rpm package
suse/kernel-64kb&distro=SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
pkg:rpm/suse/kernel-64kb&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSS
Vulnerabilities (1,350)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-46963 | Med | 5.5 | < 5.3.18-150300.59.158.1 | 5.3.18-150300.59.158.1 | Feb 27, 2024 | In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix crash in qla2xxx_mqueuecommand() RIP: 0010:kmem_cache_free+0xfa/0x1b0 Call Trace: qla2xxx_mqueuecommand+0x2b5/0x2c0 [qla2xxx] scsi_queue_rq+0x5e2/0xa40 __blk_mq_t | |
| CVE-2021-46962 | Med | 5.5 | < 5.3.18-150300.59.158.1 | 5.3.18-150300.59.158.1 | Feb 27, 2024 | In the Linux kernel, the following vulnerability has been resolved: mmc: uniphier-sd: Fix a resource leak in the remove function A 'tmio_mmc_host_free()' call is missing in the remove function, in order to balance a 'tmio_mmc_host_alloc()' call in the probe. This is done in the | |
| CVE-2021-46961 | Med | 5.5 | < 5.3.18-150300.59.158.1 | 5.3.18-150300.59.158.1 | Feb 27, 2024 | In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v3: Do not enable irqs when handling spurious interrups We triggered the following error while running our 4.19 kernel with the pseudo-NMI patches backported to it: [ 14.816231] ------------[ cut | |
| CVE-2021-46960 | Med | 5.5 | < 5.3.18-150300.59.158.1 | 5.3.18-150300.59.158.1 | Feb 27, 2024 | In the Linux kernel, the following vulnerability has been resolved: cifs: Return correct error code from smb2_get_enc_key Avoid a warning if the error percolates back up: [440700.376476] CIFS VFS: \\otters.example.com crypt_message: Could not get encryption key [440700.386947] | |
| CVE-2021-46958 | Med | 4.7 | < 5.3.18-150300.59.158.1 | 5.3.18-150300.59.158.1 | Feb 27, 2024 | In the Linux kernel, the following vulnerability has been resolved: btrfs: fix race between transaction aborts and fsyncs leading to use-after-free There is a race between a task aborting a transaction during a commit, a task doing an fsync and the transaction kthread, which le | |
| CVE-2021-46956 | Med | 5.5 | < 5.3.18-150300.59.158.1 | 5.3.18-150300.59.158.1 | Feb 27, 2024 | In the Linux kernel, the following vulnerability has been resolved: virtiofs: fix memory leak in virtio_fs_probe() When accidentally passing twice the same tag to qemu, kmemleak ended up reporting a memory leak in virtiofs. Also, looking at the log I saw the following error (t | |
| CVE-2021-46955 | Hig | 7.1 | < 5.3.18-150300.59.161.1 | 5.3.18-150300.59.161.1 | Feb 27, 2024 | In the Linux kernel, the following vulnerability has been resolved: openvswitch: fix stack OOB read while fragmenting IPv4 packets running openvswitch on kernels built with KASAN, it's possible to see the following splat while testing fragmentation of IPv4 packets: BUG: KASAN | |
| CVE-2021-46953 | Med | 6.7 | < 5.3.18-150300.59.153.2 | 5.3.18-150300.59.153.2 | Feb 27, 2024 | In the Linux kernel, the following vulnerability has been resolved: ACPI: GTDT: Don't corrupt interrupt mappings on watchdow probe failure When failing the driver probe because of invalid firmware properties, the GTDT driver unmaps the interrupt that it mapped earlier. However | |
| CVE-2021-46951 | Med | 5.5 | < 5.3.18-150300.59.158.1 | 5.3.18-150300.59.158.1 | Feb 27, 2024 | In the Linux kernel, the following vulnerability has been resolved: tpm: efi: Use local variable for calculating final log size When tpm_read_log_efi is called multiple times, which happens when one loads and unloads a TPM2 driver multiple times, then the global variable efi_tp | |
| CVE-2021-46950 | Hig | 7.8 | < 5.3.18-150300.59.158.1 | 5.3.18-150300.59.158.1 | Feb 27, 2024 | In the Linux kernel, the following vulnerability has been resolved: md/raid1: properly indicate failure when ending a failed write request This patch addresses a data corruption bug in raid1 arrays using bitmaps. Without this fix, the bitmap bits for the failed I/O end up being | |
| CVE-2021-46944 | Med | 5.5 | < 5.3.18-150300.59.158.1 | 5.3.18-150300.59.158.1 | Feb 27, 2024 | In the Linux kernel, the following vulnerability has been resolved: media: staging/intel-ipu3: Fix memory leak in imu_fmt We are losing the reference to an allocated memory if try. Change the order of the check to avoid that. | |
| CVE-2021-46943 | Hig | 7.8 | < 5.3.18-150300.59.158.1 | 5.3.18-150300.59.158.1 | Feb 27, 2024 | In the Linux kernel, the following vulnerability has been resolved: media: staging/intel-ipu3: Fix set_fmt error handling If there in an error during a set_fmt, do not overwrite the previous sizes with the invalid config. Without this patch, v4l2-compliance ends up allocating | |
| CVE-2021-46939 | Med | 5.5 | < 5.3.18-150300.59.158.1 | 5.3.18-150300.59.158.1 | Feb 27, 2024 | In the Linux kernel, the following vulnerability has been resolved: tracing: Restructure trace_clock_global() to never block It was reported that a fix to the ring buffer recursion detection would cause a hung machine when performing suspend / resume testing. The following back | |
| CVE-2021-46938 | Hig | 7.8 | < 5.3.18-150300.59.158.1 | 5.3.18-150300.59.158.1 | Feb 27, 2024 | In the Linux kernel, the following vulnerability has been resolved: dm rq: fix double free of blk_mq_tag_set in dev remove after table load fails When loading a device-mapper table for a request-based mapped device, and the allocation/initialization of the blk_mq_tag_set for th | |
| CVE-2020-36777 | Med | 5.5 | < 5.3.18-150300.59.153.2 | 5.3.18-150300.59.153.2 | Feb 27, 2024 | In the Linux kernel, the following vulnerability has been resolved: media: dvbdev: Fix memory leak in dvb_media_device_free() dvb_media_device_free() is leaking memory. Free `dvbdev->adapter->conn` before setting it to NULL, as documented in include/media/media-device.h: "The m | |
| CVE-2021-46934 | Low | 3.3 | < 5.3.18-150300.59.153.2 | 5.3.18-150300.59.153.2 | Feb 27, 2024 | In the Linux kernel, the following vulnerability has been resolved: i2c: validate user data in compat ioctl Wrong user data may cause warning in i2c_transfer(), ex: zero msgs. Userspace should not be able to trigger warnings, so this patch adds validation checks for user data i | |
| CVE-2021-46933 | Med | 5.5 | < 5.3.18-150300.59.158.1 | 5.3.18-150300.59.158.1 | Feb 27, 2024 | In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_fs: Clear ffs_eventfd in ffs_data_clear. ffs_data_clear is indirectly called from both ffs_fs_kill_sb and ffs_ep0_release, so it ends up being called twice when userland closes ep0 and then unmou | |
| CVE-2021-46932 | Med | 5.5 | < 5.3.18-150300.59.153.2 | 5.3.18-150300.59.153.2 | Feb 27, 2024 | In the Linux kernel, the following vulnerability has been resolved: Input: appletouch - initialize work before device registration Syzbot has reported warning in __flush_work(). This warning is caused by work->func == NULL, which means missing work initialization. This may hap | |
| CVE-2021-46931 | Med | 5.5 | < 5.3.18-150300.59.158.1 | 5.3.18-150300.59.158.1 | Feb 27, 2024 | In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Wrap the tx reporter dump callback to extract the sq Function mlx5e_tx_reporter_dump_sq() casts its void * argument to struct mlx5e_txqsq *, but in TX-timeout-recovery flow the argument is actually o | |
| CVE-2021-46930 | Med | 5.5 | < 5.3.18-150300.59.158.1 | 5.3.18-150300.59.158.1 | Feb 27, 2024 | In the Linux kernel, the following vulnerability has been resolved: usb: mtu3: fix list_head check warning This is caused by uninitialization of list_head. BUG: KASAN: use-after-free in __list_del_entry_valid+0x34/0xe4 Call trace: dump_backtrace+0x0/0x298 show_stack+0x24/0x34 |
- affected < 5.3.18-150300.59.158.1fixed 5.3.18-150300.59.158.1
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix crash in qla2xxx_mqueuecommand() RIP: 0010:kmem_cache_free+0xfa/0x1b0 Call Trace: qla2xxx_mqueuecommand+0x2b5/0x2c0 [qla2xxx] scsi_queue_rq+0x5e2/0xa40 __blk_mq_t
- affected < 5.3.18-150300.59.158.1fixed 5.3.18-150300.59.158.1
In the Linux kernel, the following vulnerability has been resolved: mmc: uniphier-sd: Fix a resource leak in the remove function A 'tmio_mmc_host_free()' call is missing in the remove function, in order to balance a 'tmio_mmc_host_alloc()' call in the probe. This is done in the
- affected < 5.3.18-150300.59.158.1fixed 5.3.18-150300.59.158.1
In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v3: Do not enable irqs when handling spurious interrups We triggered the following error while running our 4.19 kernel with the pseudo-NMI patches backported to it: [ 14.816231] ------------[ cut
- affected < 5.3.18-150300.59.158.1fixed 5.3.18-150300.59.158.1
In the Linux kernel, the following vulnerability has been resolved: cifs: Return correct error code from smb2_get_enc_key Avoid a warning if the error percolates back up: [440700.376476] CIFS VFS: \\otters.example.com crypt_message: Could not get encryption key [440700.386947]
- affected < 5.3.18-150300.59.158.1fixed 5.3.18-150300.59.158.1
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix race between transaction aborts and fsyncs leading to use-after-free There is a race between a task aborting a transaction during a commit, a task doing an fsync and the transaction kthread, which le
- affected < 5.3.18-150300.59.158.1fixed 5.3.18-150300.59.158.1
In the Linux kernel, the following vulnerability has been resolved: virtiofs: fix memory leak in virtio_fs_probe() When accidentally passing twice the same tag to qemu, kmemleak ended up reporting a memory leak in virtiofs. Also, looking at the log I saw the following error (t
- affected < 5.3.18-150300.59.161.1fixed 5.3.18-150300.59.161.1
In the Linux kernel, the following vulnerability has been resolved: openvswitch: fix stack OOB read while fragmenting IPv4 packets running openvswitch on kernels built with KASAN, it's possible to see the following splat while testing fragmentation of IPv4 packets: BUG: KASAN
- affected < 5.3.18-150300.59.153.2fixed 5.3.18-150300.59.153.2
In the Linux kernel, the following vulnerability has been resolved: ACPI: GTDT: Don't corrupt interrupt mappings on watchdow probe failure When failing the driver probe because of invalid firmware properties, the GTDT driver unmaps the interrupt that it mapped earlier. However
- affected < 5.3.18-150300.59.158.1fixed 5.3.18-150300.59.158.1
In the Linux kernel, the following vulnerability has been resolved: tpm: efi: Use local variable for calculating final log size When tpm_read_log_efi is called multiple times, which happens when one loads and unloads a TPM2 driver multiple times, then the global variable efi_tp
- affected < 5.3.18-150300.59.158.1fixed 5.3.18-150300.59.158.1
In the Linux kernel, the following vulnerability has been resolved: md/raid1: properly indicate failure when ending a failed write request This patch addresses a data corruption bug in raid1 arrays using bitmaps. Without this fix, the bitmap bits for the failed I/O end up being
- affected < 5.3.18-150300.59.158.1fixed 5.3.18-150300.59.158.1
In the Linux kernel, the following vulnerability has been resolved: media: staging/intel-ipu3: Fix memory leak in imu_fmt We are losing the reference to an allocated memory if try. Change the order of the check to avoid that.
- affected < 5.3.18-150300.59.158.1fixed 5.3.18-150300.59.158.1
In the Linux kernel, the following vulnerability has been resolved: media: staging/intel-ipu3: Fix set_fmt error handling If there in an error during a set_fmt, do not overwrite the previous sizes with the invalid config. Without this patch, v4l2-compliance ends up allocating
- affected < 5.3.18-150300.59.158.1fixed 5.3.18-150300.59.158.1
In the Linux kernel, the following vulnerability has been resolved: tracing: Restructure trace_clock_global() to never block It was reported that a fix to the ring buffer recursion detection would cause a hung machine when performing suspend / resume testing. The following back
- affected < 5.3.18-150300.59.158.1fixed 5.3.18-150300.59.158.1
In the Linux kernel, the following vulnerability has been resolved: dm rq: fix double free of blk_mq_tag_set in dev remove after table load fails When loading a device-mapper table for a request-based mapped device, and the allocation/initialization of the blk_mq_tag_set for th
- affected < 5.3.18-150300.59.153.2fixed 5.3.18-150300.59.153.2
In the Linux kernel, the following vulnerability has been resolved: media: dvbdev: Fix memory leak in dvb_media_device_free() dvb_media_device_free() is leaking memory. Free `dvbdev->adapter->conn` before setting it to NULL, as documented in include/media/media-device.h: "The m
- affected < 5.3.18-150300.59.153.2fixed 5.3.18-150300.59.153.2
In the Linux kernel, the following vulnerability has been resolved: i2c: validate user data in compat ioctl Wrong user data may cause warning in i2c_transfer(), ex: zero msgs. Userspace should not be able to trigger warnings, so this patch adds validation checks for user data i
- affected < 5.3.18-150300.59.158.1fixed 5.3.18-150300.59.158.1
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_fs: Clear ffs_eventfd in ffs_data_clear. ffs_data_clear is indirectly called from both ffs_fs_kill_sb and ffs_ep0_release, so it ends up being called twice when userland closes ep0 and then unmou
- affected < 5.3.18-150300.59.153.2fixed 5.3.18-150300.59.153.2
In the Linux kernel, the following vulnerability has been resolved: Input: appletouch - initialize work before device registration Syzbot has reported warning in __flush_work(). This warning is caused by work->func == NULL, which means missing work initialization. This may hap
- affected < 5.3.18-150300.59.158.1fixed 5.3.18-150300.59.158.1
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Wrap the tx reporter dump callback to extract the sq Function mlx5e_tx_reporter_dump_sq() casts its void * argument to struct mlx5e_txqsq *, but in TX-timeout-recovery flow the argument is actually o
- affected < 5.3.18-150300.59.158.1fixed 5.3.18-150300.59.158.1
In the Linux kernel, the following vulnerability has been resolved: usb: mtu3: fix list_head check warning This is caused by uninitialization of list_head. BUG: KASAN: use-after-free in __list_del_entry_valid+0x34/0xe4 Call trace: dump_backtrace+0x0/0x298 show_stack+0x24/0x34
Page 53 of 68