rpm package
suse/kernel-default&distro=SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSS
Vulnerabilities (812)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-48839 | — | < 5.3.18-150200.24.203.1 | 5.3.18-150200.24.203.1 | Jul 16, 2024 | In the Linux kernel, the following vulnerability has been resolved: net/packet: fix slab-out-of-bounds access in packet_recvmsg() syzbot found that when an AF_PACKET socket is using PACKET_COPY_THRESH and mmap operations, tpacket_rcv() is queueing skbs with garbage in skb->cb[] | ||
| CVE-2022-48821 | — | < 5.3.18-150200.24.200.1 | 5.3.18-150200.24.200.1 | Jul 16, 2024 | In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: avoid double fput() on failed usercopy If the copy back to userland fails for the FASTRPC_IOCTL_ALLOC_DMA_BUFF ioctl(), we shouldn't assume that 'buf->dmabuf' is still valid. In fact, dma_buf_fd( | ||
| CVE-2022-48805 | — | < 5.3.18-150200.24.203.1 | 5.3.18-150200.24.203.1 | Jul 16, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup ax88179_rx_fixup() contains several out-of-bounds accesses that can be triggered by a malicious (or defective) USB device, in particular: - The m | ||
| CVE-2022-48802 | — | < 5.3.18-150200.24.203.1 | 5.3.18-150200.24.203.1 | Jul 16, 2024 | In the Linux kernel, the following vulnerability has been resolved: fs/proc: task_mmu.c: don't read mapcount for migration entry The syzbot reported the below BUG: kernel BUG at include/linux/page-flags.h:785! invalid opcode: 0000 [#1] PREEMPT SMP KASAN CPU: 1 PID: 4392 | ||
| CVE-2022-48792 | — | < 5.3.18-150200.24.200.1 | 5.3.18-150200.24.200.1 | Jul 16, 2024 | In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fix use-after-free for aborted SSP/STP sas_task Currently a use-after-free may occur if a sas_task is aborted by the upper layer before we handle the I/O completion in mpi_ssp_completion() or mpi_ | ||
| CVE-2022-48791 | — | < 5.3.18-150200.24.203.1 | 5.3.18-150200.24.203.1 | Jul 16, 2024 | In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fix use-after-free for aborted TMF sas_task Currently a use-after-free may occur if a TMF sas_task is aborted before we handle the IO completion in mpi_ssp_completion(). The abort occurs due to ti | ||
| CVE-2023-52885 | — | < 5.3.18-150200.24.200.1 | 5.3.18-150200.24.200.1 | Jul 14, 2024 | In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix UAF in svc_tcp_listen_data_ready() After the listener svc_sock is freed, and before invoking svc_tcp_accept() for the established child sock, there is a window that the newsock retaining a freed lis | ||
| CVE-2024-40937 | — | < 5.3.18-150200.24.200.1 | 5.3.18-150200.24.200.1 | Jul 12, 2024 | In the Linux kernel, the following vulnerability has been resolved: gve: Clear napi->skb before dev_kfree_skb_any() gve_rx_free_skb incorrectly leaves napi->skb referencing an skb after it is freed with dev_kfree_skb_any(). This can result in a subsequent call to napi_get_frags | ||
| CVE-2024-39494 | — | < 5.3.18-150200.24.200.1 | 5.3.18-150200.24.200.1 | Jul 12, 2024 | In the Linux kernel, the following vulnerability has been resolved: ima: Fix use-after-free on a dentry's dname.name ->d_name.name can change on rename and the earlier value can be freed; there are conditions sufficient to stabilize it (->d_lock on dentry, ->d_lock on its paren | ||
| CVE-2023-52340 | — | < 5.3.18-150200.24.183.1 | 5.3.18-150200.24.183.1 | Jul 5, 2024 | The IPv6 implementation in the Linux kernel before 6.3 has a net/ipv6/route.c max_size threshold that can be consumed easily, e.g., leading to a denial of service (network is unreachable errors) when IPv6 packets are sent in a loop via a raw socket. | ||
| CVE-2021-4439 | — | < 5.3.18-150200.24.197.1 | 5.3.18-150200.24.197.1 | Jun 20, 2024 | In the Linux kernel, the following vulnerability has been resolved: isdn: cpai: check ctr->cnr to avoid array index out of bound The cmtp_add_connection() would add a cmtp session to a controller and run a kernel thread to process cmtp. __module_get(THIS_MODULE); session->ta | ||
| CVE-2022-48771 | — | < 5.3.18-150200.24.197.1 | 5.3.18-150200.24.197.1 | Jun 20, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix stale file descriptors on failed usercopy A failing usercopy of the fence_rep object will lead to a stale entry in the file descriptor table as put_unused_fd() won't release it. This enables use | ||
| CVE-2022-48760 | — | < 5.3.18-150200.24.197.1 | 5.3.18-150200.24.197.1 | Jun 20, 2024 | In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix hang in usb_kill_urb by adding memory barriers The syzbot fuzzer has identified a bug in which processes hang waiting for usb_kill_urb() to return. It turns out the issue is not unlinking the UR | ||
| CVE-2022-48711 | — | < 5.3.18-150200.24.197.1 | 5.3.18-150200.24.197.1 | Jun 20, 2024 | In the Linux kernel, the following vulnerability has been resolved: tipc: improve size validations for received domain records The function tipc_mon_rcv() allows a node to receive and process domain_record structs from peer nodes to track their views of the network topology. T | ||
| CVE-2021-47600 | — | < 5.3.18-150200.24.200.1 | 5.3.18-150200.24.200.1 | Jun 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: dm btree remove: fix use after free in rebalance_children() Move dm_tm_unlock() after dm_tm_dec(). | ||
| CVE-2021-47598 | — | < 5.3.18-150200.24.200.1 | 5.3.18-150200.24.200.1 | Jun 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: sch_cake: do not call cake_destroy() from cake_init() qdiscs are not supposed to call their own destroy() method from init(), because core stack already does that. syzbot was able to trigger use after free: D | ||
| CVE-2021-47589 | — | < 5.3.18-150200.24.209.1 | 5.3.18-150200.24.209.1 | Jun 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: igbvf: fix double free in `igbvf_probe` In `igbvf_probe`, if register_netdev() fails, the program will go to label err_hw_init, and then to label err_ioremap. In free_netdev() which is just below label err_iore | ||
| CVE-2021-47583 | — | < 5.3.18-150200.24.197.1 | 5.3.18-150200.24.197.1 | Jun 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: media: mxl111sf: change mutex_init() location Syzbot reported, that mxl111sf_ctrl_msg() uses uninitialized mutex. The problem was in wrong mutex_init() location. Previous mutex_init(&state->msg_lock) call was | ||
| CVE-2021-47580 | — | < 5.3.18-150200.24.200.1 | 5.3.18-150200.24.200.1 | Jun 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: scsi: scsi_debug: Fix type in min_t to avoid stack OOB Change min_t() to use type "u32" instead of type "int" to avoid stack out of bounds. With min_t() type "int" the values get sign extended and the larger va | ||
| CVE-2024-38560 | Hig | 7.1 | < 5.3.18-150200.24.197.1 | 5.3.18-150200.24.197.1 | Jun 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: scsi: bfa: Ensure the copied buf is NUL terminated Currently, we allocate a nbytes-sized kernel buffer and copy nbytes from userspace to that buffer. Later, we use sscanf on this buffer but we don't ensure that |
- CVE-2022-48839Jul 16, 2024affected < 5.3.18-150200.24.203.1fixed 5.3.18-150200.24.203.1
In the Linux kernel, the following vulnerability has been resolved: net/packet: fix slab-out-of-bounds access in packet_recvmsg() syzbot found that when an AF_PACKET socket is using PACKET_COPY_THRESH and mmap operations, tpacket_rcv() is queueing skbs with garbage in skb->cb[]
- CVE-2022-48821Jul 16, 2024affected < 5.3.18-150200.24.200.1fixed 5.3.18-150200.24.200.1
In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: avoid double fput() on failed usercopy If the copy back to userland fails for the FASTRPC_IOCTL_ALLOC_DMA_BUFF ioctl(), we shouldn't assume that 'buf->dmabuf' is still valid. In fact, dma_buf_fd(
- CVE-2022-48805Jul 16, 2024affected < 5.3.18-150200.24.203.1fixed 5.3.18-150200.24.203.1
In the Linux kernel, the following vulnerability has been resolved: net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup ax88179_rx_fixup() contains several out-of-bounds accesses that can be triggered by a malicious (or defective) USB device, in particular: - The m
- CVE-2022-48802Jul 16, 2024affected < 5.3.18-150200.24.203.1fixed 5.3.18-150200.24.203.1
In the Linux kernel, the following vulnerability has been resolved: fs/proc: task_mmu.c: don't read mapcount for migration entry The syzbot reported the below BUG: kernel BUG at include/linux/page-flags.h:785! invalid opcode: 0000 [#1] PREEMPT SMP KASAN CPU: 1 PID: 4392
- CVE-2022-48792Jul 16, 2024affected < 5.3.18-150200.24.200.1fixed 5.3.18-150200.24.200.1
In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fix use-after-free for aborted SSP/STP sas_task Currently a use-after-free may occur if a sas_task is aborted by the upper layer before we handle the I/O completion in mpi_ssp_completion() or mpi_
- CVE-2022-48791Jul 16, 2024affected < 5.3.18-150200.24.203.1fixed 5.3.18-150200.24.203.1
In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fix use-after-free for aborted TMF sas_task Currently a use-after-free may occur if a TMF sas_task is aborted before we handle the IO completion in mpi_ssp_completion(). The abort occurs due to ti
- CVE-2023-52885Jul 14, 2024affected < 5.3.18-150200.24.200.1fixed 5.3.18-150200.24.200.1
In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix UAF in svc_tcp_listen_data_ready() After the listener svc_sock is freed, and before invoking svc_tcp_accept() for the established child sock, there is a window that the newsock retaining a freed lis
- CVE-2024-40937Jul 12, 2024affected < 5.3.18-150200.24.200.1fixed 5.3.18-150200.24.200.1
In the Linux kernel, the following vulnerability has been resolved: gve: Clear napi->skb before dev_kfree_skb_any() gve_rx_free_skb incorrectly leaves napi->skb referencing an skb after it is freed with dev_kfree_skb_any(). This can result in a subsequent call to napi_get_frags
- CVE-2024-39494Jul 12, 2024affected < 5.3.18-150200.24.200.1fixed 5.3.18-150200.24.200.1
In the Linux kernel, the following vulnerability has been resolved: ima: Fix use-after-free on a dentry's dname.name ->d_name.name can change on rename and the earlier value can be freed; there are conditions sufficient to stabilize it (->d_lock on dentry, ->d_lock on its paren
- CVE-2023-52340Jul 5, 2024affected < 5.3.18-150200.24.183.1fixed 5.3.18-150200.24.183.1
The IPv6 implementation in the Linux kernel before 6.3 has a net/ipv6/route.c max_size threshold that can be consumed easily, e.g., leading to a denial of service (network is unreachable errors) when IPv6 packets are sent in a loop via a raw socket.
- CVE-2021-4439Jun 20, 2024affected < 5.3.18-150200.24.197.1fixed 5.3.18-150200.24.197.1
In the Linux kernel, the following vulnerability has been resolved: isdn: cpai: check ctr->cnr to avoid array index out of bound The cmtp_add_connection() would add a cmtp session to a controller and run a kernel thread to process cmtp. __module_get(THIS_MODULE); session->ta
- CVE-2022-48771Jun 20, 2024affected < 5.3.18-150200.24.197.1fixed 5.3.18-150200.24.197.1
In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix stale file descriptors on failed usercopy A failing usercopy of the fence_rep object will lead to a stale entry in the file descriptor table as put_unused_fd() won't release it. This enables use
- CVE-2022-48760Jun 20, 2024affected < 5.3.18-150200.24.197.1fixed 5.3.18-150200.24.197.1
In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix hang in usb_kill_urb by adding memory barriers The syzbot fuzzer has identified a bug in which processes hang waiting for usb_kill_urb() to return. It turns out the issue is not unlinking the UR
- CVE-2022-48711Jun 20, 2024affected < 5.3.18-150200.24.197.1fixed 5.3.18-150200.24.197.1
In the Linux kernel, the following vulnerability has been resolved: tipc: improve size validations for received domain records The function tipc_mon_rcv() allows a node to receive and process domain_record structs from peer nodes to track their views of the network topology. T
- CVE-2021-47600Jun 19, 2024affected < 5.3.18-150200.24.200.1fixed 5.3.18-150200.24.200.1
In the Linux kernel, the following vulnerability has been resolved: dm btree remove: fix use after free in rebalance_children() Move dm_tm_unlock() after dm_tm_dec().
- CVE-2021-47598Jun 19, 2024affected < 5.3.18-150200.24.200.1fixed 5.3.18-150200.24.200.1
In the Linux kernel, the following vulnerability has been resolved: sch_cake: do not call cake_destroy() from cake_init() qdiscs are not supposed to call their own destroy() method from init(), because core stack already does that. syzbot was able to trigger use after free: D
- CVE-2021-47589Jun 19, 2024affected < 5.3.18-150200.24.209.1fixed 5.3.18-150200.24.209.1
In the Linux kernel, the following vulnerability has been resolved: igbvf: fix double free in `igbvf_probe` In `igbvf_probe`, if register_netdev() fails, the program will go to label err_hw_init, and then to label err_ioremap. In free_netdev() which is just below label err_iore
- CVE-2021-47583Jun 19, 2024affected < 5.3.18-150200.24.197.1fixed 5.3.18-150200.24.197.1
In the Linux kernel, the following vulnerability has been resolved: media: mxl111sf: change mutex_init() location Syzbot reported, that mxl111sf_ctrl_msg() uses uninitialized mutex. The problem was in wrong mutex_init() location. Previous mutex_init(&state->msg_lock) call was
- CVE-2021-47580Jun 19, 2024affected < 5.3.18-150200.24.200.1fixed 5.3.18-150200.24.200.1
In the Linux kernel, the following vulnerability has been resolved: scsi: scsi_debug: Fix type in min_t to avoid stack OOB Change min_t() to use type "u32" instead of type "int" to avoid stack out of bounds. With min_t() type "int" the values get sign extended and the larger va
- affected < 5.3.18-150200.24.197.1fixed 5.3.18-150200.24.197.1
In the Linux kernel, the following vulnerability has been resolved: scsi: bfa: Ensure the copied buf is NUL terminated Currently, we allocate a nbytes-sized kernel buffer and copy nbytes from userspace to that buffer. Later, we use sscanf on this buffer but we don't ensure that
Page 5 of 41