rpm package
suse/kernel-64kb&distro=SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
pkg:rpm/suse/kernel-64kb&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSS
Vulnerabilities (1,350)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-48711 | Med | 5.5 | < 5.3.18-150300.59.167.1 | 5.3.18-150300.59.167.1 | Jun 20, 2024 | In the Linux kernel, the following vulnerability has been resolved: tipc: improve size validations for received domain records The function tipc_mon_rcv() allows a node to receive and process domain_record structs from peer nodes to track their views of the network topology. T | |
| CVE-2021-47620 | Med | 5.5 | < 5.3.18-150300.59.167.1 | 5.3.18-150300.59.167.1 | Jun 20, 2024 | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: refactor malicious adv data check Check for out-of-bound read was being performed at the end of while num_reports loop, and would fill journal with false positives. Added check to beginning of loop p | |
| CVE-2021-47619 | Med | 5.5 | < 5.3.18-150300.59.167.1 | 5.3.18-150300.59.167.1 | Jun 20, 2024 | In the Linux kernel, the following vulnerability has been resolved: i40e: Fix queues reservation for XDP When XDP was configured on a system with large number of CPUs and X722 NIC there was a call trace with NULL pointer dereference. i40e 0000:87:00.0: failed to get tracking f | |
| CVE-2021-47618 | Med | 5.5 | < 5.3.18-150300.59.167.1 | 5.3.18-150300.59.167.1 | Jun 20, 2024 | In the Linux kernel, the following vulnerability has been resolved: ARM: 9170/1: fix panic when kasan and kprobe are enabled arm32 uses software to simulate the instruction replaced by kprobe. some instructions may be simulated by constructing assembly functions. therefore, bef | |
| CVE-2021-47617 | Med | 5.5 | < 5.3.18-150300.59.167.1 | 5.3.18-150300.59.167.1 | Jun 20, 2024 | In the Linux kernel, the following vulnerability has been resolved: PCI: pciehp: Fix infinite loop in IRQ handler upon power fault The Power Fault Detected bit in the Slot Status register differs from all other hotplug events in that it is sticky: It can only be cleared after | |
| CVE-2021-47612 | Med | 5.5 | < 5.3.18-150300.59.167.1 | 5.3.18-150300.59.167.1 | Jun 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: nfc: fix segfault in nfc_genl_dump_devices_done When kmalloc in nfc_genl_dump_devices() fails then nfc_genl_dump_devices_done() segfaults as below KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000 | |
| CVE-2021-47611 | Med | 5.5 | < 5.3.18-150300.59.167.1 | 5.3.18-150300.59.167.1 | Jun 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: mac80211: validate extended element ID is present Before attempting to parse an extended element, verify that the extended element ID is present. | |
| CVE-2021-47609 | Hig | 7.8 | < 5.3.18-150300.59.167.1 | 5.3.18-150300.59.167.1 | Jun 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scpi: Fix string overflow in SCPI genpd driver Without the bound checks for scpi_pd->name, it could result in the buffer overflow when copying the SCPI device name from the corresponding device tr | |
| CVE-2021-47602 | Med | 5.5 | < 5.3.18-150300.59.167.1 | 5.3.18-150300.59.167.1 | Jun 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: mac80211: track only QoS data frames for admission control For admission control, obviously all of that only works for QoS data frames, otherwise we cannot even access the QoS field in the header. Syzbot repor | |
| CVE-2021-47600 | Hig | 7.8 | < 5.3.18-150300.59.167.1 | 5.3.18-150300.59.167.1 | Jun 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: dm btree remove: fix use after free in rebalance_children() Move dm_tm_unlock() after dm_tm_dec(). | |
| CVE-2021-47598 | Hig | 7.8 | < 5.3.18-150300.59.170.1 | 5.3.18-150300.59.170.1 | Jun 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: sch_cake: do not call cake_destroy() from cake_init() qdiscs are not supposed to call their own destroy() method from init(), because core stack already does that. syzbot was able to trigger use after free: D | |
| CVE-2021-47596 | Hig | 7.8 | < 5.3.18-150300.59.167.1 | 5.3.18-150300.59.167.1 | Jun 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix use-after-free bug in hclgevf_send_mbx_msg Currently, the hns3_remove function firstly uninstall client instance, and then uninstall acceletion engine device. The netdevice is freed in client ins | |
| CVE-2021-47595 | Med | 5.5 | < 5.3.18-150300.59.167.1 | 5.3.18-150300.59.167.1 | Jun 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_ets: don't remove idle classes from the round-robin list Shuang reported that the following script: 1) tc qdisc add dev ddd0 handle 10: parent 1: ets bands 8 strict 4 priomap 7 7 7 7 7 7 7 7 7 | |
| CVE-2021-47589 | Hig | 7.8 | < 5.3.18-150300.59.167.1 | 5.3.18-150300.59.167.1 | Jun 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: igbvf: fix double free in `igbvf_probe` In `igbvf_probe`, if register_netdev() fails, the program will go to label err_hw_init, and then to label err_ioremap. In free_netdev() which is just below label err_iore | |
| CVE-2021-47583 | Med | 5.5 | < 5.3.18-150300.59.167.1 | 5.3.18-150300.59.167.1 | Jun 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: media: mxl111sf: change mutex_init() location Syzbot reported, that mxl111sf_ctrl_msg() uses uninitialized mutex. The problem was in wrong mutex_init() location. Previous mutex_init(&state->msg_lock) call was | |
| CVE-2021-47580 | Med | 6.6 | < 5.3.18-150300.59.170.1 | 5.3.18-150300.59.170.1 | Jun 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: scsi: scsi_debug: Fix type in min_t to avoid stack OOB Change min_t() to use type "u32" instead of type "int" to avoid stack out of bounds. With min_t() type "int" the values get sign extended and the larger va | |
| CVE-2021-47576 | Hig | 7.8 | < 5.3.18-150300.59.167.1 | 5.3.18-150300.59.167.1 | Jun 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: scsi: scsi_debug: Sanity check block descriptor length in resp_mode_select() In resp_mode_select() sanity check the block descriptor len to avoid UAF. BUG: KASAN: use-after-free in resp_mode_select+0xa4c/0xb40 | |
| CVE-2024-38560 | Hig | 7.1 | < 5.3.18-150300.59.167.1 | 5.3.18-150300.59.167.1 | Jun 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: scsi: bfa: Ensure the copied buf is NUL terminated Currently, we allocate a nbytes-sized kernel buffer and copy nbytes from userspace to that buffer. Later, we use sscanf on this buffer but we don't ensure that | |
| CVE-2024-38559 | Med | 4.4 | < 5.3.18-150300.59.167.1 | 5.3.18-150300.59.167.1 | Jun 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: scsi: qedf: Ensure the copied buf is NUL terminated Currently, we allocate a count-sized kernel buffer and copy count from userspace to that buffer. Later, we use kstrtouint on this buffer but we don't ensure t | |
| CVE-2024-38545 | Hig | 7.8 | < 5.3.18-150300.59.167.1 | 5.3.18-150300.59.167.1 | Jun 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix UAF for cq async event The refcount of CQ is not protected by locks. When CQ asynchronous events and CQ destruction are concurrent, CQ may have been released, which will cause UAF. Use the xa_loc |
- affected < 5.3.18-150300.59.167.1fixed 5.3.18-150300.59.167.1
In the Linux kernel, the following vulnerability has been resolved: tipc: improve size validations for received domain records The function tipc_mon_rcv() allows a node to receive and process domain_record structs from peer nodes to track their views of the network topology. T
- affected < 5.3.18-150300.59.167.1fixed 5.3.18-150300.59.167.1
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: refactor malicious adv data check Check for out-of-bound read was being performed at the end of while num_reports loop, and would fill journal with false positives. Added check to beginning of loop p
- affected < 5.3.18-150300.59.167.1fixed 5.3.18-150300.59.167.1
In the Linux kernel, the following vulnerability has been resolved: i40e: Fix queues reservation for XDP When XDP was configured on a system with large number of CPUs and X722 NIC there was a call trace with NULL pointer dereference. i40e 0000:87:00.0: failed to get tracking f
- affected < 5.3.18-150300.59.167.1fixed 5.3.18-150300.59.167.1
In the Linux kernel, the following vulnerability has been resolved: ARM: 9170/1: fix panic when kasan and kprobe are enabled arm32 uses software to simulate the instruction replaced by kprobe. some instructions may be simulated by constructing assembly functions. therefore, bef
- affected < 5.3.18-150300.59.167.1fixed 5.3.18-150300.59.167.1
In the Linux kernel, the following vulnerability has been resolved: PCI: pciehp: Fix infinite loop in IRQ handler upon power fault The Power Fault Detected bit in the Slot Status register differs from all other hotplug events in that it is sticky: It can only be cleared after
- affected < 5.3.18-150300.59.167.1fixed 5.3.18-150300.59.167.1
In the Linux kernel, the following vulnerability has been resolved: nfc: fix segfault in nfc_genl_dump_devices_done When kmalloc in nfc_genl_dump_devices() fails then nfc_genl_dump_devices_done() segfaults as below KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000
- affected < 5.3.18-150300.59.167.1fixed 5.3.18-150300.59.167.1
In the Linux kernel, the following vulnerability has been resolved: mac80211: validate extended element ID is present Before attempting to parse an extended element, verify that the extended element ID is present.
- affected < 5.3.18-150300.59.167.1fixed 5.3.18-150300.59.167.1
In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scpi: Fix string overflow in SCPI genpd driver Without the bound checks for scpi_pd->name, it could result in the buffer overflow when copying the SCPI device name from the corresponding device tr
- affected < 5.3.18-150300.59.167.1fixed 5.3.18-150300.59.167.1
In the Linux kernel, the following vulnerability has been resolved: mac80211: track only QoS data frames for admission control For admission control, obviously all of that only works for QoS data frames, otherwise we cannot even access the QoS field in the header. Syzbot repor
- affected < 5.3.18-150300.59.167.1fixed 5.3.18-150300.59.167.1
In the Linux kernel, the following vulnerability has been resolved: dm btree remove: fix use after free in rebalance_children() Move dm_tm_unlock() after dm_tm_dec().
- affected < 5.3.18-150300.59.170.1fixed 5.3.18-150300.59.170.1
In the Linux kernel, the following vulnerability has been resolved: sch_cake: do not call cake_destroy() from cake_init() qdiscs are not supposed to call their own destroy() method from init(), because core stack already does that. syzbot was able to trigger use after free: D
- affected < 5.3.18-150300.59.167.1fixed 5.3.18-150300.59.167.1
In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix use-after-free bug in hclgevf_send_mbx_msg Currently, the hns3_remove function firstly uninstall client instance, and then uninstall acceletion engine device. The netdevice is freed in client ins
- affected < 5.3.18-150300.59.167.1fixed 5.3.18-150300.59.167.1
In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_ets: don't remove idle classes from the round-robin list Shuang reported that the following script: 1) tc qdisc add dev ddd0 handle 10: parent 1: ets bands 8 strict 4 priomap 7 7 7 7 7 7 7 7 7
- affected < 5.3.18-150300.59.167.1fixed 5.3.18-150300.59.167.1
In the Linux kernel, the following vulnerability has been resolved: igbvf: fix double free in `igbvf_probe` In `igbvf_probe`, if register_netdev() fails, the program will go to label err_hw_init, and then to label err_ioremap. In free_netdev() which is just below label err_iore
- affected < 5.3.18-150300.59.167.1fixed 5.3.18-150300.59.167.1
In the Linux kernel, the following vulnerability has been resolved: media: mxl111sf: change mutex_init() location Syzbot reported, that mxl111sf_ctrl_msg() uses uninitialized mutex. The problem was in wrong mutex_init() location. Previous mutex_init(&state->msg_lock) call was
- affected < 5.3.18-150300.59.170.1fixed 5.3.18-150300.59.170.1
In the Linux kernel, the following vulnerability has been resolved: scsi: scsi_debug: Fix type in min_t to avoid stack OOB Change min_t() to use type "u32" instead of type "int" to avoid stack out of bounds. With min_t() type "int" the values get sign extended and the larger va
- affected < 5.3.18-150300.59.167.1fixed 5.3.18-150300.59.167.1
In the Linux kernel, the following vulnerability has been resolved: scsi: scsi_debug: Sanity check block descriptor length in resp_mode_select() In resp_mode_select() sanity check the block descriptor len to avoid UAF. BUG: KASAN: use-after-free in resp_mode_select+0xa4c/0xb40
- affected < 5.3.18-150300.59.167.1fixed 5.3.18-150300.59.167.1
In the Linux kernel, the following vulnerability has been resolved: scsi: bfa: Ensure the copied buf is NUL terminated Currently, we allocate a nbytes-sized kernel buffer and copy nbytes from userspace to that buffer. Later, we use sscanf on this buffer but we don't ensure that
- affected < 5.3.18-150300.59.167.1fixed 5.3.18-150300.59.167.1
In the Linux kernel, the following vulnerability has been resolved: scsi: qedf: Ensure the copied buf is NUL terminated Currently, we allocate a count-sized kernel buffer and copy count from userspace to that buffer. Later, we use kstrtouint on this buffer but we don't ensure t
- affected < 5.3.18-150300.59.167.1fixed 5.3.18-150300.59.167.1
In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix UAF for cq async event The refcount of CQ is not protected by locks. When CQ asynchronous events and CQ destruction are concurrent, CQ may have been released, which will cause UAF. Use the xa_loc
Page 33 of 68