rpm package
suse/kernel-azure&distro=SUSE Linux Enterprise Server 12 SP5
pkg:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5
Vulnerabilities (1,481)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-38627 | Hig | 7.8 | < 4.12.14-16.191.1 | 4.12.14-16.191.1 | Jun 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: stm class: Fix a double free in stm_register_device() The put_device(&stm->dev) call will trigger stm_device_release() which frees "stm" so the vfree(stm) on the next line is a double free. | |
| CVE-2024-38621 | Hig | 7.1 | < 4.12.14-16.191.1 | 4.12.14-16.191.1 | Jun 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: media: stk1160: fix bounds checking in stk1160_copy_video() The subtract in this condition is reversed. The ->length is the length of the buffer. The ->bytesused is how many bytes we have copied thus far. Wh | |
| CVE-2024-38381 | Hig | 7.1 | < 4.12.14-16.200.1 | 4.12.14-16.200.1 | Jun 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: nfc: nci: Fix uninit-value in nci_rx_work syzbot reported the following uninit-value access issue [1] nci_rx_work() parses received packet from ndev->rx_q. It should be validated header size, payload size and | |
| CVE-2024-36286 | Med | 5.5 | < 4.12.14-16.197.1 | 4.12.14-16.197.1 | Jun 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu() syzbot reported that nf_reinject() could be called without rcu_read_lock() : WARNING: suspicious RCU usage 6.9.0-rc7-syzkaller-0206 | |
| CVE-2024-36270 | Med | 5.5 | < 4.12.14-16.197.1 | 4.12.14-16.197.1 | Jun 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: netfilter: tproxy: bail out if IP has been disabled on the device syzbot reports: general protection fault, probably for non-canonical address 0xdffffc0000000003: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: null-ptr | |
| CVE-2022-48771 | Hig | 7.8 | < 4.12.14-16.191.1 | 4.12.14-16.191.1 | Jun 20, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix stale file descriptors on failed usercopy A failing usercopy of the fence_rep object will lead to a stale entry in the file descriptor table as put_unused_fd() won't release it. This enables use | |
| CVE-2022-48769 | Med | 5.5 | < 4.12.14-16.197.1 | 4.12.14-16.197.1 | Jun 20, 2024 | In the Linux kernel, the following vulnerability has been resolved: efi: runtime: avoid EFIv2 runtime services on Apple x86 machines Aditya reports [0] that his recent MacbookPro crashes in the firmware when using the variable services at runtime. The culprit appears to be a ca | |
| CVE-2022-48761 | Med | 5.3 | < 4.12.14-16.191.1 | 4.12.14-16.191.1 | Jun 20, 2024 | In the Linux kernel, the following vulnerability has been resolved: usb: xhci-plat: fix crash when suspend if remote wake enable Crashed at i.mx8qm platform when suspend if enable remote wakeup Internal error: synchronous external abort: 96000210 [#1] PREEMPT SMP Modules linke | |
| CVE-2022-48760 | Hig | 7.1 | < 4.12.14-16.191.1 | 4.12.14-16.191.1 | Jun 20, 2024 | In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix hang in usb_kill_urb by adding memory barriers The syzbot fuzzer has identified a bug in which processes hang waiting for usb_kill_urb() to return. It turns out the issue is not unlinking the UR | |
| CVE-2022-48759 | Hig | 7.0 | < 4.12.14-16.191.1 | 4.12.14-16.191.1 | Jun 20, 2024 | In the Linux kernel, the following vulnerability has been resolved: rpmsg: char: Fix race between the release of rpmsg_ctrldev and cdev struct rpmsg_ctrldev contains a struct cdev. The current code frees the rpmsg_ctrldev struct in rpmsg_ctrldev_release_device(), but the cdev i | |
| CVE-2022-48758 | Med | 5.5 | < 4.12.14-16.191.1 | 4.12.14-16.191.1 | Jun 20, 2024 | In the Linux kernel, the following vulnerability has been resolved: scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put() The bnx2fc_destroy() functions are removing the interface before calling destroy_work. This results multiple WARNings from sysfs_remo | |
| CVE-2022-48756 | Med | 5.5 | < 4.12.14-16.191.1 | 4.12.14-16.191.1 | Jun 20, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/msm/dsi: invalid parameter check in msm_dsi_phy_enable The function performs a check on the "phy" input parameter, however, it is used before the check. Initialize the "dev" variable after the sanity check | |
| CVE-2022-48754 | Hig | 8.4 | < 4.12.14-16.191.1 | 4.12.14-16.191.1 | Jun 20, 2024 | In the Linux kernel, the following vulnerability has been resolved: phylib: fix potential use-after-free Commit bafbdd527d56 ("phylib: Add device reset GPIO support") added call to phy_device_reset(phydev) after the put_device() call in phy_detach(). The comment before the put | |
| CVE-2022-48751 | Med | 4.7 | < 4.12.14-16.197.1 | 4.12.14-16.197.1 | Jun 20, 2024 | In the Linux kernel, the following vulnerability has been resolved: net/smc: Transitional solution for clcsock race issue We encountered a crash in smc_setsockopt() and it is caused by accessing smc->clcsock after clcsock was released. BUG: kernel NULL pointer dereference, ad | |
| CVE-2022-48743 | Med | 5.5 | < 4.12.14-16.191.1 | 4.12.14-16.191.1 | Jun 20, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: amd-xgbe: Fix skb data length underflow There will be BUG_ON() triggered in include/linux/skbuff.h leading to intermittent kernel panic, when the skb length underflow is detected. Fix this by dropping the | |
| CVE-2022-48740 | Hig | 7.8 | < 4.12.14-16.191.1 | 4.12.14-16.191.1 | Jun 20, 2024 | In the Linux kernel, the following vulnerability has been resolved: selinux: fix double free of cond_list on error paths On error path from cond_read_list() and duplicate_policydb_cond_list() the cond_list_destroy() gets called a second time in caller functions, resulting in NU | |
| CVE-2022-48733 | Hig | 7.8 | < 4.12.14-16.191.1 | 4.12.14-16.191.1 | Jun 20, 2024 | In the Linux kernel, the following vulnerability has been resolved: btrfs: fix use-after-free after failure to create a snapshot At ioctl.c:create_snapshot(), we allocate a pending snapshot structure and then attach it to the transaction's list of pending snapshots. After that | |
| CVE-2022-48732 | Hig | 7.8 | < 4.12.14-16.191.1 | 4.12.14-16.191.1 | Jun 20, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fix off by one in BIOS boundary checking Bounds checking when parsing init scripts embedded in the BIOS reject access to the last byte. This causes driver initialization to fail on Apple eMac's wit | |
| CVE-2021-4439 | Hig | 7.8 | < 4.12.14-16.191.1 | 4.12.14-16.191.1 | Jun 20, 2024 | In the Linux kernel, the following vulnerability has been resolved: isdn: cpai: check ctr->cnr to avoid array index out of bound The cmtp_add_connection() would add a cmtp session to a controller and run a kernel thread to process cmtp. __module_get(THIS_MODULE); session->ta | |
| CVE-2022-48722 | Med | 5.5 | < 4.12.14-16.191.1 | 4.12.14-16.191.1 | Jun 20, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: ieee802154: ca8210: Stop leaking skb's Upon error the ieee802154_xmit_complete() helper is not called. Only ieee802154_wake_queue() is called manually. We then leak the skb structure. Free the skb structu |
- affected < 4.12.14-16.191.1fixed 4.12.14-16.191.1
In the Linux kernel, the following vulnerability has been resolved: stm class: Fix a double free in stm_register_device() The put_device(&stm->dev) call will trigger stm_device_release() which frees "stm" so the vfree(stm) on the next line is a double free.
- affected < 4.12.14-16.191.1fixed 4.12.14-16.191.1
In the Linux kernel, the following vulnerability has been resolved: media: stk1160: fix bounds checking in stk1160_copy_video() The subtract in this condition is reversed. The ->length is the length of the buffer. The ->bytesused is how many bytes we have copied thus far. Wh
- affected < 4.12.14-16.200.1fixed 4.12.14-16.200.1
In the Linux kernel, the following vulnerability has been resolved: nfc: nci: Fix uninit-value in nci_rx_work syzbot reported the following uninit-value access issue [1] nci_rx_work() parses received packet from ndev->rx_q. It should be validated header size, payload size and
- affected < 4.12.14-16.197.1fixed 4.12.14-16.197.1
In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu() syzbot reported that nf_reinject() could be called without rcu_read_lock() : WARNING: suspicious RCU usage 6.9.0-rc7-syzkaller-0206
- affected < 4.12.14-16.197.1fixed 4.12.14-16.197.1
In the Linux kernel, the following vulnerability has been resolved: netfilter: tproxy: bail out if IP has been disabled on the device syzbot reports: general protection fault, probably for non-canonical address 0xdffffc0000000003: 0000 [#1] PREEMPT SMP KASAN PTI KASAN: null-ptr
- affected < 4.12.14-16.191.1fixed 4.12.14-16.191.1
In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix stale file descriptors on failed usercopy A failing usercopy of the fence_rep object will lead to a stale entry in the file descriptor table as put_unused_fd() won't release it. This enables use
- affected < 4.12.14-16.197.1fixed 4.12.14-16.197.1
In the Linux kernel, the following vulnerability has been resolved: efi: runtime: avoid EFIv2 runtime services on Apple x86 machines Aditya reports [0] that his recent MacbookPro crashes in the firmware when using the variable services at runtime. The culprit appears to be a ca
- affected < 4.12.14-16.191.1fixed 4.12.14-16.191.1
In the Linux kernel, the following vulnerability has been resolved: usb: xhci-plat: fix crash when suspend if remote wake enable Crashed at i.mx8qm platform when suspend if enable remote wakeup Internal error: synchronous external abort: 96000210 [#1] PREEMPT SMP Modules linke
- affected < 4.12.14-16.191.1fixed 4.12.14-16.191.1
In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix hang in usb_kill_urb by adding memory barriers The syzbot fuzzer has identified a bug in which processes hang waiting for usb_kill_urb() to return. It turns out the issue is not unlinking the UR
- affected < 4.12.14-16.191.1fixed 4.12.14-16.191.1
In the Linux kernel, the following vulnerability has been resolved: rpmsg: char: Fix race between the release of rpmsg_ctrldev and cdev struct rpmsg_ctrldev contains a struct cdev. The current code frees the rpmsg_ctrldev struct in rpmsg_ctrldev_release_device(), but the cdev i
- affected < 4.12.14-16.191.1fixed 4.12.14-16.191.1
In the Linux kernel, the following vulnerability has been resolved: scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put() The bnx2fc_destroy() functions are removing the interface before calling destroy_work. This results multiple WARNings from sysfs_remo
- affected < 4.12.14-16.191.1fixed 4.12.14-16.191.1
In the Linux kernel, the following vulnerability has been resolved: drm/msm/dsi: invalid parameter check in msm_dsi_phy_enable The function performs a check on the "phy" input parameter, however, it is used before the check. Initialize the "dev" variable after the sanity check
- affected < 4.12.14-16.191.1fixed 4.12.14-16.191.1
In the Linux kernel, the following vulnerability has been resolved: phylib: fix potential use-after-free Commit bafbdd527d56 ("phylib: Add device reset GPIO support") added call to phy_device_reset(phydev) after the put_device() call in phy_detach(). The comment before the put
- affected < 4.12.14-16.197.1fixed 4.12.14-16.197.1
In the Linux kernel, the following vulnerability has been resolved: net/smc: Transitional solution for clcsock race issue We encountered a crash in smc_setsockopt() and it is caused by accessing smc->clcsock after clcsock was released. BUG: kernel NULL pointer dereference, ad
- affected < 4.12.14-16.191.1fixed 4.12.14-16.191.1
In the Linux kernel, the following vulnerability has been resolved: net: amd-xgbe: Fix skb data length underflow There will be BUG_ON() triggered in include/linux/skbuff.h leading to intermittent kernel panic, when the skb length underflow is detected. Fix this by dropping the
- affected < 4.12.14-16.191.1fixed 4.12.14-16.191.1
In the Linux kernel, the following vulnerability has been resolved: selinux: fix double free of cond_list on error paths On error path from cond_read_list() and duplicate_policydb_cond_list() the cond_list_destroy() gets called a second time in caller functions, resulting in NU
- affected < 4.12.14-16.191.1fixed 4.12.14-16.191.1
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix use-after-free after failure to create a snapshot At ioctl.c:create_snapshot(), we allocate a pending snapshot structure and then attach it to the transaction's list of pending snapshots. After that
- affected < 4.12.14-16.191.1fixed 4.12.14-16.191.1
In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fix off by one in BIOS boundary checking Bounds checking when parsing init scripts embedded in the BIOS reject access to the last byte. This causes driver initialization to fail on Apple eMac's wit
- affected < 4.12.14-16.191.1fixed 4.12.14-16.191.1
In the Linux kernel, the following vulnerability has been resolved: isdn: cpai: check ctr->cnr to avoid array index out of bound The cmtp_add_connection() would add a cmtp session to a controller and run a kernel thread to process cmtp. __module_get(THIS_MODULE); session->ta
- affected < 4.12.14-16.191.1fixed 4.12.14-16.191.1
In the Linux kernel, the following vulnerability has been resolved: net: ieee802154: ca8210: Stop leaking skb's Upon error the ieee802154_xmit_complete() helper is not called. Only ieee802154_wake_queue() is called manually. We then leak the skb structure. Free the skb structu
Page 13 of 75