VYPR

rpm package

opensuse/kernel-obs-build&distro=openSUSE Leap 15.5

pkg:rpm/opensuse/kernel-obs-build&distro=openSUSE%20Leap%2015.5

Vulnerabilities (1,895)

  • CVE-2023-52907Aug 21, 2024
    affected < 5.14.21-150500.55.80.1fixed 5.14.21-150500.55.80.1

    In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: Wait for out_urb's completion in pn533_usb_send_frame() Fix a use-after-free that occurs in hcd when in_urb sent from pn533_usb_send_frame() is completed earlier than out_urb. Its callback frees the

  • CVE-2023-52906Aug 21, 2024
    affected < 5.14.21-150500.55.80.1fixed 5.14.21-150500.55.80.1

    In the Linux kernel, the following vulnerability has been resolved: net/sched: act_mpls: Fix warning during failed attribute validation The 'TCA_MPLS_LABEL' attribute is of 'NLA_U32' type, but has a validation type of 'NLA_VALIDATE_FUNCTION'. This is an invalid combination acco

  • CVE-2023-52905Aug 21, 2024
    affected < 5.14.21-150500.55.80.1fixed 5.14.21-150500.55.80.1

    In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: Fix resource leakage in VF driver unbind resources allocated like mcam entries to support the Ntuple feature and hash tables for the tc feature are not getting freed in driver unbind. This patch f

  • CVE-2023-52904Aug 21, 2024
    affected < 5.14.21-150500.55.80.1fixed 5.14.21-150500.55.80.1

    In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix possible NULL pointer dereference in snd_usb_pcm_has_fixed_rate() The subs function argument may be NULL, so do not use it before the NULL check.

  • CVE-2023-52901Aug 21, 2024
    affected < 5.14.21-150500.55.80.1fixed 5.14.21-150500.55.80.1

    In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Check endpoint is valid before dereferencing it When the host controller is not responding, all URBs queued to all endpoints need to be killed. This can cause a kernel panic if we dereference an inva

  • CVE-2023-52900Aug 21, 2024
    affected < 5.14.21-150500.55.80.1fixed 5.14.21-150500.55.80.1

    In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix general protection fault in nilfs_btree_insert() If nilfs2 reads a corrupted disk image and tries to reads a b-tree node block by calling __nilfs_btree_get_block() against an invalid virtual block a

  • CVE-2023-52899Aug 21, 2024
    affected < 5.14.21-150500.55.80.1fixed 5.14.21-150500.55.80.1

    In the Linux kernel, the following vulnerability has been resolved: Add exception protection processing for vd in axi_chan_handle_err function Since there is no protection for vd, a kernel panic will be triggered here in exceptional cases. You can refer to the processing of ax

  • CVE-2023-52898Aug 21, 2024
    affected < 5.14.21-150500.55.80.1fixed 5.14.21-150500.55.80.1

    In the Linux kernel, the following vulnerability has been resolved: xhci: Fix null pointer dereference when host dies Make sure xhci_free_dev() and xhci_kill_endpoint_urbs() do not race and cause null pointer dereference when host suddenly dies. Usb core may call xhci_free_dev

  • CVE-2023-52896Aug 21, 2024
    affected < 5.14.21-150500.55.80.1fixed 5.14.21-150500.55.80.1

    In the Linux kernel, the following vulnerability has been resolved: btrfs: fix race between quota rescan and disable leading to NULL pointer deref If we have one task trying to start the quota rescan worker while another one is trying to disable quotas, we can end up hitting a

  • CVE-2023-52894Aug 21, 2024
    affected < 5.14.21-150500.55.80.1fixed 5.14.21-150500.55.80.1

    In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_ncm: fix potential NULL ptr deref in ncm_bitrate() In Google internal bug 265639009 we've received an (as yet) unreproducible crash report from an aarch64 GKI 5.10.149-android13 running device.

  • CVE-2023-52893Aug 21, 2024
    affected < 5.14.21-150500.55.80.1fixed 5.14.21-150500.55.80.1

    In the Linux kernel, the following vulnerability has been resolved: gsmi: fix null-deref in gsmi_get_variable We can get EFI variables without fetching the attribute, so we must allow for that in gsmi. commit 859748255b43 ("efi: pstore: Omit efivars caching EFI varstore access

  • CVE-2022-48899Aug 21, 2024
    affected < 5.14.21-150500.55.80.1fixed 5.14.21-150500.55.80.1

    In the Linux kernel, the following vulnerability has been resolved: drm/virtio: Fix GEM handle creation UAF Userspace can guess the handle value and try to race GEM object creation with handle close, resulting in a use-after-free if we dereference the object after dropping the

  • CVE-2022-48898Aug 21, 2024
    affected < 5.14.21-150500.55.80.1fixed 5.14.21-150500.55.80.1

    In the Linux kernel, the following vulnerability has been resolved: drm/msm/dp: do not complete dp_aux_cmd_fifo_tx() if irq is not for aux transfer There are 3 possible interrupt sources are handled by DP controller, HPDstatus, Controller state changes and Aux read/write transa

  • CVE-2022-48896Aug 21, 2024
    affected < 5.14.21-150500.55.80.1fixed 5.14.21-150500.55.80.1

    In the Linux kernel, the following vulnerability has been resolved: ixgbe: fix pci device refcount leak As the comment of pci_get_domain_bus_and_slot() says, it returns a PCI device with refcount incremented, when finish using it, the caller must decrement the reference count b

  • CVE-2022-48893Aug 21, 2024
    affected < 5.14.21-150500.55.80.1fixed 5.14.21-150500.55.80.1

    In the Linux kernel, the following vulnerability has been resolved: drm/i915/gt: Cleanup partial engine discovery failures If we abort driver initialisation in the middle of gt/engine discovery, some engines will be fully setup and some not. Those incompletely setup engines onl

  • CVE-2022-48891Aug 21, 2024
    affected < 5.14.21-150500.55.80.1fixed 5.14.21-150500.55.80.1

    In the Linux kernel, the following vulnerability has been resolved: regulator: da9211: Use irq handler when ready If the system does not come from reset (like when it is kexec()), the regulator might have an IRQ waiting for us. If we enable the IRQ handler before its structure

  • CVE-2022-48890Aug 21, 2024
    affected < 5.14.21-150500.55.80.1fixed 5.14.21-150500.55.80.1

    In the Linux kernel, the following vulnerability has been resolved: scsi: storvsc: Fix swiotlb bounce buffer leak in confidential VM storvsc_queuecommand() maps the scatter/gather list using scsi_dma_map(), which in a confidential VM allocates swiotlb bounce buffers. If the I/O

  • CVE-2022-48889Aug 21, 2024
    affected < 5.14.21-150500.55.80.1fixed 5.14.21-150500.55.80.1

    In the Linux kernel, the following vulnerability has been resolved: ASoC: Intel: sof-nau8825: fix module alias overflow The maximum name length for a platform_device_id entry is 20 characters including the trailing NUL byte. The sof_nau8825.c file exceeds that, which causes an

  • CVE-2022-48888Aug 21, 2024
    affected < 5.14.21-150500.55.80.1fixed 5.14.21-150500.55.80.1

    In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: Fix memory leak in msm_mdss_parse_data_bus_icc_path of_icc_get() alloc resources for path1, we should release it when not need anymore. Early return when IS_ERR_OR_NULL(path0) may leak path1. Defer

  • CVE-2022-48887Aug 21, 2024
    affected < 5.14.21-150500.55.80.1fixed 5.14.21-150500.55.80.1

    In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Remove rcu locks from user resources User resource lookups used rcu to avoid two extra atomics. Unfortunately the rcu paths were buggy and it was easy to make the driver crash by submitting command

Page 4 of 95