rpm package

suse/kernel-azure&distro=SUSE Linux Enterprise Server 12 SP5

pkg:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5

Vulnerabilities (1,481)

CVE	CVSS	Affected versions	Fixed in	Published	Description
CVE-2021-46915	—	< 4.12.14-16.173.1	4.12.14-16.173.1	Feb 27, 2024	In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_limit: avoid possible divide error in nft_limit_init div_u64() divides u64 by u32. nft_limit_init() wants to divide u64 by u64, use the appropriate math function (div64_u64) divide error: 0000
CVE-2021-46909	—	< 4.12.14-16.182.1	4.12.14-16.182.1	Feb 27, 2024	In the Linux kernel, the following vulnerability has been resolved: ARM: footbridge: fix PCI interrupt mapping Since commit 30fdfb929e82 ("PCI: Add a call to pci_assign_irq() in pci_device_probe()"), the PCI code will call the IRQ mapping function whenever a PCI driver is probe
CVE-2023-52474	—	< 4.12.14-16.182.1	4.12.14-16.182.1	Feb 26, 2024	In the Linux kernel, the following vulnerability has been resolved: IB/hfi1: Fix bugs with non-PAGE_SIZE-end multi-iovec user SDMA requests hfi1 user SDMA request processing has two bugs that can cause data corruption for user SDMA requests that have multiple payload iovecs whe
CVE-2021-46906	—	< 4.12.14-16.173.1	4.12.14-16.173.1	Feb 26, 2024	In the Linux kernel, the following vulnerability has been resolved: HID: usbhid: fix info leak in hid_submit_ctrl In hid_submit_ctrl(), the way of calculating the report length doesn't take into account that report->size can be zero. When running the syzkaller reproducer, a rep
CVE-2019-25162	—	< 4.12.14-16.173.1	4.12.14-16.173.1	Feb 26, 2024	In the Linux kernel, the following vulnerability has been resolved: i2c: Fix a potential use after free Free the adap structure only after we are done using it. This patch just moves the put_device() down a bit to avoid the use after free. [wsa: added comment to the code, adde
CVE-2019-25160	—	< 4.12.14-16.182.1	4.12.14-16.182.1	Feb 26, 2024	In the Linux kernel, the following vulnerability has been resolved: netlabel: fix out-of-bounds memory accesses There are two array out-of-bounds memory accesses, one in cipso_v4_map_lvl_valid(), the other in netlbl_bitmap_walk(). Both errors are embarassingly simple, and the
CVE-2022-48626	—	< 4.12.14-16.182.1	4.12.14-16.182.1	Feb 25, 2024	In the Linux kernel, the following vulnerability has been resolved: moxart: fix potential use-after-free on remove path It was reported that the mmc host structure could be accessed after it was freed in moxart_remove(), so fix this by saving the base register of the device and
CVE-2021-46905	—	< 4.12.14-16.182.1	4.12.14-16.182.1	Feb 25, 2024	In the Linux kernel, the following vulnerability has been resolved: net: hso: fix NULL-deref on disconnect regression Commit 8a12f8836145 ("net: hso: fix null-ptr-deref during tty device unregistration") fixed the racy minor allocation reported by syzbot, but introduced an unco
CVE-2021-46904	—	< 4.12.14-16.182.1	4.12.14-16.182.1	Feb 25, 2024	In the Linux kernel, the following vulnerability has been resolved: net: hso: fix null-ptr-deref during tty device unregistration Multiple ttys try to claim the same the minor number causing a double unregistration of the same device. The first unregistration succeeds but the n
CVE-2023-52470	—	< 4.12.14-16.182.1	4.12.14-16.182.1	Feb 25, 2024	In the Linux kernel, the following vulnerability has been resolved: drm/radeon: check the alloc_workqueue return value in radeon_crtc_init() check the alloc_workqueue return value in radeon_crtc_init() to avoid null-ptr-deref.
CVE-2023-52469	—	< 4.12.14-16.182.1	4.12.14-16.182.1	Feb 25, 2024	In the Linux kernel, the following vulnerability has been resolved: drivers/amd/pm: fix a use-after-free in kv_parse_power_table When ps allocated by kzalloc equals to NULL, kv_parse_power_table frees adev->pm.dpm.ps that allocated before. However, after the control flow goes t
CVE-2024-26600	—	< 4.12.14-16.173.1	4.12.14-16.173.1	Feb 24, 2024	In the Linux kernel, the following vulnerability has been resolved: phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP If the external phy working together with phy-omap-usb2 does not implement send_srp(), we may still attempt to call it. This can happen on an idle Et
CVE-2024-26595	—	< 4.12.14-16.173.1	4.12.14-16.173.1	Feb 23, 2024	In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix NULL pointer dereference in error path When calling mlxsw_sp_acl_tcam_region_destroy() from an error path after failing to attach the region to an ACL group, we hit a NULL pointer
CVE-2023-52464	—	< 4.12.14-16.173.1	4.12.14-16.173.1	Feb 23, 2024	In the Linux kernel, the following vulnerability has been resolved: EDAC/thunderx: Fix possible out-of-bounds string access Enabling -Wstringop-overflow globally exposes a warning for a common bug in the usage of strncat(): drivers/edac/thunderx_edac.c: In function 'thunderx
CVE-2023-52454	—	< 4.12.14-16.182.1	4.12.14-16.182.1	Feb 23, 2024	In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length If the host sends an H2CData command with an invalid DATAL, the kernel may crash in nvmet_tcp_build_pdu_iovec(). Unable to handle kernel
CVE-2023-52451	—	< 4.12.14-16.173.1	4.12.14-16.173.1	Feb 22, 2024	In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries/memhp: Fix access beyond end of drmem array dlpar_memory_remove_by_index() may access beyond the bounds of the drmem lmb array when the LMB lookup fails to match an entry with the given DRC inde
CVE-2023-52449	—	< 4.12.14-16.173.1	4.12.14-16.173.1	Feb 22, 2024	In the Linux kernel, the following vulnerability has been resolved: mtd: Fix gluebi NULL pointer dereference caused by ftl notifier If both ftl.ko and gluebi.ko are loaded, the notifier of ftl triggers NULL pointer dereference when trying to access ‘gluebi->desc’ in gluebi_read
CVE-2023-52445	—	< 4.12.14-16.173.1	4.12.14-16.173.1	Feb 22, 2024	In the Linux kernel, the following vulnerability has been resolved: media: pvrusb2: fix use after free on context disconnection Upon module load, a kthread is created targeting the pvr2_context_thread_func function, which may call pvr2_context_destroy and thus call kfree() on t
CVE-2023-52443	—	< 4.12.14-16.173.1	4.12.14-16.173.1	Feb 22, 2024	In the Linux kernel, the following vulnerability has been resolved: apparmor: avoid crash when parsed profile name is empty When processing a packed profile in unpack_profile() described like "profile :ns::samba-dcerpcd /usr/lib*/samba/{,samba/}samba-dcerpcd {...}" a string
CVE-2024-26585	—	< 4.12.14-16.173.1	4.12.14-16.173.1	Feb 21, 2024	In the Linux kernel, the following vulnerability has been resolved: tls: fix race between tx work scheduling and socket close Similarly to previous commit, the submitting thread (recvmsg/sendmsg) may exit as soon as the async crypto handler calls complete(). Reorder scheduling

CVE-2021-46915Feb 27, 2024
affected < 4.12.14-16.173.1fixed 4.12.14-16.173.1
In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_limit: avoid possible divide error in nft_limit_init div_u64() divides u64 by u32. nft_limit_init() wants to divide u64 by u64, use the appropriate math function (div64_u64) divide error: 0000
CVE-2021-46909Feb 27, 2024
affected < 4.12.14-16.182.1fixed 4.12.14-16.182.1
In the Linux kernel, the following vulnerability has been resolved: ARM: footbridge: fix PCI interrupt mapping Since commit 30fdfb929e82 ("PCI: Add a call to pci_assign_irq() in pci_device_probe()"), the PCI code will call the IRQ mapping function whenever a PCI driver is probe
CVE-2023-52474Feb 26, 2024
affected < 4.12.14-16.182.1fixed 4.12.14-16.182.1
In the Linux kernel, the following vulnerability has been resolved: IB/hfi1: Fix bugs with non-PAGE_SIZE-end multi-iovec user SDMA requests hfi1 user SDMA request processing has two bugs that can cause data corruption for user SDMA requests that have multiple payload iovecs whe
CVE-2021-46906Feb 26, 2024
affected < 4.12.14-16.173.1fixed 4.12.14-16.173.1
In the Linux kernel, the following vulnerability has been resolved: HID: usbhid: fix info leak in hid_submit_ctrl In hid_submit_ctrl(), the way of calculating the report length doesn't take into account that report->size can be zero. When running the syzkaller reproducer, a rep
CVE-2019-25162Feb 26, 2024
affected < 4.12.14-16.173.1fixed 4.12.14-16.173.1
In the Linux kernel, the following vulnerability has been resolved: i2c: Fix a potential use after free Free the adap structure only after we are done using it. This patch just moves the put_device() down a bit to avoid the use after free. [wsa: added comment to the code, adde
CVE-2019-25160Feb 26, 2024
affected < 4.12.14-16.182.1fixed 4.12.14-16.182.1
In the Linux kernel, the following vulnerability has been resolved: netlabel: fix out-of-bounds memory accesses There are two array out-of-bounds memory accesses, one in cipso_v4_map_lvl_valid(), the other in netlbl_bitmap_walk(). Both errors are embarassingly simple, and the
CVE-2022-48626Feb 25, 2024
affected < 4.12.14-16.182.1fixed 4.12.14-16.182.1
In the Linux kernel, the following vulnerability has been resolved: moxart: fix potential use-after-free on remove path It was reported that the mmc host structure could be accessed after it was freed in moxart_remove(), so fix this by saving the base register of the device and
CVE-2021-46905Feb 25, 2024
affected < 4.12.14-16.182.1fixed 4.12.14-16.182.1
In the Linux kernel, the following vulnerability has been resolved: net: hso: fix NULL-deref on disconnect regression Commit 8a12f8836145 ("net: hso: fix null-ptr-deref during tty device unregistration") fixed the racy minor allocation reported by syzbot, but introduced an unco
CVE-2021-46904Feb 25, 2024
affected < 4.12.14-16.182.1fixed 4.12.14-16.182.1
In the Linux kernel, the following vulnerability has been resolved: net: hso: fix null-ptr-deref during tty device unregistration Multiple ttys try to claim the same the minor number causing a double unregistration of the same device. The first unregistration succeeds but the n
CVE-2023-52470Feb 25, 2024
affected < 4.12.14-16.182.1fixed 4.12.14-16.182.1
In the Linux kernel, the following vulnerability has been resolved: drm/radeon: check the alloc_workqueue return value in radeon_crtc_init() check the alloc_workqueue return value in radeon_crtc_init() to avoid null-ptr-deref.
CVE-2023-52469Feb 25, 2024
affected < 4.12.14-16.182.1fixed 4.12.14-16.182.1
In the Linux kernel, the following vulnerability has been resolved: drivers/amd/pm: fix a use-after-free in kv_parse_power_table When ps allocated by kzalloc equals to NULL, kv_parse_power_table frees adev->pm.dpm.ps that allocated before. However, after the control flow goes t
CVE-2024-26600Feb 24, 2024
affected < 4.12.14-16.173.1fixed 4.12.14-16.173.1
In the Linux kernel, the following vulnerability has been resolved: phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP If the external phy working together with phy-omap-usb2 does not implement send_srp(), we may still attempt to call it. This can happen on an idle Et
CVE-2024-26595Feb 23, 2024
affected < 4.12.14-16.173.1fixed 4.12.14-16.173.1
In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix NULL pointer dereference in error path When calling mlxsw_sp_acl_tcam_region_destroy() from an error path after failing to attach the region to an ACL group, we hit a NULL pointer
CVE-2023-52464Feb 23, 2024
affected < 4.12.14-16.173.1fixed 4.12.14-16.173.1
In the Linux kernel, the following vulnerability has been resolved: EDAC/thunderx: Fix possible out-of-bounds string access Enabling -Wstringop-overflow globally exposes a warning for a common bug in the usage of strncat(): drivers/edac/thunderx_edac.c: In function 'thunderx
CVE-2023-52454Feb 23, 2024
affected < 4.12.14-16.182.1fixed 4.12.14-16.182.1
In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length If the host sends an H2CData command with an invalid DATAL, the kernel may crash in nvmet_tcp_build_pdu_iovec(). Unable to handle kernel
CVE-2023-52451Feb 22, 2024
affected < 4.12.14-16.173.1fixed 4.12.14-16.173.1
In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries/memhp: Fix access beyond end of drmem array dlpar_memory_remove_by_index() may access beyond the bounds of the drmem lmb array when the LMB lookup fails to match an entry with the given DRC inde
CVE-2023-52449Feb 22, 2024
affected < 4.12.14-16.173.1fixed 4.12.14-16.173.1
In the Linux kernel, the following vulnerability has been resolved: mtd: Fix gluebi NULL pointer dereference caused by ftl notifier If both ftl.ko and gluebi.ko are loaded, the notifier of ftl triggers NULL pointer dereference when trying to access ‘gluebi->desc’ in gluebi_read
CVE-2023-52445Feb 22, 2024
affected < 4.12.14-16.173.1fixed 4.12.14-16.173.1
In the Linux kernel, the following vulnerability has been resolved: media: pvrusb2: fix use after free on context disconnection Upon module load, a kthread is created targeting the pvr2_context_thread_func function, which may call pvr2_context_destroy and thus call kfree() on t
CVE-2023-52443Feb 22, 2024
affected < 4.12.14-16.173.1fixed 4.12.14-16.173.1
In the Linux kernel, the following vulnerability has been resolved: apparmor: avoid crash when parsed profile name is empty When processing a packed profile in unpack_profile() described like "profile :ns::samba-dcerpcd /usr/lib*/samba/{,samba/}samba-dcerpcd {...}" a string
CVE-2024-26585Feb 21, 2024
affected < 4.12.14-16.173.1fixed 4.12.14-16.173.1
In the Linux kernel, the following vulnerability has been resolved: tls: fix race between tx work scheduling and socket close Similarly to previous commit, the submitting thread (recvmsg/sendmsg) may exit as soon as the async crypto handler calls complete(). Reorder scheduling

Page 43 of 75