rpm package
suse/kernel-default&distro=SUSE Linux Enterprise High Availability Extension 15 SP6
pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP6
Vulnerabilities (4,170)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-52870 | — | < 6.4.0-150600.23.14.2 | 6.4.0-150600.23.14.2 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: clk-mt6765: Add check for mtk_alloc_clk_data Add the check for the return value of mtk_alloc_clk_data() in order to avoid NULL pointer dereference. | ||
| CVE-2023-52869 | — | < 6.4.0-150600.23.14.2 | 6.4.0-150600.23.14.2 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: pstore/platform: Add check for kstrdup Add check for the return value of kstrdup() and return the error if it fails in order to avoid NULL pointer dereference. | ||
| CVE-2023-52868 | — | < 6.4.0-150600.23.14.2 | 6.4.0-150600.23.14.2 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: thermal: core: prevent potential string overflow The dev->id value comes from ida_alloc() so it's a number between zero and INT_MAX. If it's too high then these sprintf()s will overflow. | ||
| CVE-2023-52867 | — | < 6.4.0-150600.23.14.2 | 6.4.0-150600.23.14.2 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/radeon: possible buffer overflow Buffer 'afmt_status' of size 6 could overflow, since index 'afmt_idx' is checked after access. | ||
| CVE-2023-52866 | — | < 6.4.0-150600.23.14.2 | 6.4.0-150600.23.14.2 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: HID: uclogic: Fix user-memory-access bug in uclogic_params_ugee_v2_init_event_hooks() When CONFIG_HID_UCLOGIC=y and CONFIG_KUNIT_ALL_TESTS=y, launch kernel and then the below user-memory-access bug occurs. In | ||
| CVE-2023-52865 | — | < 6.4.0-150600.23.14.2 | 6.4.0-150600.23.14.2 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: clk-mt6797: Add check for mtk_alloc_clk_data Add the check for the return value of mtk_alloc_clk_data() in order to avoid NULL pointer dereference. | ||
| CVE-2023-52864 | — | < 6.4.0-150600.23.14.2 | 6.4.0-150600.23.14.2 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: platform/x86: wmi: Fix opening of char device Since commit fa1f68db6ca7 ("drivers: misc: pass miscdevice pointer via file private data"), the miscdevice stores a pointer to itself inside filp->private_data, whi | ||
| CVE-2023-52863 | — | < 6.4.0-150600.23.14.2 | 6.4.0-150600.23.14.2 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: hwmon: (axi-fan-control) Fix possible NULL pointer dereference axi_fan_control_irq_handler(), dependent on the private axi_fan_control_data structure, might be called before the hwmon device is registered. That | ||
| CVE-2023-52862 | — | < 6.4.0-150600.23.14.2 | 6.4.0-150600.23.14.2 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix null pointer dereference in error message This patch fixes a null pointer dereference in the error message that is printed when the Display Core (DC) fails to initialize. The original messa | ||
| CVE-2023-52861 | — | < 6.4.0-150600.23.14.2 | 6.4.0-150600.23.14.2 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm: bridge: it66121: Fix invalid connector dereference Fix the NULL pointer dereference when no monitor is connected, and the sound card is opened from userspace. Instead return an empty buffer (of zeroes) as | ||
| CVE-2023-52860 | — | < 6.4.0-150600.23.7.3 | 6.4.0-150600.23.7.3 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: drivers/perf: hisi: use cpuhp_state_remove_instance_nocalls() for hisi_hns3_pmu uninit process When tearing down a 'hisi_hns3' PMU, we mistakenly run the CPU hotplug callbacks after the device has been unregist | ||
| CVE-2023-52859 | — | < 6.4.0-150600.23.22.1 | 6.4.0-150600.23.22.1 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: perf: hisi: Fix use-after-free when register pmu fails When we fail to register the uncore pmu, the pmu context may not been allocated. The error handing will call cpuhp_state_remove_instance() to call uncore p | ||
| CVE-2023-52858 | — | < 6.4.0-150600.23.14.2 | 6.4.0-150600.23.14.2 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: clk-mt7629: Add check for mtk_alloc_clk_data Add the check for the return value of mtk_alloc_clk_data() in order to avoid NULL pointer dereference. | ||
| CVE-2023-52857 | — | < 6.4.0-150600.23.14.2 | 6.4.0-150600.23.14.2 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Fix coverity issue with unintentional integer overflow 1. Instead of multiplying 2 variable of different types. Change to assign a value of one variable and then multiply the other variable. 2. A | ||
| CVE-2023-52856 | — | < 6.4.0-150600.23.14.2 | 6.4.0-150600.23.14.2 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/bridge: lt8912b: Fix crash on bridge detach The lt8912b driver, in its bridge detach function, calls drm_connector_unregister() and drm_connector_cleanup(). drm_connector_unregister() should be called only | ||
| CVE-2023-52855 | — | < 6.4.0-150600.23.14.2 | 6.4.0-150600.23.14.2 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: usb: dwc2: fix possible NULL pointer dereference caused by driver concurrency In _dwc2_hcd_urb_enqueue(), "urb->hcpriv = NULL" is executed without holding the lock "hsotg->lock". In _dwc2_hcd_urb_dequeue(): | ||
| CVE-2023-52854 | — | < 6.4.0-150600.23.14.2 | 6.4.0-150600.23.14.2 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: padata: Fix refcnt handling in padata_free_shell() In a high-load arm64 environment, the pcrypt_aead01 test in LTP can lead to system UAF (Use-After-Free) issues. Due to the lengthy analysis of the pcrypt_aead0 | ||
| CVE-2023-52853 | — | < 6.4.0-150600.23.14.2 | 6.4.0-150600.23.14.2 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: hid: cp2112: Fix duplicate workqueue initialization Previously the cp2112 driver called INIT_DELAYED_WORK within cp2112_gpio_irq_startup, resulting in duplicate initilizations of the workqueue on subsequent IRQ | ||
| CVE-2023-52851 | — | < 6.4.0-150600.23.14.2 | 6.4.0-150600.23.14.2 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: IB/mlx5: Fix init stage error handling to avoid double free of same QP and UAF In the unlikely event that workqueue allocation fails and returns NULL in mlx5_mkey_cache_init(), delete the call to mlx5r_umr_reso | ||
| CVE-2023-52850 | — | < 6.4.0-150600.23.14.2 | 6.4.0-150600.23.14.2 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: media: hantro: Check whether reset op is defined before use The i.MX8MM/N/P does not define the .reset op since reset of the VPU is done by genpd. Check whether the .reset op is defined before calling it to avo |
- CVE-2023-52870May 21, 2024affected < 6.4.0-150600.23.14.2fixed 6.4.0-150600.23.14.2
In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: clk-mt6765: Add check for mtk_alloc_clk_data Add the check for the return value of mtk_alloc_clk_data() in order to avoid NULL pointer dereference.
- CVE-2023-52869May 21, 2024affected < 6.4.0-150600.23.14.2fixed 6.4.0-150600.23.14.2
In the Linux kernel, the following vulnerability has been resolved: pstore/platform: Add check for kstrdup Add check for the return value of kstrdup() and return the error if it fails in order to avoid NULL pointer dereference.
- CVE-2023-52868May 21, 2024affected < 6.4.0-150600.23.14.2fixed 6.4.0-150600.23.14.2
In the Linux kernel, the following vulnerability has been resolved: thermal: core: prevent potential string overflow The dev->id value comes from ida_alloc() so it's a number between zero and INT_MAX. If it's too high then these sprintf()s will overflow.
- CVE-2023-52867May 21, 2024affected < 6.4.0-150600.23.14.2fixed 6.4.0-150600.23.14.2
In the Linux kernel, the following vulnerability has been resolved: drm/radeon: possible buffer overflow Buffer 'afmt_status' of size 6 could overflow, since index 'afmt_idx' is checked after access.
- CVE-2023-52866May 21, 2024affected < 6.4.0-150600.23.14.2fixed 6.4.0-150600.23.14.2
In the Linux kernel, the following vulnerability has been resolved: HID: uclogic: Fix user-memory-access bug in uclogic_params_ugee_v2_init_event_hooks() When CONFIG_HID_UCLOGIC=y and CONFIG_KUNIT_ALL_TESTS=y, launch kernel and then the below user-memory-access bug occurs. In
- CVE-2023-52865May 21, 2024affected < 6.4.0-150600.23.14.2fixed 6.4.0-150600.23.14.2
In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: clk-mt6797: Add check for mtk_alloc_clk_data Add the check for the return value of mtk_alloc_clk_data() in order to avoid NULL pointer dereference.
- CVE-2023-52864May 21, 2024affected < 6.4.0-150600.23.14.2fixed 6.4.0-150600.23.14.2
In the Linux kernel, the following vulnerability has been resolved: platform/x86: wmi: Fix opening of char device Since commit fa1f68db6ca7 ("drivers: misc: pass miscdevice pointer via file private data"), the miscdevice stores a pointer to itself inside filp->private_data, whi
- CVE-2023-52863May 21, 2024affected < 6.4.0-150600.23.14.2fixed 6.4.0-150600.23.14.2
In the Linux kernel, the following vulnerability has been resolved: hwmon: (axi-fan-control) Fix possible NULL pointer dereference axi_fan_control_irq_handler(), dependent on the private axi_fan_control_data structure, might be called before the hwmon device is registered. That
- CVE-2023-52862May 21, 2024affected < 6.4.0-150600.23.14.2fixed 6.4.0-150600.23.14.2
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix null pointer dereference in error message This patch fixes a null pointer dereference in the error message that is printed when the Display Core (DC) fails to initialize. The original messa
- CVE-2023-52861May 21, 2024affected < 6.4.0-150600.23.14.2fixed 6.4.0-150600.23.14.2
In the Linux kernel, the following vulnerability has been resolved: drm: bridge: it66121: Fix invalid connector dereference Fix the NULL pointer dereference when no monitor is connected, and the sound card is opened from userspace. Instead return an empty buffer (of zeroes) as
- CVE-2023-52860May 21, 2024affected < 6.4.0-150600.23.7.3fixed 6.4.0-150600.23.7.3
In the Linux kernel, the following vulnerability has been resolved: drivers/perf: hisi: use cpuhp_state_remove_instance_nocalls() for hisi_hns3_pmu uninit process When tearing down a 'hisi_hns3' PMU, we mistakenly run the CPU hotplug callbacks after the device has been unregist
- CVE-2023-52859May 21, 2024affected < 6.4.0-150600.23.22.1fixed 6.4.0-150600.23.22.1
In the Linux kernel, the following vulnerability has been resolved: perf: hisi: Fix use-after-free when register pmu fails When we fail to register the uncore pmu, the pmu context may not been allocated. The error handing will call cpuhp_state_remove_instance() to call uncore p
- CVE-2023-52858May 21, 2024affected < 6.4.0-150600.23.14.2fixed 6.4.0-150600.23.14.2
In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: clk-mt7629: Add check for mtk_alloc_clk_data Add the check for the return value of mtk_alloc_clk_data() in order to avoid NULL pointer dereference.
- CVE-2023-52857May 21, 2024affected < 6.4.0-150600.23.14.2fixed 6.4.0-150600.23.14.2
In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Fix coverity issue with unintentional integer overflow 1. Instead of multiplying 2 variable of different types. Change to assign a value of one variable and then multiply the other variable. 2. A
- CVE-2023-52856May 21, 2024affected < 6.4.0-150600.23.14.2fixed 6.4.0-150600.23.14.2
In the Linux kernel, the following vulnerability has been resolved: drm/bridge: lt8912b: Fix crash on bridge detach The lt8912b driver, in its bridge detach function, calls drm_connector_unregister() and drm_connector_cleanup(). drm_connector_unregister() should be called only
- CVE-2023-52855May 21, 2024affected < 6.4.0-150600.23.14.2fixed 6.4.0-150600.23.14.2
In the Linux kernel, the following vulnerability has been resolved: usb: dwc2: fix possible NULL pointer dereference caused by driver concurrency In _dwc2_hcd_urb_enqueue(), "urb->hcpriv = NULL" is executed without holding the lock "hsotg->lock". In _dwc2_hcd_urb_dequeue():
- CVE-2023-52854May 21, 2024affected < 6.4.0-150600.23.14.2fixed 6.4.0-150600.23.14.2
In the Linux kernel, the following vulnerability has been resolved: padata: Fix refcnt handling in padata_free_shell() In a high-load arm64 environment, the pcrypt_aead01 test in LTP can lead to system UAF (Use-After-Free) issues. Due to the lengthy analysis of the pcrypt_aead0
- CVE-2023-52853May 21, 2024affected < 6.4.0-150600.23.14.2fixed 6.4.0-150600.23.14.2
In the Linux kernel, the following vulnerability has been resolved: hid: cp2112: Fix duplicate workqueue initialization Previously the cp2112 driver called INIT_DELAYED_WORK within cp2112_gpio_irq_startup, resulting in duplicate initilizations of the workqueue on subsequent IRQ
- CVE-2023-52851May 21, 2024affected < 6.4.0-150600.23.14.2fixed 6.4.0-150600.23.14.2
In the Linux kernel, the following vulnerability has been resolved: IB/mlx5: Fix init stage error handling to avoid double free of same QP and UAF In the unlikely event that workqueue allocation fails and returns NULL in mlx5_mkey_cache_init(), delete the call to mlx5r_umr_reso
- CVE-2023-52850May 21, 2024affected < 6.4.0-150600.23.14.2fixed 6.4.0-150600.23.14.2
In the Linux kernel, the following vulnerability has been resolved: media: hantro: Check whether reset op is defined before use The i.MX8MM/N/P does not define the .reset op since reset of the VPU is done by genpd. Check whether the .reset op is defined before calling it to avo
Page 179 of 209