suse/kernel-default&distro=SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS

Vulnerabilities (2,318)

• CVE-2022-49058Feb 26, 2025
  affected < 5.14.21-150500.55.100.1fixed 5.14.21-150500.55.100.1

  In the Linux kernel, the following vulnerability has been resolved: cifs: potential buffer overflow in handling symlinks Smatch printed a warning: arch/x86/crypto/poly1305_glue.c:198 poly1305_update_arch() error: __memcpy() 'dctx->buf' too small (16 vs u32max) It's caused be

• CVE-2022-49057Feb 26, 2025
  affected < 5.14.21-150500.55.100.1fixed 5.14.21-150500.55.100.1

  In the Linux kernel, the following vulnerability has been resolved: block: null_blk: end timed out poll request When poll request is timed out, it is removed from the poll list, but not completed, so the request is leaked, and never get chance to complete. Fix the issue by end

• CVE-2022-49055Feb 26, 2025
  affected < 5.14.21-150500.55.100.1fixed 5.14.21-150500.55.100.1

  In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Check for potential null return of kmalloc_array() As the kmalloc_array() may return null, the 'event_waiters[i].wait' would lead to null-pointer dereference. Therefore, it is better to check the re

• CVE-2022-49054Feb 26, 2025
  affected < 5.14.21-150500.55.100.1fixed 5.14.21-150500.55.100.1

  In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Deactivate sysctl_record_panic_msg by default in isolated guests hv_panic_page might contain guest-sensitive information, do not dump it over to Hyper-V by default in isolated guests. While

• CVE-2022-49053Feb 26, 2025
  affected < 5.14.21-150500.55.100.1fixed 5.14.21-150500.55.100.1

  In the Linux kernel, the following vulnerability has been resolved: scsi: target: tcmu: Fix possible page UAF tcmu_try_get_data_page() looks up pages under cmdr_lock, but it does not take refcount properly and just returns page pointer. When tcmu_try_get_data_page() returns, th

• CVE-2022-49051Feb 26, 2025
  affected < 5.14.21-150500.55.100.1fixed 5.14.21-150500.55.100.1

  In the Linux kernel, the following vulnerability has been resolved: net: usb: aqc111: Fix out-of-bounds accesses in RX fixup aqc111_rx_fixup() contains several out-of-bounds accesses that can be triggered by a malicious (or defective) USB device, in particular: - The metadata

• CVE-2022-49050Feb 26, 2025
  affected < 5.14.21-150500.55.100.1fixed 5.14.21-150500.55.100.1

  In the Linux kernel, the following vulnerability has been resolved: memory: renesas-rpc-if: fix platform-device leak in error path Make sure to free the flash platform device in the event that registration fails during probe.

• CVE-2022-49044Feb 26, 2025
  affected < 5.14.21-150500.55.100.1fixed 5.14.21-150500.55.100.1

  In the Linux kernel, the following vulnerability has been resolved: dm integrity: fix memory corruption when tag_size is less than digest size It is possible to set up dm-integrity in such a way that the "tag_size" parameter is less than the actual digest size. In this situatio

• CVE-2021-47657Feb 26, 2025
  affected < 5.14.21-150500.55.100.1fixed 5.14.21-150500.55.100.1

  In the Linux kernel, the following vulnerability has been resolved: drm/virtio: Ensure that objs is not NULL in virtio_gpu_array_put_free() If virtio_gpu_object_shmem_init() fails (e.g. due to fault injection, as it happened in the bug report by syzbot), virtio_gpu_array_put_fr

• CVE-2021-47656Feb 26, 2025
  affected < 5.14.21-150500.55.100.1fixed 5.14.21-150500.55.100.1

  In the Linux kernel, the following vulnerability has been resolved: jffs2: fix use-after-free in jffs2_clear_xattr_subsystem When we mount a jffs2 image, assume that the first few blocks of the image are normal and contain at least one xattr-related inode, but the next block is

• CVE-2021-47654Feb 26, 2025
  affected < 5.14.21-150500.55.100.1fixed 5.14.21-150500.55.100.1

  In the Linux kernel, the following vulnerability has been resolved: samples/landlock: Fix path_list memory leak Clang static analysis reports this error sandboxer.c:134:8: warning: Potential leak of memory pointed to by 'path_list' ret = 0; ^ path_list

• CVE-2021-47653Feb 26, 2025
  affected < 5.14.21-150500.55.100.1fixed 5.14.21-150500.55.100.1

  In the Linux kernel, the following vulnerability has been resolved: media: davinci: vpif: fix use-after-free on driver unbind The driver allocates and registers two platform device structures during probe, but the devices were never deregistered on driver unbind. This results

• CVE-2021-47652Feb 26, 2025
  affected < 5.14.21-150500.55.100.1fixed 5.14.21-150500.55.100.1

  In the Linux kernel, the following vulnerability has been resolved: video: fbdev: smscufx: Fix null-ptr-deref in ufx_usb_probe() I got a null-ptr-deref report: BUG: kernel NULL pointer dereference, address: 0000000000000000 ... RIP: 0010:fb_destroy_modelist+0x38/0x100 ... Call

• CVE-2021-47651Feb 26, 2025
  affected < 5.14.21-150500.55.100.1fixed 5.14.21-150500.55.100.1

  In the Linux kernel, the following vulnerability has been resolved: soc: qcom: rpmpd: Check for null return of devm_kcalloc Because of the possible failure of the allocation, data->domains might be NULL pointer and will cause the dereference of the NULL pointer later. Therefore

• CVE-2021-47650Feb 26, 2025
  affected < 5.14.21-150500.55.100.1fixed 5.14.21-150500.55.100.1

  In the Linux kernel, the following vulnerability has been resolved: ASoC: soc-compress: prevent the potentially use of null pointer There is one call trace that snd_soc_register_card() ->snd_soc_bind_card()->soc_init_pcm_runtime() ->snd_soc_dai_compress_new()->snd_soc_new_compr

• CVE-2021-47649Feb 26, 2025
  affected < 5.14.21-150500.55.100.1fixed 5.14.21-150500.55.100.1

  In the Linux kernel, the following vulnerability has been resolved: udmabuf: validate ubuf->pagecount Syzbot has reported GPF in sg_alloc_append_table_from_pages(). The problem was in ubuf->pages == ZERO_PTR. ubuf->pagecount is calculated from arguments passed from user-space.

• CVE-2021-47648Feb 26, 2025
  affected < 5.14.21-150500.55.100.1fixed 5.14.21-150500.55.100.1

  In the Linux kernel, the following vulnerability has been resolved: gpu: host1x: Fix a memory leak in 'host1x_remove()' Add a missing 'host1x_channel_list_free()' call in the remove function, as already done in the error handling path of the probe function.

• CVE-2021-47647Feb 26, 2025
  affected < 5.14.21-150500.55.100.1fixed 5.14.21-150500.55.100.1

  In the Linux kernel, the following vulnerability has been resolved: clk: qcom: ipq8074: fix PCI-E clock oops Fix PCI-E clock related kernel oops that are caused by a missing clock parent. pcie0_rchng_clk_src has num_parents set to 2 but only one parent is actually set via pare

• CVE-2021-47646Feb 26, 2025
  affected < 5.14.21-150500.55.100.1fixed 5.14.21-150500.55.100.1

  In the Linux kernel, the following vulnerability has been resolved: Revert "Revert "block, bfq: honor already-setup queue merges"" A crash [1] happened to be triggered in conjunction with commit 2d52c58b9c9b ("block, bfq: honor already-setup queue merges"). The latter was then

• CVE-2021-47645Feb 26, 2025
  affected < 5.14.21-150500.55.100.1fixed 5.14.21-150500.55.100.1

  In the Linux kernel, the following vulnerability has been resolved: media: staging: media: zoran: calculate the right buffer number for zoran_reap_stat_com On the case tmp_dcim=1, the index of buffer is miscalculated. This generate a NULL pointer dereference later. So let's fi