the length of nexthop is calculated by multipling the nexthop length of fib6_info and the number of siblings. H | ||
| CVE-2023-53476 | — | < 1-8.5.1 | 1-8.5.1 | Oct 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: iw_cxgb4: Fix potential NULL dereference in c4iw_fill_res_cm_id_entry() This condition needs to match the previous "if (epcp->state == LISTEN) {" exactly to avoid a NULL dereference of either "listen_ep" or "ep | ||
| CVE-2022-50443 | — | < 1-8.5.1 | 1-8.5.1 | Oct 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: drm/rockchip: lvds: fix PM usage counter unbalance in poweron pm_runtime_get_sync will increment pm usage counter even it failed. Forgetting to putting operation will result in reference leak here. We fix it by | ||
| CVE-2022-50423 | — | < 1-8.5.1 | 1-8.5.1 | Oct 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: ACPICA: Fix use-after-free in acpi_ut_copy_ipackage_to_ipackage() There is an use-after-free reported by KASAN: BUG: KASAN: use-after-free in acpi_ut_remove_reference+0x3b/0x82 Read of size 1 at addr ffff8 | ||
| CVE-2025-39923 | — | < 1-8.5.1 | 1-8.5.1 | Oct 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: dmaengine: qcom: bam_dma: Fix DT error handling for num-channels/ees When we don't have a clock specified in the device tree, we have no way to ensure the BAM is on. This is often the case for remotely-controll | ||
| CVE-2025-39911 | — | < 1-8.5.1 | 1-8.5.1 | Oct 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path If request_irq() in i40e_vsi_request_irq_msix() fails in an iteration later than the first, the error path wants to free the IRQs requested so far. | ||
| CVE-2025-39876 | — | < 1-8.5.1 | 1-8.5.1 | Sep 23, 2025 | In the Linux kernel, the following vulnerability has been resolved: net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable() The function of_phy_find_device may return NULL, so we need to take care before dereferencing phy_dev. | ||
| CVE-2025-39866 | Hig | 7.8 | < 1-8.5.1 | 1-8.5.1 | Sep 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: fs: writeback: fix use-after-free in __mark_inode_dirty() An use-after-free issue occurred when __mark_inode_dirty() get the bdi_writeback that was in the progress of switching. CPU: 1 PID: 562 Comm: systemd-r | |
| CVE-2025-39841 | Hig | 7.8 | < 1-8.5.1 | 1-8.5.1 | Sep 19, 2025 | In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix buffer free/clear order in deferred receive path Fix a use-after-free window by correcting the buffer release sequence in the deferred receive path. The code freed the RQ buffer first and only t | |
| CVE-2023-53433 | — | < 1-8.5.1 | 1-8.5.1 | Sep 18, 2025 | In the Linux kernel, the following vulnerability has been resolved: net: add vlan_get_protocol_and_depth() helper Before blamed commit, pskb_may_pull() was used instead of skb_header_pointer() in __vlan_get_protocol() and friends. Few callers depended on skb->head being popula |
- CVE-2022-50470Oct 4, 2025affected < 1-8.5.1fixed 1-8.5.1
In the Linux kernel, the following vulnerability has been resolved: xhci: Remove device endpoints from bandwidth list when freeing the device Endpoints are normally deleted from the bandwidth list when they are dropped, before the virt device is freed. If xHC host is dying or
- affected < 1-8.5.1fixed 1-8.5.1
In the Linux kernel, the following vulnerability has been resolved: crypto: af_alg - Set merge to zero early in af_alg_sendmsg If an error causes af_alg_sendmsg to abort, ctx->merge may contain a garbage value from the previous loop. This may then trigger a crash on the next e
- affected < 1-8.5.1fixed 1-8.5.1
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix smbdirect_recv_io leak in smbd_negotiate() error path During tests of another unrelated patch I was able to trigger this error: Objects remaining on __kmem_cache_shutdown()
- CVE-2025-39949Oct 4, 2025affected < 1-8.5.1fixed 1-8.5.1
In the Linux kernel, the following vulnerability has been resolved: qed: Don't collect too many protection override GRC elements In the protection override dump path, the firmware can return far too many GRC elements, resulting in attempting to write past the end of the previou
- CVE-2025-39945Oct 4, 2025affected < 1-8.5.1fixed 1-8.5.1
In the Linux kernel, the following vulnerability has been resolved: cnic: Fix use-after-free bugs in cnic_delete_task The original code uses cancel_delayed_work() in cnic_cm_stop_bnx2x_hw(), which does not guarantee that the delayed work item 'delete_task' has fully completed i
- affected < 1-8.5.1fixed 1-8.5.1
In the Linux kernel, the following vulnerability has been resolved: media: v4l2-mem2mem: add lock to protect parameter num_rdy Getting below error when using KCSAN to check the driver. Adding lock to protect parameter num_rdy when getting the value with function: v4l2_m2m_num_s
- affected < 1-8.5.1fixed 1-8.5.1
In the Linux kernel, the following vulnerability has been resolved: tipc: do not update mtu if msg_max is too small in mtu negotiation When doing link mtu negotiation, a malicious peer may send Activate msg with a very small mtu, e.g. 4 in Shuang's testing, without checking for
- CVE-2022-50459Oct 1, 2025affected < 1-8.5.1fixed 1-8.5.1
In the Linux kernel, the following vulnerability has been resolved: scsi: iscsi: iscsi_tcp: Fix null-ptr-deref while calling getpeername() Fix a NULL pointer crash that occurs when we are freeing the socket at the same time we access it via sysfs. The problem is that: 1. isc
- CVE-2021-4460Oct 1, 2025affected < 1-8.5.1fixed 1-8.5.1
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix UBSAN shift-out-of-bounds warning If get_num_sdma_queues or get_num_xgmi_sdma_queues is 0, we end up doing a shift operation where the number of bits shifted equals number of bits in the operand
- CVE-2023-53484Oct 1, 2025affected < 1-8.5.1fixed 1-8.5.1
In the Linux kernel, the following vulnerability has been resolved: lib: cpu_rmap: Avoid use after free on rmap->obj array entries When calling irq_set_affinity_notifier() with NULL at the notify argument, it will cause freeing of the glue pointer in the corresponding array ent
- CVE-2023-53477Oct 1, 2025affected < 1-8.5.1fixed 1-8.5.1
In the Linux kernel, the following vulnerability has been resolved: ipv6: Add lwtunnel encap size of all siblings in nexthop calculation In function rt6_nlmsg_size(), the length of nexthop is calculated by multipling the nexthop length of fib6_info and the number of siblings. H
- CVE-2023-53476Oct 1, 2025affected < 1-8.5.1fixed 1-8.5.1
In the Linux kernel, the following vulnerability has been resolved: iw_cxgb4: Fix potential NULL dereference in c4iw_fill_res_cm_id_entry() This condition needs to match the previous "if (epcp->state == LISTEN) {" exactly to avoid a NULL dereference of either "listen_ep" or "ep
- CVE-2022-50443Oct 1, 2025affected < 1-8.5.1fixed 1-8.5.1
In the Linux kernel, the following vulnerability has been resolved: drm/rockchip: lvds: fix PM usage counter unbalance in poweron pm_runtime_get_sync will increment pm usage counter even it failed. Forgetting to putting operation will result in reference leak here. We fix it by
- CVE-2022-50423Oct 1, 2025affected < 1-8.5.1fixed 1-8.5.1
In the Linux kernel, the following vulnerability has been resolved: ACPICA: Fix use-after-free in acpi_ut_copy_ipackage_to_ipackage() There is an use-after-free reported by KASAN: BUG: KASAN: use-after-free in acpi_ut_remove_reference+0x3b/0x82 Read of size 1 at addr ffff8
- CVE-2025-39923Oct 1, 2025affected < 1-8.5.1fixed 1-8.5.1
In the Linux kernel, the following vulnerability has been resolved: dmaengine: qcom: bam_dma: Fix DT error handling for num-channels/ees When we don't have a clock specified in the device tree, we have no way to ensure the BAM is on. This is often the case for remotely-controll
- CVE-2025-39911Oct 1, 2025affected < 1-8.5.1fixed 1-8.5.1
In the Linux kernel, the following vulnerability has been resolved: i40e: fix IRQ freeing in i40e_vsi_request_irq_msix error path If request_irq() in i40e_vsi_request_irq_msix() fails in an iteration later than the first, the error path wants to free the IRQs requested so far.
- CVE-2025-39876Sep 23, 2025affected < 1-8.5.1fixed 1-8.5.1
In the Linux kernel, the following vulnerability has been resolved: net: fec: Fix possible NPD in fec_enet_phy_reset_after_clk_enable() The function of_phy_find_device may return NULL, so we need to take care before dereferencing phy_dev.
- affected < 1-8.5.1fixed 1-8.5.1
In the Linux kernel, the following vulnerability has been resolved: fs: writeback: fix use-after-free in __mark_inode_dirty() An use-after-free issue occurred when __mark_inode_dirty() get the bdi_writeback that was in the progress of switching. CPU: 1 PID: 562 Comm: systemd-r
- affected < 1-8.5.1fixed 1-8.5.1
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix buffer free/clear order in deferred receive path Fix a use-after-free window by correcting the buffer release sequence in the deferred receive path. The code freed the RQ buffer first and only t
- CVE-2023-53433Sep 18, 2025affected < 1-8.5.1fixed 1-8.5.1
In the Linux kernel, the following vulnerability has been resolved: net: add vlan_get_protocol_and_depth() helper Before blamed commit, pskb_may_pull() was used instead of skb_header_pointer() in __vlan_get_protocol() and friends. Few callers depended on skb->head being popula
Page 5 of 7