kgraft-patch-SLE12-SP5_Update_78 (SUSE:Linux Enterprise Live Patching 12 SP5) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Live Patching 12 SP5 package kgraft-patch-SLE12-SP5_Update_78, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (68)
CVE-2026-23112 — CVSS 9.8 (critical): In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: add bounds checks in nvmet_tcp_build_pdu_iovec…
CVE-2026-23004 — CVSS 7.8 (high): In the Linux kernel, the following vulnerability has been resolved: dst: fix races in rt6_uncached_list_del() and rt_del_uncached_list()…
CVE-2026-23198 — CVSS 7.8 (high): In the Linux kernel, the following vulnerability has been resolved: KVM: Don't clobber irqfd routing type when deassigning irqfd When…
CVE-2023-6040 — CVSS 7.8 (high): An out-of-bounds access vulnerability involving netfilter was reported and fixed as: f1082dd31fe4 (netfilter: nf_tables: Reject tables of…
CVE-2025-22083 — CVSS 7.8 (high): In the Linux kernel, the following vulnerability has been resolved: vhost-scsi: Fix handling of multiple calls to vhost_scsi_set_endpoint…
CVE-2026-23268 — CVSS 7.8 (high): In the Linux kernel, the following vulnerability has been resolved: apparmor: fix unprivileged local user can do privileged policy…
CVE-2026-23191 — CVSS 7.8 (high): In the Linux kernel, the following vulnerability has been resolved: ALSA: aloop: Fix racy access at PCM trigger The PCM trigger callback of…
CVE-2026-23105 — CVSS 7.8 (high): In the Linux kernel, the following vulnerability has been resolved: net/sched: qfq: Use cl_is_active to determine whether class is active…
CVE-2026-23089 — CVSS 7.8 (high): In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix use-after-free in snd_usb_mixer_free() When…
CVE-2026-23083 — CVSS 7.8 (high): In the Linux kernel, the following vulnerability has been resolved: fou: Don't allow 0 for FOU_ATTR_IPPROTO. fou_udp_recv() has the same…
CVE-2026-23074 — CVSS 7.8 (high): In the Linux kernel, the following vulnerability has been resolved: net/sched: Enforce that teql can only be used as root qdisc Design…
CVE-2026-23209 — CVSS 7.8 (high): In the Linux kernel, the following vulnerability has been resolved: macvlan: fix error recovery in macvlan_common_newlink() valis provided…
CVE-2025-71075 — CVSS 7.8 (high): In the Linux kernel, the following vulnerability has been resolved: scsi: aic94xx: fix use-after-free in device removal path The…
CVE-2026-23208 — CVSS 7.8 (high): In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Prevent excessive number of frames In this case, the…
CVE-2026-22991 — CVSS 7.5 (high): In the Linux kernel, the following vulnerability has been resolved: libceph: make free_choose_arg_map() resilient to partial allocation…
CVE-2026-23095 — CVSS 7.5 (high): In the Linux kernel, the following vulnerability has been resolved: gue: Fix skb memleak with inner IP protocol 0. syzbot reported skb…
CVE-2026-22998 — CVSS 7.5 (high): In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: fix NULL pointer dereferences in nvmet_tcp_build_pdu_iovec…
CVE-2026-23003 — CVSS 7.5 (high): In the Linux kernel, the following vulnerability has been resolved: ip6_tunnel: use skb_vlan_inet_prepare() in __ip6_tnl_rcv() Blamed…
CVE-2026-25702 — CVSS 7.3 (high): A Improper Access Control vulnerability in the kernel of SUSE SUSE Linux Enterprise Server 12 SP5 breaks nftables, causing firewall rules…
CVE-2026-23204 — CVSS 7.1 (high): In the Linux kernel, the following vulnerability has been resolved: net/sched: cls_u32: use skb_header_pointer_careful()…
CVE-2026-23269 — CVSS 7.1 (high): In the Linux kernel, the following vulnerability has been resolved: apparmor: validate DFA start states are in bounds in unpack_pdb Start…
CVE-2025-71116 — CVSS 7.1 (high): In the Linux kernel, the following vulnerability has been resolved: libceph: make decode_pool() more resilient against corrupted osdmaps If…
CVE-2026-23099 — CVSS 7.1 (high): In the Linux kernel, the following vulnerability has been resolved: bonding: limit BOND_MODE_8023AD to Ethernet devices BOND_MODE_8023AD…
CVE-2025-39817 — CVSS 7.1 (high): In the Linux kernel, the following vulnerability has been resolved: efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare Observed on…
CVE-2026-23141 — CVSS 5.5 (medium): In the Linux kernel, the following vulnerability has been resolved: btrfs: send: check for inline extents in range_is_hole_in_parent()…
CVE-2025-21738 — CVSS 5.5 (medium): In the Linux kernel, the following vulnerability has been resolved: ata: libata-sff: Ensure that we cannot write outside the allocated…
CVE-2025-22125 — CVSS 5.5 (medium): In the Linux kernel, the following vulnerability has been resolved: md/raid1,raid10: don't ignore IO flags If blk-wbt is enabled by…
CVE-2025-39748 — CVSS 5.5 (medium): In the Linux kernel, the following vulnerability has been resolved: bpf: Forget ranges when refining tnum after JSET Syzbot reported a…
CVE-2025-68223 — CVSS 5.5 (medium): In the Linux kernel, the following vulnerability has been resolved: drm/radeon: delete radeon_fence_process in is_signaled, no deadlock…
CVE-2025-71104 — CVSS 5.5 (medium): In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Fix VM hard lockup after prolonged inactivity with periodic…
CVE-2025-71113 — CVSS 5.5 (medium): In the Linux kernel, the following vulnerability has been resolved: crypto: af_alg - zero initialize memory allocated via sock_kmalloc…
CVE-2025-71131 — CVSS 5.5 (medium): In the Linux kernel, the following vulnerability has been resolved: crypto: seqiv - Do not use req->iv after crypto_aead_encrypt As soon as…
CVE-2025-71183 — CVSS 5.5 (medium): In the Linux kernel, the following vulnerability has been resolved: btrfs: always detect conflicting inodes when logging inode refs After…
CVE-2025-71184 — CVSS 5.5 (medium): In the Linux kernel, the following vulnerability has been resolved: btrfs: fix NULL dereference on root when tracing inode eviction When…
CVE-2025-71236 — CVSS 5.5 (medium): In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Validate sp before freeing associated memory System…
CVE-2026-23060 — CVSS 5.5 (medium): In the Linux kernel, the following vulnerability has been resolved: crypto: authencesn - reject too-short AAD (assoclen<8) to match ESP/ESN…
CVE-2026-23064 — CVSS 5.5 (medium): In the Linux kernel, the following vulnerability has been resolved: net/sched: act_ife: avoid possible NULL deref tcf_ife_encode() must…
CVE-2026-23069 — CVSS 5.5 (medium): In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: fix potential underflow in virtio_transport_get_credit()…
CVE-2026-23084 — CVSS 5.5 (medium): In the Linux kernel, the following vulnerability has been resolved: be2net: Fix NULL pointer dereference in be_cmd_get_mac_from_list When…
CVE-2026-23085 — CVSS 5.5 (medium): In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v3-its: Avoid truncating memory addresses On 32-bit…
CVE-2026-23086 — CVSS 5.5 (medium): In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: cap TX credit to local buffer size The virtio transports…
CVE-2026-23125 — CVSS 5.5 (medium): In the Linux kernel, the following vulnerability has been resolved: sctp: move SCTP_CMD_ASSOC_SHKEY right after SCTP_CMD_PEER_INIT A…
CVE-2022-50453 — CVSS 5.5 (medium): In the Linux kernel, the following vulnerability has been resolved: gpiolib: cdev: fix NULL-pointer dereferences There are several places…
CVE-2025-39964 — CVSS 3.3 (low): In the Linux kernel, the following vulnerability has been resolved: crypto: af_alg - Disallow concurrent writes in af_alg_sendmsg Issuing…
CVE-2026-23054: In the Linux kernel, the following vulnerability has been resolved: net: hv_netvsc: reject RSS hash key programming without RX indirection…
CVE-2023-54184: In the Linux kernel, the following vulnerability has been resolved: scsi: target: iscsit: Free cmds before session free Commands from…
CVE-2023-53827: In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix use-after-free in l2cap_disconnect_{req,rsp}…
CVE-2025-40342: In the Linux kernel, the following vulnerability has been resolved: nvme-fc: use lock accessing port_state and rport state…
CVE-2025-40242: In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix unlikely race in gdlm_put_lock In gdlm_put_lock(), there is a…
CVE-2023-53817: In the Linux kernel, the following vulnerability has been resolved: crypto: lib/mpi - avoid null pointer deref in mpi_cmp_ui() During…
CVE-2023-53816: In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: fix potential kgd_mem UAFs kgd_mem pointers returned by…
CVE-2023-53808: In the Linux kernel, the following vulnerability has been resolved: wifi: mwifiex: fix memory leak in mwifiex_histogram_read() Always free…
CVE-2025-40220: In the Linux kernel, the following vulnerability has been resolved: fuse: fix livelock in synchronous file put from fuseblk workers I…
CVE-2025-68818: In the Linux kernel, the following vulnerability has been resolved: scsi: Revert "scsi: qla2xxx: Perform lockless command completion in…
CVE-2025-68724: In the Linux kernel, the following vulnerability has been resolved: crypto: asymmetric_keys - prevent overflow in asymmetric_key_generate_id…
CVE-2025-40219: In the Linux kernel, the following vulnerability has been resolved: PCI/IOV: Fix race between SR-IOV enable/disable and hotplug Commit…
CVE-2025-40103: In the Linux kernel, the following vulnerability has been resolved: smb: client: Fix refcount leak for cifs_sb_tlink Fix three refcount…
CVE-2025-68295: In the Linux kernel, the following vulnerability has been resolved: smb: client: fix memory leak in cifs_construct_tcon() When having a…
CVE-2025-40099: In the Linux kernel, the following vulnerability has been resolved: cifs: parse_dfs_referrals: prevent oob on malformed input Malicious SMB…
CVE-2025-39998: In the Linux kernel, the following vulnerability has been resolved: scsi: target: target_core_configfs: Add length check to avoid buffer…
CVE-2023-53802: In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: htc_hst: free skb in ath9k_htc_rx_msg() if there is no…
CVE-2025-71194: In the Linux kernel, the following vulnerability has been resolved: btrfs: fix deadlock in wait_current_trans() due to ignored transaction…
CVE-2025-71224: In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: ocb: skip rx_no_sta when interface is not joined…
CVE-2023-53794: In the Linux kernel, the following vulnerability has been resolved: cifs: fix session state check in reconnect to avoid use-after-free…
CVE-2025-68287: In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: Fix race condition between concurrent dwc3_remove_requests()…
CVE-2025-68285: In the Linux kernel, the following vulnerability has been resolved: libceph: fix potential use-after-free in have_mon_and_osd_map() The…
CVE-2025-68234: In the Linux kernel, the following vulnerability has been resolved: io_uring/cmd_net: fix wrong argument types for skb_queue_splice() If…
CVE-2025-68283: In the Linux kernel, the following vulnerability has been resolved: libceph: replace BUG_ON with bounds check for map->max_osd OSD indexes…