rpm package

opensuse/kernel-obs-build&distro=openSUSE Leap 15.5

pkg:rpm/opensuse/kernel-obs-build&distro=openSUSE%20Leap%2015.5

Vulnerabilities (1,895)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2024-2201	Med	4.7	< 5.14.21-150500.55.59.1	5.14.21-150500.55.59.1	Dec 19, 2024	A cross-privilege Spectre v2 vulnerability allows attackers to bypass all deployed mitigations, including the recent Fine(IBT), and to leak arbitrary Linux kernel memory on Intel systems.
CVE-2023-4134		—	< 5.14.21-150500.55.28.1	5.14.21-150500.55.28.1	Nov 14, 2024	A use-after-free vulnerability was found in the cyttsp4_core driver in the Linux kernel. This issue occurs in the device cleanup routine due to a possible rearming of the watchdog_timer from the workqueue. This could allow a local user to crash the system, causing a denial of ser
CVE-2024-44947		—	< 5.14.21-150500.55.80.1	5.14.21-150500.55.80.1	Sep 2, 2024	In the Linux kernel, the following vulnerability has been resolved: fuse: Initialize beyond-EOF page contents before setting uptodate fuse_notify_store(), unlike fuse_do_readpage(), does not enable page zeroing (because it can be used to change partial page contents). So fuse_
CVE-2024-44939		—	< 5.14.21-150500.55.80.1	5.14.21-150500.55.80.1	Aug 26, 2024	In the Linux kernel, the following vulnerability has been resolved: jfs: fix null ptr deref in dtInsertEntry [syzbot reported] general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: null-ptr-deref in range [0x0000
CVE-2024-44938		—	< 5.14.21-150500.55.80.1	5.14.21-150500.55.80.1	Aug 26, 2024	In the Linux kernel, the following vulnerability has been resolved: jfs: Fix shift-out-of-bounds in dbDiscardAG When searching for the next smaller log2 block, BLKSTOL2() returned 0, causing shift exponent -1 to be negative. This patch fixes the issue by exiting the loop direc
CVE-2024-43893	Med	5.5	< 5.14.21-150500.55.80.1	5.14.21-150500.55.80.1	Aug 26, 2024	In the Linux kernel, the following vulnerability has been resolved: serial: core: check uartclk for zero to avoid divide by zero Calling ioctl TIOCSSERIAL with an invalid baud_base can result in uartclk being zero, which will result in a divide by zero error in uart_get_divisor
CVE-2024-43889	Med	5.5	< 5.14.21-150500.55.80.1	5.14.21-150500.55.80.1	Aug 26, 2024	In the Linux kernel, the following vulnerability has been resolved: padata: Fix possible divide-by-0 panic in padata_mt_helper() We are hit with a not easily reproducible divide-by-0 panic in padata.c at bootup time. [ 10.017908] Oops: divide error: 0000 1 PREEMPT SMP NOPT
CVE-2024-43909		—	< 5.14.21-150500.55.80.1	5.14.21-150500.55.80.1	Aug 26, 2024	In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/pm: Fix the null pointer dereference for smu7 optimize the code to avoid pass a null pointer (hwmgr->backend) to function smu7_update_edc_leakage_table.
CVE-2024-43908		—	< 5.14.21-150500.55.80.1	5.14.21-150500.55.80.1	Aug 26, 2024	In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix the null pointer dereference to ras_manager Check ras_manager before using it
CVE-2024-43907		—	< 5.14.21-150500.55.80.1	5.14.21-150500.55.80.1	Aug 26, 2024	In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/pm: Fix the null pointer dereference in apply_state_adjust_rules Check the pointer value to fix potential null pointer dereference
CVE-2024-43905		—	< 5.14.21-150500.55.80.1	5.14.21-150500.55.80.1	Aug 26, 2024	In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Fix the null pointer dereference for vega10_hwmgr Check return value and conduct null pointer handling to avoid null pointer dereference.
CVE-2024-43904		—	< 5.14.21-150500.55.80.1	5.14.21-150500.55.80.1	Aug 26, 2024	In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add null checks for 'stream' and 'plane' before dereferencing This commit adds null checks for the 'stream' and 'plane' variables in the dcn30_apply_idle_power_optimizations function. These var
CVE-2024-43902		—	< 5.14.21-150500.55.80.1	5.14.21-150500.55.80.1	Aug 26, 2024	In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add null checker before passing variables Checks null pointer before passing variables to functions. This fixes 3 NULL_RETURNS issues reported by Coverity.
CVE-2024-43900		—	< 5.14.21-150500.55.80.1	5.14.21-150500.55.80.1	Aug 26, 2024	In the Linux kernel, the following vulnerability has been resolved: media: xc2028: avoid use-after-free in load_firmware_cb() syzkaller reported use-after-free in load_firmware_cb() [1]. The reason is because the module allocated a struct tuner in tuner_probe(), and then the mo
CVE-2024-43899		—	< 5.14.21-150500.55.80.1	5.14.21-150500.55.80.1	Aug 26, 2024	In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix null pointer deref in dcn20_resource.c Fixes a hang thats triggered when MPV is run on a DCN401 dGPU: mpv --hwdec=vaapi --vo=gpu --hwdec-codecs=all and then enabling fullscreen playback (
CVE-2024-43894		—	< 5.14.21-150500.55.80.1	5.14.21-150500.55.80.1	Aug 26, 2024	In the Linux kernel, the following vulnerability has been resolved: drm/client: fix null pointer dereference in drm_client_modeset_probe In drm_client_modeset_probe(), the return value of drm_mode_duplicate() is assigned to modeset->mode, which will lead to a possible NULL poin
CVE-2024-43892		—	< 5.14.21-150500.55.80.1	5.14.21-150500.55.80.1	Aug 26, 2024	In the Linux kernel, the following vulnerability has been resolved: memcg: protect concurrent access to mem_cgroup_idr Commit 73f576c04b94 ("mm: memcontrol: fix cgroup creation failure after many small jobs") decoupled the memcg IDs from the CSS ID space to fix the cgroup creat
CVE-2024-43884		—	< 5.14.21-150500.55.80.1	5.14.21-150500.55.80.1	Aug 26, 2024	In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Add error handling to pair_device() hci_conn_params_add() never checks for a NULL value and could lead to a NULL pointer dereference causing a crash. Fixed by adding error handling in the func
CVE-2024-43883		—	< 5.14.21-150500.55.80.1	5.14.21-150500.55.80.1	Aug 23, 2024	In the Linux kernel, the following vulnerability has been resolved: usb: vhci-hcd: Do not drop references before new references are gained At a few places the driver carries stale pointers to references that can still be used. Make sure that does not happen. This strictly speak
CVE-2022-48941		—	< 5.14.21-150500.55.80.1	5.14.21-150500.55.80.1	Aug 22, 2024	In the Linux kernel, the following vulnerability has been resolved: ice: fix concurrent reset and removal of VFs Commit c503e63200c6 ("ice: Stop processing VF messages during teardown") introduced a driver state flag, ICE_VF_DEINIT_IN_PROGRESS, which is intended to prevent some

CVE-2024-2201MedDec 19, 2024
affected < 5.14.21-150500.55.59.1fixed 5.14.21-150500.55.59.1
A cross-privilege Spectre v2 vulnerability allows attackers to bypass all deployed mitigations, including the recent Fine(IBT), and to leak arbitrary Linux kernel memory on Intel systems.
CVE-2023-4134Nov 14, 2024
affected < 5.14.21-150500.55.28.1fixed 5.14.21-150500.55.28.1
A use-after-free vulnerability was found in the cyttsp4_core driver in the Linux kernel. This issue occurs in the device cleanup routine due to a possible rearming of the watchdog_timer from the workqueue. This could allow a local user to crash the system, causing a denial of ser
CVE-2024-44947Sep 2, 2024
affected < 5.14.21-150500.55.80.1fixed 5.14.21-150500.55.80.1
In the Linux kernel, the following vulnerability has been resolved: fuse: Initialize beyond-EOF page contents before setting uptodate fuse_notify_store(), unlike fuse_do_readpage(), does not enable page zeroing (because it can be used to change partial page contents). So fuse_
CVE-2024-44939Aug 26, 2024
affected < 5.14.21-150500.55.80.1fixed 5.14.21-150500.55.80.1
In the Linux kernel, the following vulnerability has been resolved: jfs: fix null ptr deref in dtInsertEntry [syzbot reported] general protection fault, probably for non-canonical address 0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: null-ptr-deref in range [0x0000
CVE-2024-44938Aug 26, 2024
affected < 5.14.21-150500.55.80.1fixed 5.14.21-150500.55.80.1
In the Linux kernel, the following vulnerability has been resolved: jfs: Fix shift-out-of-bounds in dbDiscardAG When searching for the next smaller log2 block, BLKSTOL2() returned 0, causing shift exponent -1 to be negative. This patch fixes the issue by exiting the loop direc
CVE-2024-43893MedAug 26, 2024
affected < 5.14.21-150500.55.80.1fixed 5.14.21-150500.55.80.1
In the Linux kernel, the following vulnerability has been resolved: serial: core: check uartclk for zero to avoid divide by zero Calling ioctl TIOCSSERIAL with an invalid baud_base can result in uartclk being zero, which will result in a divide by zero error in uart_get_divisor
CVE-2024-43889MedAug 26, 2024
affected < 5.14.21-150500.55.80.1fixed 5.14.21-150500.55.80.1
In the Linux kernel, the following vulnerability has been resolved: padata: Fix possible divide-by-0 panic in padata_mt_helper() We are hit with a not easily reproducible divide-by-0 panic in padata.c at bootup time. [ 10.017908] Oops: divide error: 0000 1 PREEMPT SMP NOPT
CVE-2024-43909Aug 26, 2024
affected < 5.14.21-150500.55.80.1fixed 5.14.21-150500.55.80.1
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/pm: Fix the null pointer dereference for smu7 optimize the code to avoid pass a null pointer (hwmgr->backend) to function smu7_update_edc_leakage_table.
CVE-2024-43908Aug 26, 2024
affected < 5.14.21-150500.55.80.1fixed 5.14.21-150500.55.80.1
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix the null pointer dereference to ras_manager Check ras_manager before using it
CVE-2024-43907Aug 26, 2024
affected < 5.14.21-150500.55.80.1fixed 5.14.21-150500.55.80.1
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/pm: Fix the null pointer dereference in apply_state_adjust_rules Check the pointer value to fix potential null pointer dereference
CVE-2024-43905Aug 26, 2024
affected < 5.14.21-150500.55.80.1fixed 5.14.21-150500.55.80.1
In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Fix the null pointer dereference for vega10_hwmgr Check return value and conduct null pointer handling to avoid null pointer dereference.
CVE-2024-43904Aug 26, 2024
affected < 5.14.21-150500.55.80.1fixed 5.14.21-150500.55.80.1
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add null checks for 'stream' and 'plane' before dereferencing This commit adds null checks for the 'stream' and 'plane' variables in the dcn30_apply_idle_power_optimizations function. These var
CVE-2024-43902Aug 26, 2024
affected < 5.14.21-150500.55.80.1fixed 5.14.21-150500.55.80.1
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add null checker before passing variables Checks null pointer before passing variables to functions. This fixes 3 NULL_RETURNS issues reported by Coverity.
CVE-2024-43900Aug 26, 2024
affected < 5.14.21-150500.55.80.1fixed 5.14.21-150500.55.80.1
In the Linux kernel, the following vulnerability has been resolved: media: xc2028: avoid use-after-free in load_firmware_cb() syzkaller reported use-after-free in load_firmware_cb() [1]. The reason is because the module allocated a struct tuner in tuner_probe(), and then the mo
CVE-2024-43899Aug 26, 2024
affected < 5.14.21-150500.55.80.1fixed 5.14.21-150500.55.80.1
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix null pointer deref in dcn20_resource.c Fixes a hang thats triggered when MPV is run on a DCN401 dGPU: mpv --hwdec=vaapi --vo=gpu --hwdec-codecs=all and then enabling fullscreen playback (
CVE-2024-43894Aug 26, 2024
affected < 5.14.21-150500.55.80.1fixed 5.14.21-150500.55.80.1
In the Linux kernel, the following vulnerability has been resolved: drm/client: fix null pointer dereference in drm_client_modeset_probe In drm_client_modeset_probe(), the return value of drm_mode_duplicate() is assigned to modeset->mode, which will lead to a possible NULL poin
CVE-2024-43892Aug 26, 2024
affected < 5.14.21-150500.55.80.1fixed 5.14.21-150500.55.80.1
In the Linux kernel, the following vulnerability has been resolved: memcg: protect concurrent access to mem_cgroup_idr Commit 73f576c04b94 ("mm: memcontrol: fix cgroup creation failure after many small jobs") decoupled the memcg IDs from the CSS ID space to fix the cgroup creat
CVE-2024-43884Aug 26, 2024
affected < 5.14.21-150500.55.80.1fixed 5.14.21-150500.55.80.1
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Add error handling to pair_device() hci_conn_params_add() never checks for a NULL value and could lead to a NULL pointer dereference causing a crash. Fixed by adding error handling in the func
CVE-2024-43883Aug 23, 2024
affected < 5.14.21-150500.55.80.1fixed 5.14.21-150500.55.80.1
In the Linux kernel, the following vulnerability has been resolved: usb: vhci-hcd: Do not drop references before new references are gained At a few places the driver carries stale pointers to references that can still be used. Make sure that does not happen. This strictly speak
CVE-2022-48941Aug 22, 2024
affected < 5.14.21-150500.55.80.1fixed 5.14.21-150500.55.80.1
In the Linux kernel, the following vulnerability has been resolved: ice: fix concurrent reset and removal of VFs Commit c503e63200c6 ("ice: Stop processing VF messages during teardown") introduced a driver state flag, ICE_VF_DEINIT_IN_PROGRESS, which is intended to prevent some

Page 1 of 95