opensuse/kernel-syms&distro=openSUSE Leap 15.5

Vulnerabilities (1,895)

• CVE-2021-47188Apr 10, 2024
  affected < 5.14.21-150500.55.62.1fixed 5.14.21-150500.55.62.1

  In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Improve SCSI abort handling The following has been observed on a test setup: WARNING: CPU: 4 PID: 250 at drivers/scsi/ufs/ufshcd.c:2737 ufshcd_queuecommand+0x468/0x65c Call trace: ufshcd_queu

• CVE-2021-47187Apr 10, 2024
  affected < 5.14.21-150500.55.62.1fixed 5.14.21-150500.55.62.1

  In the Linux kernel, the following vulnerability has been resolved: arm64: dts: qcom: msm8998: Fix CPU/L2 idle state latency and residency The entry/exit latency and minimum residency in state for the idle states of MSM8998 were ..bad: first of all, for all of them the timings

• CVE-2021-47186Apr 10, 2024
  affected < 5.14.21-150500.55.73.1fixed 5.14.21-150500.55.73.1

  In the Linux kernel, the following vulnerability has been resolved: tipc: check for null after calling kmemdup kmemdup can return a null pointer so need to check for it, otherwise the null key will be dereferenced later in tipc_crypto_key_xmit as can be seen in the trace [1].

• CVE-2021-47185Apr 10, 2024
  affected < 5.14.21-150500.55.62.1fixed 5.14.21-150500.55.62.1

  In the Linux kernel, the following vulnerability has been resolved: tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc When running ltp testcase(ltp/testcases/kernel/pty/pty04.c) with arm64, there is a soft lockup, which look like this one: Workqueue: events_unbound

• CVE-2021-47184Apr 10, 2024
  affected < 5.14.21-150500.55.62.1fixed 5.14.21-150500.55.62.1

  In the Linux kernel, the following vulnerability has been resolved: i40e: Fix NULL ptr dereference on VSI filter sync Remove the reason of null pointer dereference in sync VSI filters. Added new I40E_VSI_RELEASING flag to signalize deleting and releasing of VSI resources to syn

• CVE-2021-47183Apr 10, 2024
  affected < 5.14.21-150500.55.62.1fixed 5.14.21-150500.55.62.1

  In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix link down processing to address NULL pointer dereference If an FC link down transition while PLOGIs are outstanding to fabric well known addresses, outstanding ABTS requests may result in a NULL

• CVE-2021-47182Apr 10, 2024
  affected < 5.14.21-150500.55.62.1fixed 5.14.21-150500.55.62.1

  In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix scsi_mode_sense() buffer length handling Several problems exist with scsi_mode_sense() buffer length handling: 1) The allocation length field of the MODE SENSE(10) command is 16-bits, occu

• CVE-2021-47181Apr 10, 2024
  affected < 5.14.21-150500.55.62.1fixed 5.14.21-150500.55.62.1

  In the Linux kernel, the following vulnerability has been resolved: usb: musb: tusb6010: check return value after calling platform_get_resource() It will cause null-ptr-deref if platform_get_resource() returns NULL, we need check the return value.

• CVE-2024-26816MedApr 10, 2024
  affected < 5.14.21-150500.55.62.1fixed 5.14.21-150500.55.62.1

  In the Linux kernel, the following vulnerability has been resolved: x86, relocs: Ignore relocations in .notes section When building with CONFIG_XEN_PV=y, .text symbols are emitted into the .notes section so that Xen can find the "startup_xen" entry point. This information is us

• CVE-2024-27437MedApr 5, 2024
  affected < 5.14.21-150500.55.73.1fixed 5.14.21-150500.55.73.1

  In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Disable auto-enable of exclusive INTx IRQ Currently for devices requiring masking at the irqchip for INTx, ie. devices without DisINTx support, the IRQ is enabled in request_irq() and subsequently dis

• CVE-2024-26812MedApr 5, 2024
  affected < 5.14.21-150500.55.80.1fixed 5.14.21-150500.55.80.1

  In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Create persistent INTx handler A vulnerability exists where the eventfd for INTx signaling can be deconfigured, which unregisters the IRQ handler but still allows eventfds to be signaled with a NULL c

• CVE-2024-26814Apr 5, 2024
  affected < 5.14.21-150500.55.73.1fixed 5.14.21-150500.55.73.1

  In the Linux kernel, the following vulnerability has been resolved: vfio/fsl-mc: Block calling interrupt handler without trigger The eventfd_ctx trigger pointer of the vfio_fsl_mc_irq object is initially NULL and may become NULL if the user sets the trigger eventfd to -1. The

• CVE-2024-26813Apr 5, 2024
  affected < 5.14.21-150500.55.73.1fixed 5.14.21-150500.55.73.1

  In the Linux kernel, the following vulnerability has been resolved: vfio/platform: Create persistent IRQ handlers The vfio-platform SET_IRQS ioctl currently allows loopback triggering of an interrupt before a signaling eventfd has been configured by the user, which thereby allo

• CVE-2024-26808Apr 4, 2024
  affected < 5.14.21-150500.55.80.1fixed 5.14.21-150500.55.80.1

  In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechain Remove netdevice from inet/ingress basechain in case NETDEV_UNREGISTER event is reported, otherwise a stale reference to netdevic

• CVE-2024-26787MedApr 4, 2024
  affected < 5.14.21-150500.55.62.1fixed 5.14.21-150500.55.62.1

  In the Linux kernel, the following vulnerability has been resolved: mmc: mmci: stm32: fix DMA API overlapping mappings warning Turning on CONFIG_DMA_API_DEBUG_SG results in the following warning: DMA-API: mmci-pl18x 48220000.mmc: cacheline tracking EEXIST, overlapping mappings

• CVE-2024-26807Apr 4, 2024
  affected < 5.14.21-150500.55.62.1fixed 5.14.21-150500.55.62.1

  In the Linux kernel, the following vulnerability has been resolved: Both cadence-quadspi ->runtime_suspend() and ->runtime_resume() implementations start with: struct cqspi_st *cqspi = dev_get_drvdata(dev); struct spi_controller *host = dev_get_drvdata(dev); This obviously c

• CVE-2024-26805Apr 4, 2024
  affected < 5.14.21-150500.55.62.1fixed 5.14.21-150500.55.62.1

  In the Linux kernel, the following vulnerability has been resolved: netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter syzbot reported the following uninit-value access issue [1]: netlink_to_full_skb() creates a new `skb` and puts the `skb->data` passed as a 1st ar

• CVE-2024-26802Apr 4, 2024
  affected < 5.14.21-150500.55.73.1fixed 5.14.21-150500.55.73.1

  In the Linux kernel, the following vulnerability has been resolved: stmmac: Clear variable when destroying workqueue Currently when suspending driver and stopping workqueue it is checked whether workqueue is not NULL and if so, it is destroyed. Function destroy_workqueue() does

• CVE-2024-26801Apr 4, 2024
  affected < 5.14.21-150500.55.68.1fixed 5.14.21-150500.55.68.1

  In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Avoid potential use-after-free in hci_error_reset While handling the HCI_EV_HARDWARE_ERROR event, if the underlying BT controller is not responding, the GPIO reset mechanism would free the hci_dev an

• CVE-2024-26800Apr 4, 2024
  affected < 5.14.21-150500.55.73.1fixed 5.14.21-150500.55.73.1

  In the Linux kernel, the following vulnerability has been resolved: tls: fix use-after-free on failed backlog decryption When the decrypt request goes to the backlog and crypto_aead_decrypt returns -EBUSY, tls_do_decryption will wait until all async decryptions have completed.