rpm package
opensuse/kernel-default&distro=openSUSE Leap Micro 5.3
pkg:rpm/opensuse/kernel-default&distro=openSUSE%20Leap%20Micro%205.3
Vulnerabilities (683)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-47443 | — | < 5.14.21-150400.24.122.2 | 5.14.21-150400.24.122.2 | May 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: NFC: digital: fix possible memory leak in digital_tg_listen_mdaa() 'params' is allocated in digital_tg_listen_mdaa(), but not free when digital_send_cmd() failed, which will cause memory leak. Fix it by freeing | ||
| CVE-2021-47442 | — | < 5.14.21-150400.24.122.2 | 5.14.21-150400.24.122.2 | May 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: NFC: digital: fix possible memory leak in digital_in_send_sdd_req() 'skb' is allocated in digital_in_send_sdd_req(), but not free when digital_in_send_cmd() failed, which will cause memory leak. Fix it by freei | ||
| CVE-2021-47441 | — | < 5.14.21-150400.24.122.2 | 5.14.21-150400.24.122.2 | May 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: mlxsw: thermal: Fix out-of-bounds memory accesses Currently, mlxsw allows cooling states to be set above the maximum cooling state supported by the driver: # cat /sys/class/thermal/thermal_zone2/cdev0/type m | ||
| CVE-2021-47440 | — | < 5.14.21-150400.24.122.2 | 5.14.21-150400.24.122.2 | May 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: encx24j600: check error in devm_regmap_init_encx24j600 devm_regmap_init may return error which caused by like out of memory, this will results in null pointer dereference later when reading or writing regi | ||
| CVE-2021-47439 | — | < 5.14.21-150400.24.122.2 | 5.14.21-150400.24.122.2 | May 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: dsa: microchip: Added the condition for scheduling ksz_mib_read_work When the ksz module is installed and removed using rmmod, kernel crashes with null pointer dereferrence error. During rmmod, ksz_switch_ | ||
| CVE-2021-47438 | — | < 5.14.21-150400.24.122.2 | 5.14.21-150400.24.122.2 | May 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix memory leak in mlx5_core_destroy_cq() error path Prior to this patch in case mlx5_core_destroy_cq() failed it returns without completing all destroy operations and that leads to memory leak. Inst | ||
| CVE-2021-47437 | — | < 5.14.21-150400.24.122.2 | 5.14.21-150400.24.122.2 | May 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: iio: adis16475: fix deadlock on frequency set With commit 39c024b51b560 ("iio: adis16475: improve sync scale mode handling"), two deadlocks were introduced: 1) The call to 'adis_write_reg_16()' was not changed | ||
| CVE-2021-47436 | — | < 5.14.21-150400.24.122.2 | 5.14.21-150400.24.122.2 | May 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: usb: musb: dsps: Fix the probe error path Commit 7c75bde329d7 ("usb: musb: musb_dsps: request_irq() after initializing musb") has inverted the calls to dsps_setup_optional_vbus_irq() and dsps_create_musb_pdev() | ||
| CVE-2021-47435 | — | < 5.14.21-150400.24.122.2 | 5.14.21-150400.24.122.2 | May 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: dm: fix mempool NULL pointer race when completing IO dm_io_dec_pending() calls end_io_acct() first and will then dec md in-flight pending count. But if a task is swapping DM table at same time this can result i | ||
| CVE-2021-47434 | — | < 5.14.21-150400.24.122.2 | 5.14.21-150400.24.122.2 | May 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: xhci: Fix command ring pointer corruption while aborting a command The command ring pointer is located at [6:63] bits of the command ring control register (CRCR). All the control bits like command stop, abort a | ||
| CVE-2021-47433 | — | < 5.14.21-150400.24.122.2 | 5.14.21-150400.24.122.2 | May 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: btrfs: fix abort logic in btrfs_replace_file_extents Error injection testing uncovered a case where we'd end up with a corrupt file system with a missing extent in the middle of a file. This occurs because the | ||
| CVE-2023-52878 | — | < 5.14.21-150400.24.122.2 | 5.14.21-150400.24.122.2 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: can: dev: can_put_echo_skb(): don't crash kernel if can_priv::echo_skb is accessed out of bounds If the "struct can_priv::echoo_skb" is accessed out of bounds, this would cause a kernel crash. Instead, issue a | ||
| CVE-2023-52877 | — | < 5.14.21-150400.24.122.2 | 5.14.21-150400.24.122.2 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: usb: typec: tcpm: Fix NULL pointer dereference in tcpm_pd_svdm() It is possible that typec_register_partner() returns ERR_PTR on failure. When port->partner is an error, a NULL pointer dereference may occur as | ||
| CVE-2023-52876 | — | < 5.14.21-150400.24.122.2 | 5.14.21-150400.24.122.2 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: clk-mt7629-eth: Add check for mtk_alloc_clk_data Add the check for the return value of mtk_alloc_clk_data() in order to avoid NULL pointer dereference. | ||
| CVE-2023-52875 | — | < 5.14.21-150400.24.122.2 | 5.14.21-150400.24.122.2 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: clk-mt2701: Add check for mtk_alloc_clk_data Add the check for the return value of mtk_alloc_clk_data() in order to avoid NULL pointer dereference. | ||
| CVE-2023-52873 | — | < 5.14.21-150400.24.122.2 | 5.14.21-150400.24.122.2 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: clk-mt6779: Add check for mtk_alloc_clk_data Add the check for the return value of mtk_alloc_clk_data() in order to avoid NULL pointer dereference. | ||
| CVE-2023-52872 | — | < 5.14.21-150400.24.122.2 | 5.14.21-150400.24.122.2 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: tty: n_gsm: fix race condition in status line change on dead connections gsm_cleanup_mux() cleans up the gsm by closing all DLCIs, stopping all timers, removing the virtual tty devices and clearing the data que | ||
| CVE-2023-52871 | — | < 5.14.21-150400.24.122.2 | 5.14.21-150400.24.122.2 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: soc: qcom: llcc: Handle a second device without data corruption Usually there is only one llcc device. But if there were a second, even a failed probe call would modify the global drv_data pointer. So check if | ||
| CVE-2023-52870 | — | < 5.14.21-150400.24.122.2 | 5.14.21-150400.24.122.2 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: clk-mt6765: Add check for mtk_alloc_clk_data Add the check for the return value of mtk_alloc_clk_data() in order to avoid NULL pointer dereference. | ||
| CVE-2023-52868 | — | < 5.14.21-150400.24.122.2 | 5.14.21-150400.24.122.2 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: thermal: core: prevent potential string overflow The dev->id value comes from ida_alloc() so it's a number between zero and INT_MAX. If it's too high then these sprintf()s will overflow. |
- CVE-2021-47443May 22, 2024affected < 5.14.21-150400.24.122.2fixed 5.14.21-150400.24.122.2
In the Linux kernel, the following vulnerability has been resolved: NFC: digital: fix possible memory leak in digital_tg_listen_mdaa() 'params' is allocated in digital_tg_listen_mdaa(), but not free when digital_send_cmd() failed, which will cause memory leak. Fix it by freeing
- CVE-2021-47442May 22, 2024affected < 5.14.21-150400.24.122.2fixed 5.14.21-150400.24.122.2
In the Linux kernel, the following vulnerability has been resolved: NFC: digital: fix possible memory leak in digital_in_send_sdd_req() 'skb' is allocated in digital_in_send_sdd_req(), but not free when digital_in_send_cmd() failed, which will cause memory leak. Fix it by freei
- CVE-2021-47441May 22, 2024affected < 5.14.21-150400.24.122.2fixed 5.14.21-150400.24.122.2
In the Linux kernel, the following vulnerability has been resolved: mlxsw: thermal: Fix out-of-bounds memory accesses Currently, mlxsw allows cooling states to be set above the maximum cooling state supported by the driver: # cat /sys/class/thermal/thermal_zone2/cdev0/type m
- CVE-2021-47440May 22, 2024affected < 5.14.21-150400.24.122.2fixed 5.14.21-150400.24.122.2
In the Linux kernel, the following vulnerability has been resolved: net: encx24j600: check error in devm_regmap_init_encx24j600 devm_regmap_init may return error which caused by like out of memory, this will results in null pointer dereference later when reading or writing regi
- CVE-2021-47439May 22, 2024affected < 5.14.21-150400.24.122.2fixed 5.14.21-150400.24.122.2
In the Linux kernel, the following vulnerability has been resolved: net: dsa: microchip: Added the condition for scheduling ksz_mib_read_work When the ksz module is installed and removed using rmmod, kernel crashes with null pointer dereferrence error. During rmmod, ksz_switch_
- CVE-2021-47438May 22, 2024affected < 5.14.21-150400.24.122.2fixed 5.14.21-150400.24.122.2
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix memory leak in mlx5_core_destroy_cq() error path Prior to this patch in case mlx5_core_destroy_cq() failed it returns without completing all destroy operations and that leads to memory leak. Inst
- CVE-2021-47437May 22, 2024affected < 5.14.21-150400.24.122.2fixed 5.14.21-150400.24.122.2
In the Linux kernel, the following vulnerability has been resolved: iio: adis16475: fix deadlock on frequency set With commit 39c024b51b560 ("iio: adis16475: improve sync scale mode handling"), two deadlocks were introduced: 1) The call to 'adis_write_reg_16()' was not changed
- CVE-2021-47436May 22, 2024affected < 5.14.21-150400.24.122.2fixed 5.14.21-150400.24.122.2
In the Linux kernel, the following vulnerability has been resolved: usb: musb: dsps: Fix the probe error path Commit 7c75bde329d7 ("usb: musb: musb_dsps: request_irq() after initializing musb") has inverted the calls to dsps_setup_optional_vbus_irq() and dsps_create_musb_pdev()
- CVE-2021-47435May 22, 2024affected < 5.14.21-150400.24.122.2fixed 5.14.21-150400.24.122.2
In the Linux kernel, the following vulnerability has been resolved: dm: fix mempool NULL pointer race when completing IO dm_io_dec_pending() calls end_io_acct() first and will then dec md in-flight pending count. But if a task is swapping DM table at same time this can result i
- CVE-2021-47434May 22, 2024affected < 5.14.21-150400.24.122.2fixed 5.14.21-150400.24.122.2
In the Linux kernel, the following vulnerability has been resolved: xhci: Fix command ring pointer corruption while aborting a command The command ring pointer is located at [6:63] bits of the command ring control register (CRCR). All the control bits like command stop, abort a
- CVE-2021-47433May 22, 2024affected < 5.14.21-150400.24.122.2fixed 5.14.21-150400.24.122.2
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix abort logic in btrfs_replace_file_extents Error injection testing uncovered a case where we'd end up with a corrupt file system with a missing extent in the middle of a file. This occurs because the
- CVE-2023-52878May 21, 2024affected < 5.14.21-150400.24.122.2fixed 5.14.21-150400.24.122.2
In the Linux kernel, the following vulnerability has been resolved: can: dev: can_put_echo_skb(): don't crash kernel if can_priv::echo_skb is accessed out of bounds If the "struct can_priv::echoo_skb" is accessed out of bounds, this would cause a kernel crash. Instead, issue a
- CVE-2023-52877May 21, 2024affected < 5.14.21-150400.24.122.2fixed 5.14.21-150400.24.122.2
In the Linux kernel, the following vulnerability has been resolved: usb: typec: tcpm: Fix NULL pointer dereference in tcpm_pd_svdm() It is possible that typec_register_partner() returns ERR_PTR on failure. When port->partner is an error, a NULL pointer dereference may occur as
- CVE-2023-52876May 21, 2024affected < 5.14.21-150400.24.122.2fixed 5.14.21-150400.24.122.2
In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: clk-mt7629-eth: Add check for mtk_alloc_clk_data Add the check for the return value of mtk_alloc_clk_data() in order to avoid NULL pointer dereference.
- CVE-2023-52875May 21, 2024affected < 5.14.21-150400.24.122.2fixed 5.14.21-150400.24.122.2
In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: clk-mt2701: Add check for mtk_alloc_clk_data Add the check for the return value of mtk_alloc_clk_data() in order to avoid NULL pointer dereference.
- CVE-2023-52873May 21, 2024affected < 5.14.21-150400.24.122.2fixed 5.14.21-150400.24.122.2
In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: clk-mt6779: Add check for mtk_alloc_clk_data Add the check for the return value of mtk_alloc_clk_data() in order to avoid NULL pointer dereference.
- CVE-2023-52872May 21, 2024affected < 5.14.21-150400.24.122.2fixed 5.14.21-150400.24.122.2
In the Linux kernel, the following vulnerability has been resolved: tty: n_gsm: fix race condition in status line change on dead connections gsm_cleanup_mux() cleans up the gsm by closing all DLCIs, stopping all timers, removing the virtual tty devices and clearing the data que
- CVE-2023-52871May 21, 2024affected < 5.14.21-150400.24.122.2fixed 5.14.21-150400.24.122.2
In the Linux kernel, the following vulnerability has been resolved: soc: qcom: llcc: Handle a second device without data corruption Usually there is only one llcc device. But if there were a second, even a failed probe call would modify the global drv_data pointer. So check if
- CVE-2023-52870May 21, 2024affected < 5.14.21-150400.24.122.2fixed 5.14.21-150400.24.122.2
In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: clk-mt6765: Add check for mtk_alloc_clk_data Add the check for the return value of mtk_alloc_clk_data() in order to avoid NULL pointer dereference.
- CVE-2023-52868May 21, 2024affected < 5.14.21-150400.24.122.2fixed 5.14.21-150400.24.122.2
In the Linux kernel, the following vulnerability has been resolved: thermal: core: prevent potential string overflow The dev->id value comes from ida_alloc() so it's a number between zero and INT_MAX. If it's too high then these sprintf()s will overflow.
Page 6 of 35