VYPR

rpm package

opensuse/kernel-default-base&distro=openSUSE Leap 15.5

pkg:rpm/opensuse/kernel-default-base&distro=openSUSE%20Leap%2015.5

Vulnerabilities (1,895)

  • CVE-2023-52489Feb 29, 2024
    affected < 5.14.21-150500.55.80.2.150500.6.35.6fixed 5.14.21-150500.55.80.2.150500.6.35.6

    In the Linux kernel, the following vulnerability has been resolved: mm/sparsemem: fix race in accessing memory_section->usage The below race is observed on a PFN which falls into the device memory region with the system memory configuration where PFN's are such that [ZONE_NORMA

  • CVE-2023-52488Feb 29, 2024
    affected < 5.14.21-150500.55.62.2.150500.6.27.2fixed 5.14.21-150500.55.62.2.150500.6.27.2

    In the Linux kernel, the following vulnerability has been resolved: serial: sc16is7xx: convert from _raw_ to _noinc_ regmap functions for FIFO The SC16IS7XX IC supports a burst mode to access the FIFOs where the initial register address is sent ($00), followed by all the FIFO d

  • CVE-2023-52486Feb 29, 2024
    affected < 5.14.21-150500.55.59.1.150500.6.25.7fixed 5.14.21-150500.55.59.1.150500.6.25.7

    In the Linux kernel, the following vulnerability has been resolved: drm: Don't unref the same fb many times by mistake due to deadlock handling If we get a deadlock after the fb lookup in drm_mode_page_flip_ioctl() we proceed to unref the fb and then retry the whole thing from

  • CVE-2024-26607Feb 29, 2024
    affected < 5.14.21-150500.55.59.1.150500.6.25.7fixed 5.14.21-150500.55.59.1.150500.6.25.7

    In the Linux kernel, the following vulnerability has been resolved: drm/bridge: sii902x: Fix probing race issue A null pointer dereference crash has been observed rarely on TI platforms using sii9022 bridge: [ 53.271356] sii902x_get_edid+0x34/0x70 [sii902x] [ 53.276066]

  • CVE-2023-52484Feb 29, 2024
    affected < 5.14.21-150500.55.59.1.150500.6.25.7fixed 5.14.21-150500.55.59.1.150500.6.25.7

    In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu-v3: Fix soft lockup triggered by arm_smmu_mm_invalidate_range When running an SVA case, the following soft lockup is triggered: -------------------------------------------------------------------

  • CVE-2023-52482Feb 29, 2024
    affected < 5.14.21-150500.55.59.1.150500.6.25.7fixed 5.14.21-150500.55.59.1.150500.6.25.7

    In the Linux kernel, the following vulnerability has been resolved: x86/srso: Add SRSO mitigation for Hygon processors Add mitigation for the speculative return stack overflow vulnerability which exists on Hygon processors too.

  • CVE-2023-52481Feb 29, 2024
    affected < 5.14.21-150500.55.59.1.150500.6.25.7fixed 5.14.21-150500.55.59.1.150500.6.25.7

    In the Linux kernel, the following vulnerability has been resolved: arm64: errata: Add Cortex-A520 speculative unprivileged load workaround Implement the workaround for ARM Cortex-A520 erratum 2966298. On an affected Cortex-A520 core, a speculatively executed unprivileged load

  • CVE-2023-52478Feb 29, 2024
    affected < 5.14.21-150500.55.52.1.150500.6.23.1fixed 5.14.21-150500.55.52.1.150500.6.23.1

    In the Linux kernel, the following vulnerability has been resolved: HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect hidpp_connect_event() has *four* time-of-check vs time-of-use (TOCTOU) races when it races with itself. hidpp_connect_event() primarily runs fro

  • CVE-2023-52477Feb 29, 2024
    affected < 5.14.21-150500.55.59.1.150500.6.25.7fixed 5.14.21-150500.55.59.1.150500.6.25.7

    In the Linux kernel, the following vulnerability has been resolved: usb: hub: Guard against accesses to uninitialized BOS descriptors Many functions in drivers/usb/core/hub.c and drivers/usb/core/hub.h access fields inside udev->bos without checking if it was allocated and init

  • CVE-2023-52476Feb 29, 2024
    affected < 5.14.21-150500.55.59.1.150500.6.25.7fixed 5.14.21-150500.55.59.1.150500.6.25.7

    In the Linux kernel, the following vulnerability has been resolved: perf/x86/lbr: Filter vsyscall addresses We found that a panic can occur when a vsyscall is made while LBR sampling is active. If the vsyscall is interrupted (NMI) for perf sampling, this call sequence can occur

  • CVE-2023-52475Feb 29, 2024
    affected < 5.14.21-150500.55.52.1.150500.6.23.1fixed 5.14.21-150500.55.52.1.150500.6.23.1

    In the Linux kernel, the following vulnerability has been resolved: Input: powermate - fix use-after-free in powermate_config_complete syzbot has found a use-after-free bug [1] in the powermate driver. This happens when the device is disconnected, which leads to a memory free f

  • CVE-2023-51779HigFeb 29, 2024
    affected < 5.14.21-150500.55.44.1.150500.6.19.2fixed 5.14.21-150500.55.44.1.150500.6.19.2

    bt_sock_recvmsg in net/bluetooth/af_bluetooth.c in the Linux kernel through 6.6.8 has a use-after-free because of a bt_sock_ioctl race condition.

  • CVE-2021-47047Feb 28, 2024
    affected < 5.14.21-150500.55.62.2.150500.6.27.2fixed 5.14.21-150500.55.62.2.150500.6.27.2

    In the Linux kernel, the following vulnerability has been resolved: spi: spi-zynqmp-gqspi: return -ENOMEM if dma_map_single fails The spi controller supports 44-bit address space on AXI in DMA mode, so set dma_addr_t width to 44-bit to avoid using a swiotlb mapping. In addition

  • CVE-2021-46936Feb 27, 2024
    affected < 5.14.21-150500.55.59.1.150500.6.25.7fixed 5.14.21-150500.55.59.1.150500.6.25.7

    In the Linux kernel, the following vulnerability has been resolved: net: fix use-after-free in tw_timer_handler A real world panic issue was found as follow in Linux 5.4. BUG: unable to handle page fault for address: ffffde49a863de28 PGD 7e6fe62067 P4D 7e6fe62067 PUD 7

  • CVE-2021-46934Feb 27, 2024
    affected < 5.14.21-150500.55.59.1.150500.6.25.7fixed 5.14.21-150500.55.59.1.150500.6.25.7

    In the Linux kernel, the following vulnerability has been resolved: i2c: validate user data in compat ioctl Wrong user data may cause warning in i2c_transfer(), ex: zero msgs. Userspace should not be able to trigger warnings, so this patch adds validation checks for user data i

  • CVE-2021-46933Feb 27, 2024
    affected < 5.14.21-150500.55.59.1.150500.6.25.7fixed 5.14.21-150500.55.59.1.150500.6.25.7

    In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_fs: Clear ffs_eventfd in ffs_data_clear. ffs_data_clear is indirectly called from both ffs_fs_kill_sb and ffs_ep0_release, so it ends up being called twice when userland closes ep0 and then unmou

  • CVE-2021-46932Feb 27, 2024
    affected < 5.14.21-150500.55.52.1.150500.6.23.1fixed 5.14.21-150500.55.52.1.150500.6.23.1

    In the Linux kernel, the following vulnerability has been resolved: Input: appletouch - initialize work before device registration Syzbot has reported warning in __flush_work(). This warning is caused by work->func == NULL, which means missing work initialization. This may hap

  • CVE-2021-46931Feb 27, 2024
    affected < 5.14.21-150500.55.59.1.150500.6.25.7fixed 5.14.21-150500.55.59.1.150500.6.25.7

    In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Wrap the tx reporter dump callback to extract the sq Function mlx5e_tx_reporter_dump_sq() casts its void * argument to struct mlx5e_txqsq *, but in TX-timeout-recovery flow the argument is actually o

  • CVE-2021-46930Feb 27, 2024
    affected < 5.14.21-150500.55.59.1.150500.6.25.7fixed 5.14.21-150500.55.59.1.150500.6.25.7

    In the Linux kernel, the following vulnerability has been resolved: usb: mtu3: fix list_head check warning This is caused by uninitialization of list_head. BUG: KASAN: use-after-free in __list_del_entry_valid+0x34/0xe4 Call trace: dump_backtrace+0x0/0x298 show_stack+0x24/0x34

  • CVE-2021-46929Feb 27, 2024
    affected < 5.14.21-150500.55.59.1.150500.6.25.7fixed 5.14.21-150500.55.59.1.150500.6.25.7

    In the Linux kernel, the following vulnerability has been resolved: sctp: use call_rcu to free endpoint This patch is to delay the endpoint free by calling call_rcu() to fix another use-after-free issue in sctp_sock_dump(): BUG: KASAN: use-after-free in __lock_acquire+0x36d9

Page 82 of 95