rpm package
suse/kernel-64kb&distro=SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
pkg:rpm/suse/kernel-64kb&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSS
Vulnerabilities (1,350)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-48970 | Med | 5.5 | < 5.3.18-150300.59.182.1 | 5.3.18-150300.59.182.1 | Oct 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: af_unix: Get user_ns from in_skb in unix_diag_get_exact(). Wei Chen reported a NULL deref in sk_user_ns() [0][1], and Paolo diagnosed the root cause: in unix_diag_get_exact(), the newly allocated skb does not h | |
| CVE-2022-48967 | Hig | 7.1 | < 5.3.18-150300.59.182.1 | 5.3.18-150300.59.182.1 | Oct 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: NFC: nci: Bounds check struct nfc_target arrays While running under CONFIG_FORTIFY_SOURCE=y, syzkaller reported: memcpy: detected field-spanning write (size 129) of single field "target->sensf_res" at net/nf | |
| CVE-2022-48962 | Hig | 7.8 | < 5.3.18-150300.59.182.1 | 5.3.18-150300.59.182.1 | Oct 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: hisilicon: Fix potential use-after-free in hisi_femac_rx() The skb is delivered to napi_gro_receive() which may free it, after calling this, dereferencing skb may trigger use-after-free. | |
| CVE-2022-48960 | Hig | 7.8 | < 5.3.18-150300.59.182.1 | 5.3.18-150300.59.182.1 | Oct 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: hisilicon: Fix potential use-after-free in hix5hd2_rx() The skb is delivered to napi_gro_receive() which may free it, after calling this, dereferencing skb may trigger use-after-free. | |
| CVE-2022-48956 | Hig | 7.8 | < 5.3.18-150300.59.182.1 | 5.3.18-150300.59.182.1 | Oct 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: ipv6: avoid use-after-free in ip6_fragment() Blamed commit claimed rcu_read_lock() was held by ip6_fragment() callers. It seems to not be always true, at least for UDP stack. syzbot reported: BUG: KASAN: use | |
| CVE-2022-48947 | Med | 5.5 | < 5.3.18-150300.59.182.1 | 5.3.18-150300.59.182.1 | Oct 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix u8 overflow By keep sending L2CAP_CONF_REQ packets, chan->num_conf_rsp increases multiple times and eventually it will wrap around the maximum number (i.e., 255). This patch prevents this | |
| CVE-2024-49991 | Hig | 7.8 | < 5.3.18-150300.59.182.1 | 5.3.18-150300.59.182.1 | Oct 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: amdkfd_free_gtt_mem clear the correct pointer Pass pointer reference to amdgpu_bo_unref to clear the correct pointer, otherwise amdgpu_bo_unref clear the local variable, the original pointer not set | |
| CVE-2024-49982 | Hig | 7.8 | < 5.3.18-150300.59.182.1 | 5.3.18-150300.59.182.1 | Oct 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: aoe: fix the potential use-after-free problem in more places For fixing CVE-2023-6270, f98364e92662 ("aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts") makes tx() calling dev_put() instead of d | |
| CVE-2024-49974 | Med | 5.5 | < 5.3.18-150300.59.182.1 | 5.3.18-150300.59.182.1 | Oct 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: NFSD: Limit the number of concurrent async COPY operations Nothing appears to limit the number of concurrent async COPY operations that clients can start. In addition, AFAICT each async COPY can copy an unlimit | |
| CVE-2024-49969 | Hig | 7.8 | < 5.3.18-150300.59.182.1 | 5.3.18-150300.59.182.1 | Oct 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix index out of bounds in DCN30 color transformation This commit addresses a potential index out of bounds issue in the `cm3_helper_translate_curve_to_hw_format` function in the DCN30 color ma | |
| CVE-2024-49936 | Hig | 7.8 | < 5.3.18-150300.59.182.1 | 5.3.18-150300.59.182.1 | Oct 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: net/xen-netback: prevent UAF in xenvif_flush_hash() During the list_for_each_entry_rcu iteration call of xenvif_flush_hash, kfree_rcu does not exist inside the rcu read critical section, so if kfree_rcu is call | |
| CVE-2024-49925 | Med | 5.5 | < 5.3.18-150300.59.185.1 | 5.3.18-150300.59.185.1 | Oct 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: fbdev: efifb: Register sysfs groups through driver core The driver core can register and cleanup sysfs groups already. Make use of that functionality to simplify the error handling and cleanup. Also avoid a UA | |
| CVE-2024-49867 | Med | 5.5 | < 5.3.18-150300.59.182.1 | 5.3.18-150300.59.182.1 | Oct 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: btrfs: wait for fixup workers before stopping cleaner kthread during umount During unmount, at close_ctree(), we have the following steps in this order: 1) Park the cleaner kthread - this doesn't destroy the k | |
| CVE-2024-49860 | Hig | 7.1 | < 5.3.18-150300.59.182.1 | 5.3.18-150300.59.182.1 | Oct 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: ACPI: sysfs: validate return type of _STR method Only buffer objects are valid return values of _STR. If something else is returned description_show() will access invalid memory. | |
| CVE-2024-47747 | Hig | 7.0 | < 5.3.18-150300.59.182.1 | 5.3.18-150300.59.182.1 | Oct 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition In the ether3_probe function, a timer is initialized with a callback function ether3_ledoff, bound to &prev(dev)->timer. Once t | |
| CVE-2024-47706 | Med | 5.5 | < 5.3.18-150300.59.182.1 | 5.3.18-150300.59.182.1 | Oct 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix possible UAF for bfqq->bic with merge chain 1) initial state, three tasks: Process 1 Process 2 Process 3 (BIC1) (BIC2) (BIC3) | Λ | Λ | Λ | | | |
| CVE-2024-47684 | Med | 5.5 | < 5.3.18-150300.59.182.1 | 5.3.18-150300.59.182.1 | Oct 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: tcp: check skb is non-NULL in tcp_rto_delta_us() We have some machines running stock Ubuntu 20.04.6 which is their 5.4.0-174-generic kernel that are running ceph and recently hit a null ptr dereference in tcp_r | |
| CVE-2024-47674 | Med | 5.5 | < 5.3.18-150300.59.182.1 | 5.3.18-150300.59.182.1 | Oct 15, 2024 | In the Linux kernel, the following vulnerability has been resolved: mm: avoid leaving partial pfn mappings around in error case As Jann points out, PFN mappings are special, because unlike normal memory mappings, there is no lifetime information associated with the mapping - it | |
| CVE-2024-47668 | Med | 4.7 | < 5.3.18-150300.59.182.1 | 5.3.18-150300.59.182.1 | Oct 9, 2024 | In the Linux kernel, the following vulnerability has been resolved: lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() If we need to increase the tree depth, allocate a new node, and then race with another thread that increased the tree depth before us, we'll sti | |
| CVE-2024-46849 | Hig | 7.8 | < 5.3.18-150300.59.182.1 | 5.3.18-150300.59.182.1 | Sep 27, 2024 | In the Linux kernel, the following vulnerability has been resolved: ASoC: meson: axg-card: fix 'use-after-free' Buffer 'card->dai_link' is reallocated in 'meson_card_reallocate_links()', so move 'pad' pointer initialization after this function when memory is already reallocated |
- affected < 5.3.18-150300.59.182.1fixed 5.3.18-150300.59.182.1
In the Linux kernel, the following vulnerability has been resolved: af_unix: Get user_ns from in_skb in unix_diag_get_exact(). Wei Chen reported a NULL deref in sk_user_ns() [0][1], and Paolo diagnosed the root cause: in unix_diag_get_exact(), the newly allocated skb does not h
- affected < 5.3.18-150300.59.182.1fixed 5.3.18-150300.59.182.1
In the Linux kernel, the following vulnerability has been resolved: NFC: nci: Bounds check struct nfc_target arrays While running under CONFIG_FORTIFY_SOURCE=y, syzkaller reported: memcpy: detected field-spanning write (size 129) of single field "target->sensf_res" at net/nf
- affected < 5.3.18-150300.59.182.1fixed 5.3.18-150300.59.182.1
In the Linux kernel, the following vulnerability has been resolved: net: hisilicon: Fix potential use-after-free in hisi_femac_rx() The skb is delivered to napi_gro_receive() which may free it, after calling this, dereferencing skb may trigger use-after-free.
- affected < 5.3.18-150300.59.182.1fixed 5.3.18-150300.59.182.1
In the Linux kernel, the following vulnerability has been resolved: net: hisilicon: Fix potential use-after-free in hix5hd2_rx() The skb is delivered to napi_gro_receive() which may free it, after calling this, dereferencing skb may trigger use-after-free.
- affected < 5.3.18-150300.59.182.1fixed 5.3.18-150300.59.182.1
In the Linux kernel, the following vulnerability has been resolved: ipv6: avoid use-after-free in ip6_fragment() Blamed commit claimed rcu_read_lock() was held by ip6_fragment() callers. It seems to not be always true, at least for UDP stack. syzbot reported: BUG: KASAN: use
- affected < 5.3.18-150300.59.182.1fixed 5.3.18-150300.59.182.1
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix u8 overflow By keep sending L2CAP_CONF_REQ packets, chan->num_conf_rsp increases multiple times and eventually it will wrap around the maximum number (i.e., 255). This patch prevents this
- affected < 5.3.18-150300.59.182.1fixed 5.3.18-150300.59.182.1
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: amdkfd_free_gtt_mem clear the correct pointer Pass pointer reference to amdgpu_bo_unref to clear the correct pointer, otherwise amdgpu_bo_unref clear the local variable, the original pointer not set
- affected < 5.3.18-150300.59.182.1fixed 5.3.18-150300.59.182.1
In the Linux kernel, the following vulnerability has been resolved: aoe: fix the potential use-after-free problem in more places For fixing CVE-2023-6270, f98364e92662 ("aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts") makes tx() calling dev_put() instead of d
- affected < 5.3.18-150300.59.182.1fixed 5.3.18-150300.59.182.1
In the Linux kernel, the following vulnerability has been resolved: NFSD: Limit the number of concurrent async COPY operations Nothing appears to limit the number of concurrent async COPY operations that clients can start. In addition, AFAICT each async COPY can copy an unlimit
- affected < 5.3.18-150300.59.182.1fixed 5.3.18-150300.59.182.1
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix index out of bounds in DCN30 color transformation This commit addresses a potential index out of bounds issue in the `cm3_helper_translate_curve_to_hw_format` function in the DCN30 color ma
- affected < 5.3.18-150300.59.182.1fixed 5.3.18-150300.59.182.1
In the Linux kernel, the following vulnerability has been resolved: net/xen-netback: prevent UAF in xenvif_flush_hash() During the list_for_each_entry_rcu iteration call of xenvif_flush_hash, kfree_rcu does not exist inside the rcu read critical section, so if kfree_rcu is call
- affected < 5.3.18-150300.59.185.1fixed 5.3.18-150300.59.185.1
In the Linux kernel, the following vulnerability has been resolved: fbdev: efifb: Register sysfs groups through driver core The driver core can register and cleanup sysfs groups already. Make use of that functionality to simplify the error handling and cleanup. Also avoid a UA
- affected < 5.3.18-150300.59.182.1fixed 5.3.18-150300.59.182.1
In the Linux kernel, the following vulnerability has been resolved: btrfs: wait for fixup workers before stopping cleaner kthread during umount During unmount, at close_ctree(), we have the following steps in this order: 1) Park the cleaner kthread - this doesn't destroy the k
- affected < 5.3.18-150300.59.182.1fixed 5.3.18-150300.59.182.1
In the Linux kernel, the following vulnerability has been resolved: ACPI: sysfs: validate return type of _STR method Only buffer objects are valid return values of _STR. If something else is returned description_show() will access invalid memory.
- affected < 5.3.18-150300.59.182.1fixed 5.3.18-150300.59.182.1
In the Linux kernel, the following vulnerability has been resolved: net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition In the ether3_probe function, a timer is initialized with a callback function ether3_ledoff, bound to &prev(dev)->timer. Once t
- affected < 5.3.18-150300.59.182.1fixed 5.3.18-150300.59.182.1
In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix possible UAF for bfqq->bic with merge chain 1) initial state, three tasks: Process 1 Process 2 Process 3 (BIC1) (BIC2) (BIC3) | Λ | Λ | Λ | |
- affected < 5.3.18-150300.59.182.1fixed 5.3.18-150300.59.182.1
In the Linux kernel, the following vulnerability has been resolved: tcp: check skb is non-NULL in tcp_rto_delta_us() We have some machines running stock Ubuntu 20.04.6 which is their 5.4.0-174-generic kernel that are running ceph and recently hit a null ptr dereference in tcp_r
- affected < 5.3.18-150300.59.182.1fixed 5.3.18-150300.59.182.1
In the Linux kernel, the following vulnerability has been resolved: mm: avoid leaving partial pfn mappings around in error case As Jann points out, PFN mappings are special, because unlike normal memory mappings, there is no lifetime information associated with the mapping - it
- affected < 5.3.18-150300.59.182.1fixed 5.3.18-150300.59.182.1
In the Linux kernel, the following vulnerability has been resolved: lib/generic-radix-tree.c: Fix rare race in __genradix_ptr_alloc() If we need to increase the tree depth, allocate a new node, and then race with another thread that increased the tree depth before us, we'll sti
- affected < 5.3.18-150300.59.182.1fixed 5.3.18-150300.59.182.1
In the Linux kernel, the following vulnerability has been resolved: ASoC: meson: axg-card: fix 'use-after-free' Buffer 'card->dai_link' is reallocated in 'meson_card_reallocate_links()', so move 'pad' pointer initialization after this function when memory is already reallocated
Page 27 of 68