rpm package
suse/kernel-default&distro=SUSE Linux Enterprise High Availability Extension 15 SP2
pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP2
Vulnerabilities (997)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-46924 | Med | 5.5 | < 5.3.18-150200.24.183.1 | 5.3.18-150200.24.183.1 | Feb 27, 2024 | In the Linux kernel, the following vulnerability has been resolved: NFC: st21nfca: Fix memory leak in device probe and remove 'phy->pending_skb' is alloced when device probe, but forgot to free in the error handling path and remove path, this cause memory leak as follows: unre | |
| CVE-2021-46921 | Med | 5.5 | < 5.3.18-150200.24.188.1 | 5.3.18-150200.24.188.1 | Feb 27, 2024 | In the Linux kernel, the following vulnerability has been resolved: locking/qrwlock: Fix ordering in queued_write_lock_slowpath() While this code is executed with the wait_lock held, a reader can acquire the lock without holding wait_lock. The writer side loops checking the va | |
| CVE-2021-46915 | Med | 5.5 | < 5.3.18-150200.24.183.1 | 5.3.18-150200.24.183.1 | Feb 27, 2024 | In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_limit: avoid possible divide error in nft_limit_init div_u64() divides u64 by u32. nft_limit_init() wants to divide u64 by u64, use the appropriate math function (div64_u64) divide error: 0000 | |
| CVE-2021-46909 | Med | 5.5 | < 5.3.18-150200.24.188.1 | 5.3.18-150200.24.188.1 | Feb 27, 2024 | In the Linux kernel, the following vulnerability has been resolved: ARM: footbridge: fix PCI interrupt mapping Since commit 30fdfb929e82 ("PCI: Add a call to pci_assign_irq() in pci_device_probe()"), the PCI code will call the IRQ mapping function whenever a PCI driver is probe | |
| CVE-2023-52474 | Hig | 7.8 | < 5.3.18-150200.24.188.1 | 5.3.18-150200.24.188.1 | Feb 26, 2024 | In the Linux kernel, the following vulnerability has been resolved: IB/hfi1: Fix bugs with non-PAGE_SIZE-end multi-iovec user SDMA requests hfi1 user SDMA request processing has two bugs that can cause data corruption for user SDMA requests that have multiple payload iovecs whe | |
| CVE-2021-46906 | Med | 5.5 | < 5.3.18-150200.24.183.1 | 5.3.18-150200.24.183.1 | Feb 26, 2024 | In the Linux kernel, the following vulnerability has been resolved: HID: usbhid: fix info leak in hid_submit_ctrl In hid_submit_ctrl(), the way of calculating the report length doesn't take into account that report->size can be zero. When running the syzkaller reproducer, a rep | |
| CVE-2019-25162 | Hig | 7.8 | < 5.3.18-150200.24.183.1 | 5.3.18-150200.24.183.1 | Feb 26, 2024 | In the Linux kernel, the following vulnerability has been resolved: i2c: Fix a potential use after free Free the adap structure only after we are done using it. This patch just moves the put_device() down a bit to avoid the use after free. [wsa: added comment to the code, adde | |
| CVE-2024-26602 | Med | 5.5 | < 5.3.18-150200.24.183.1 | 5.3.18-150200.24.183.1 | Feb 26, 2024 | In the Linux kernel, the following vulnerability has been resolved: sched/membarrier: reduce the ability to hammer on sys_membarrier On some systems, sys_membarrier can be very expensive, causing overall slowdowns for everything. So put a lock on the path in order to serialize | |
| CVE-2024-26600 | Med | 5.5 | < 5.3.18-150200.24.188.1 | 5.3.18-150200.24.188.1 | Feb 26, 2024 | In the Linux kernel, the following vulnerability has been resolved: phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP If the external phy working together with phy-omap-usb2 does not implement send_srp(), we may still attempt to call it. This can happen on an idle Et | |
| CVE-2023-52470 | Med | 5.5 | < 5.3.18-150200.24.188.1 | 5.3.18-150200.24.188.1 | Feb 26, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/radeon: check the alloc_workqueue return value in radeon_crtc_init() check the alloc_workqueue return value in radeon_crtc_init() to avoid null-ptr-deref. | |
| CVE-2023-52469 | Hig | 7.8 | < 5.3.18-150200.24.188.1 | 5.3.18-150200.24.188.1 | Feb 26, 2024 | In the Linux kernel, the following vulnerability has been resolved: drivers/amd/pm: fix a use-after-free in kv_parse_power_table When ps allocated by kzalloc equals to NULL, kv_parse_power_table frees adev->pm.dpm.ps that allocated before. However, after the control flow goes t | |
| CVE-2022-48626 | Hig | 7.8 | < 5.3.18-150200.24.188.1 | 5.3.18-150200.24.188.1 | Feb 26, 2024 | In the Linux kernel, the following vulnerability has been resolved: moxart: fix potential use-after-free on remove path It was reported that the mmc host structure could be accessed after it was freed in moxart_remove(), so fix this by saving the base register of the device and | |
| CVE-2021-46905 | Med | 5.5 | < 5.3.18-150200.24.183.1 | 5.3.18-150200.24.183.1 | Feb 26, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: hso: fix NULL-deref on disconnect regression Commit 8a12f8836145 ("net: hso: fix null-ptr-deref during tty device unregistration") fixed the racy minor allocation reported by syzbot, but introduced an unco | |
| CVE-2021-46904 | Med | 5.5 | < 5.3.18-150200.24.183.1 | 5.3.18-150200.24.183.1 | Feb 26, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: hso: fix null-ptr-deref during tty device unregistration Multiple ttys try to claim the same the minor number causing a double unregistration of the same device. The first unregistration succeeds but the n | |
| CVE-2024-26595 | Med | 5.5 | < 5.3.18-150200.24.183.1 | 5.3.18-150200.24.183.1 | Feb 23, 2024 | In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix NULL pointer dereference in error path When calling mlxsw_sp_acl_tcam_region_destroy() from an error path after failing to attach the region to an ACL group, we hit a NULL pointer | |
| CVE-2023-52463 | Med | 5.5 | < 5.3.18-150200.24.183.1 | 5.3.18-150200.24.183.1 | Feb 23, 2024 | In the Linux kernel, the following vulnerability has been resolved: efivarfs: force RO when remounting if SetVariable is not supported If SetVariable at runtime is not supported by the firmware we never assign a callback for that function. At the same time mount the efivarfs as | |
| CVE-2023-52454 | Med | 5.5 | < 5.3.18-150200.24.188.1 | 5.3.18-150200.24.188.1 | Feb 23, 2024 | In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length If the host sends an H2CData command with an invalid DATAL, the kernel may crash in nvmet_tcp_build_pdu_iovec(). Unable to handle kernel | |
| CVE-2024-26593 | Hig | 7.1 | < 5.3.18-150200.24.183.1 | 5.3.18-150200.24.183.1 | Feb 23, 2024 | In the Linux kernel, the following vulnerability has been resolved: i2c: i801: Fix block process call transactions According to the Intel datasheets, software must reset the block buffer index twice for block process call transactions: once before writing the outgoing data to t | |
| CVE-2024-26589 | Hig | 7.8 | < 5.3.18-150200.24.183.1 | 5.3.18-150200.24.183.1 | Feb 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: bpf: Reject variable offset alu on PTR_TO_FLOW_KEYS For PTR_TO_FLOW_KEYS, check_flow_keys_access() only uses fixed off for validation. However, variable offset ptr alu is not prohibited for this ptr kind. So th | |
| CVE-2024-26586 | Med | 6.7 | < 5.3.18-150200.24.183.1 | 5.3.18-150200.24.183.1 | Feb 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix stack corruption When tc filters are first added to a net device, the corresponding local port gets bound to an ACL group in the device. The group contains a list of ACLs. In turn, |
- affected < 5.3.18-150200.24.183.1fixed 5.3.18-150200.24.183.1
In the Linux kernel, the following vulnerability has been resolved: NFC: st21nfca: Fix memory leak in device probe and remove 'phy->pending_skb' is alloced when device probe, but forgot to free in the error handling path and remove path, this cause memory leak as follows: unre
- affected < 5.3.18-150200.24.188.1fixed 5.3.18-150200.24.188.1
In the Linux kernel, the following vulnerability has been resolved: locking/qrwlock: Fix ordering in queued_write_lock_slowpath() While this code is executed with the wait_lock held, a reader can acquire the lock without holding wait_lock. The writer side loops checking the va
- affected < 5.3.18-150200.24.183.1fixed 5.3.18-150200.24.183.1
In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_limit: avoid possible divide error in nft_limit_init div_u64() divides u64 by u32. nft_limit_init() wants to divide u64 by u64, use the appropriate math function (div64_u64) divide error: 0000
- affected < 5.3.18-150200.24.188.1fixed 5.3.18-150200.24.188.1
In the Linux kernel, the following vulnerability has been resolved: ARM: footbridge: fix PCI interrupt mapping Since commit 30fdfb929e82 ("PCI: Add a call to pci_assign_irq() in pci_device_probe()"), the PCI code will call the IRQ mapping function whenever a PCI driver is probe
- affected < 5.3.18-150200.24.188.1fixed 5.3.18-150200.24.188.1
In the Linux kernel, the following vulnerability has been resolved: IB/hfi1: Fix bugs with non-PAGE_SIZE-end multi-iovec user SDMA requests hfi1 user SDMA request processing has two bugs that can cause data corruption for user SDMA requests that have multiple payload iovecs whe
- affected < 5.3.18-150200.24.183.1fixed 5.3.18-150200.24.183.1
In the Linux kernel, the following vulnerability has been resolved: HID: usbhid: fix info leak in hid_submit_ctrl In hid_submit_ctrl(), the way of calculating the report length doesn't take into account that report->size can be zero. When running the syzkaller reproducer, a rep
- affected < 5.3.18-150200.24.183.1fixed 5.3.18-150200.24.183.1
In the Linux kernel, the following vulnerability has been resolved: i2c: Fix a potential use after free Free the adap structure only after we are done using it. This patch just moves the put_device() down a bit to avoid the use after free. [wsa: added comment to the code, adde
- affected < 5.3.18-150200.24.183.1fixed 5.3.18-150200.24.183.1
In the Linux kernel, the following vulnerability has been resolved: sched/membarrier: reduce the ability to hammer on sys_membarrier On some systems, sys_membarrier can be very expensive, causing overall slowdowns for everything. So put a lock on the path in order to serialize
- affected < 5.3.18-150200.24.188.1fixed 5.3.18-150200.24.188.1
In the Linux kernel, the following vulnerability has been resolved: phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP If the external phy working together with phy-omap-usb2 does not implement send_srp(), we may still attempt to call it. This can happen on an idle Et
- affected < 5.3.18-150200.24.188.1fixed 5.3.18-150200.24.188.1
In the Linux kernel, the following vulnerability has been resolved: drm/radeon: check the alloc_workqueue return value in radeon_crtc_init() check the alloc_workqueue return value in radeon_crtc_init() to avoid null-ptr-deref.
- affected < 5.3.18-150200.24.188.1fixed 5.3.18-150200.24.188.1
In the Linux kernel, the following vulnerability has been resolved: drivers/amd/pm: fix a use-after-free in kv_parse_power_table When ps allocated by kzalloc equals to NULL, kv_parse_power_table frees adev->pm.dpm.ps that allocated before. However, after the control flow goes t
- affected < 5.3.18-150200.24.188.1fixed 5.3.18-150200.24.188.1
In the Linux kernel, the following vulnerability has been resolved: moxart: fix potential use-after-free on remove path It was reported that the mmc host structure could be accessed after it was freed in moxart_remove(), so fix this by saving the base register of the device and
- affected < 5.3.18-150200.24.183.1fixed 5.3.18-150200.24.183.1
In the Linux kernel, the following vulnerability has been resolved: net: hso: fix NULL-deref on disconnect regression Commit 8a12f8836145 ("net: hso: fix null-ptr-deref during tty device unregistration") fixed the racy minor allocation reported by syzbot, but introduced an unco
- affected < 5.3.18-150200.24.183.1fixed 5.3.18-150200.24.183.1
In the Linux kernel, the following vulnerability has been resolved: net: hso: fix null-ptr-deref during tty device unregistration Multiple ttys try to claim the same the minor number causing a double unregistration of the same device. The first unregistration succeeds but the n
- affected < 5.3.18-150200.24.183.1fixed 5.3.18-150200.24.183.1
In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix NULL pointer dereference in error path When calling mlxsw_sp_acl_tcam_region_destroy() from an error path after failing to attach the region to an ACL group, we hit a NULL pointer
- affected < 5.3.18-150200.24.183.1fixed 5.3.18-150200.24.183.1
In the Linux kernel, the following vulnerability has been resolved: efivarfs: force RO when remounting if SetVariable is not supported If SetVariable at runtime is not supported by the firmware we never assign a callback for that function. At the same time mount the efivarfs as
- affected < 5.3.18-150200.24.188.1fixed 5.3.18-150200.24.188.1
In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length If the host sends an H2CData command with an invalid DATAL, the kernel may crash in nvmet_tcp_build_pdu_iovec(). Unable to handle kernel
- affected < 5.3.18-150200.24.183.1fixed 5.3.18-150200.24.183.1
In the Linux kernel, the following vulnerability has been resolved: i2c: i801: Fix block process call transactions According to the Intel datasheets, software must reset the block buffer index twice for block process call transactions: once before writing the outgoing data to t
- affected < 5.3.18-150200.24.183.1fixed 5.3.18-150200.24.183.1
In the Linux kernel, the following vulnerability has been resolved: bpf: Reject variable offset alu on PTR_TO_FLOW_KEYS For PTR_TO_FLOW_KEYS, check_flow_keys_access() only uses fixed off for validation. However, variable offset ptr alu is not prohibited for this ptr kind. So th
- affected < 5.3.18-150200.24.183.1fixed 5.3.18-150200.24.183.1
In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix stack corruption When tc filters are first added to a net device, the corresponding local port gets bound to an ACL group in the device. The group contains a list of ACLs. In turn,
Page 21 of 50