rpm package
suse/kernel-default&distro=SUSE Linux Enterprise Live Patching 12 SP5
pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012%20SP5
Vulnerabilities (3,305)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-43905 | — | < 4.12.14-122.228.1 | 4.12.14-122.228.1 | Aug 26, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Fix the null pointer dereference for vega10_hwmgr Check return value and conduct null pointer handling to avoid null pointer dereference. | ||
| CVE-2024-43900 | — | < 4.12.14-122.228.1 | 4.12.14-122.228.1 | Aug 26, 2024 | In the Linux kernel, the following vulnerability has been resolved: media: xc2028: avoid use-after-free in load_firmware_cb() syzkaller reported use-after-free in load_firmware_cb() [1]. The reason is because the module allocated a struct tuner in tuner_probe(), and then the mo | ||
| CVE-2024-43892 | — | < 4.12.14-122.228.1 | 4.12.14-122.228.1 | Aug 26, 2024 | In the Linux kernel, the following vulnerability has been resolved: memcg: protect concurrent access to mem_cgroup_idr Commit 73f576c04b94 ("mm: memcontrol: fix cgroup creation failure after many small jobs") decoupled the memcg IDs from the CSS ID space to fix the cgroup creat | ||
| CVE-2024-43884 | — | < 4.12.14-122.231.1 | 4.12.14-122.231.1 | Aug 26, 2024 | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Add error handling to pair_device() hci_conn_params_add() never checks for a NULL value and could lead to a NULL pointer dereference causing a crash. Fixed by adding error handling in the func | ||
| CVE-2024-43883 | — | < 4.12.14-122.228.1 | 4.12.14-122.228.1 | Aug 23, 2024 | In the Linux kernel, the following vulnerability has been resolved: usb: vhci-hcd: Do not drop references before new references are gained At a few places the driver carries stale pointers to references that can still be used. Make sure that does not happen. This strictly speak | ||
| CVE-2022-48938 | — | < 4.12.14-122.228.1 | 4.12.14-122.228.1 | Aug 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: CDC-NCM: avoid overflow in sanity checking A broken device may give an extreme offset like 0xFFF0 and a reasonable length for a fragment. In the sanity check as formulated now, this will create an integer overf | ||
| CVE-2022-48931 | — | < 4.12.14-122.228.1 | 4.12.14-122.228.1 | Aug 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: configfs: fix a race in configfs_{,un}register_subsystem() When configfs_register_subsystem() or configfs_unregister_subsystem() is executing link_group() or unlink_group(), it is possible that two processes ad | ||
| CVE-2022-48930 | — | < 4.12.14-122.228.1 | 4.12.14-122.228.1 | Aug 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: RDMA/ib_srp: Fix a deadlock Remove the flush_workqueue(system_long_wq) call since flushing system_long_wq is deadlock-prone and since that call is redundant with a preceding cancel_work_sync() | ||
| CVE-2022-48943 | — | < 4.12.14-122.231.1 | 4.12.14-122.231.1 | Aug 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: make apf token non-zero to fix bug In current async pagefault logic, when a page is ready, KVM relies on kvm_arch_can_dequeue_async_page_present() to determine whether to deliver a READY event to | ||
| CVE-2022-48925 | — | < 4.12.14-122.228.1 | 4.12.14-122.228.1 | Aug 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: RDMA/cma: Do not change route.addr.src_addr outside state checks If the state is not idle then resolve_prepare_src() should immediately fail and no change to global state should happen. However, it unconditiona | ||
| CVE-2022-48920 | — | < 4.12.14-122.228.1 | 4.12.14-122.228.1 | Aug 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: btrfs: get rid of warning on transaction commit when using flushoncommit When using the flushoncommit mount option, during almost every transaction commit we trigger a warning from __writeback_inodes_sb_nr(): | ||
| CVE-2022-48919 | — | < 4.12.14-122.228.1 | 4.12.14-122.228.1 | Aug 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: cifs: fix double free race when mount fails in cifs_get_root() When cifs_get_root() fails during cifs_smb3_do_mount() we call deactivate_locked_super() which eventually will call delayed_free() which will free | ||
| CVE-2022-48911 | — | < 4.12.14-122.231.1 | 4.12.14-122.231.1 | Aug 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_queue: fix possible use-after-free Eric Dumazet says: The sock_hold() side seems suspect, because there is no guarantee that sk_refcnt is not already 0. On failure, we cannot queue the packet | ||
| CVE-2022-48910 | — | < 4.12.14-122.228.1 | 4.12.14-122.228.1 | Aug 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: ipv6: ensure we call ipv6_mc_down() at most once There are two reasons for addrconf_notify() to be called with NETDEV_DOWN: either the network device is actually going down, or IPv6 was disabled on the int | ||
| CVE-2022-48905 | — | < 4.12.14-122.228.1 | 4.12.14-122.228.1 | Aug 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: ibmvnic: free reset-work-item when flushing Fix a tiny memory leak when flushing the reset work queue. | ||
| CVE-2023-52907 | — | < 4.12.14-122.228.1 | 4.12.14-122.228.1 | Aug 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: Wait for out_urb's completion in pn533_usb_send_frame() Fix a use-after-free that occurs in hcd when in_urb sent from pn533_usb_send_frame() is completed earlier than out_urb. Its callback frees the | ||
| CVE-2023-52901 | — | < 4.12.14-122.228.1 | 4.12.14-122.228.1 | Aug 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Check endpoint is valid before dereferencing it When the host controller is not responding, all URBs queued to all endpoints need to be killed. This can cause a kernel panic if we dereference an inva | ||
| CVE-2023-52898 | — | < 4.12.14-122.234.1 | 4.12.14-122.234.1 | Aug 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: xhci: Fix null pointer dereference when host dies Make sure xhci_free_dev() and xhci_kill_endpoint_urbs() do not race and cause null pointer dereference when host suddenly dies. Usb core may call xhci_free_dev | ||
| CVE-2023-52893 | — | < 4.12.14-122.228.1 | 4.12.14-122.228.1 | Aug 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: gsmi: fix null-deref in gsmi_get_variable We can get EFI variables without fetching the attribute, so we must allow for that in gsmi. commit 859748255b43 ("efi: pstore: Omit efivars caching EFI varstore access | ||
| CVE-2022-48899 | — | < 4.12.14-122.228.1 | 4.12.14-122.228.1 | Aug 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/virtio: Fix GEM handle creation UAF Userspace can guess the handle value and try to race GEM object creation with handle close, resulting in a use-after-free if we dereference the object after dropping the |
- CVE-2024-43905Aug 26, 2024affected < 4.12.14-122.228.1fixed 4.12.14-122.228.1
In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Fix the null pointer dereference for vega10_hwmgr Check return value and conduct null pointer handling to avoid null pointer dereference.
- CVE-2024-43900Aug 26, 2024affected < 4.12.14-122.228.1fixed 4.12.14-122.228.1
In the Linux kernel, the following vulnerability has been resolved: media: xc2028: avoid use-after-free in load_firmware_cb() syzkaller reported use-after-free in load_firmware_cb() [1]. The reason is because the module allocated a struct tuner in tuner_probe(), and then the mo
- CVE-2024-43892Aug 26, 2024affected < 4.12.14-122.228.1fixed 4.12.14-122.228.1
In the Linux kernel, the following vulnerability has been resolved: memcg: protect concurrent access to mem_cgroup_idr Commit 73f576c04b94 ("mm: memcontrol: fix cgroup creation failure after many small jobs") decoupled the memcg IDs from the CSS ID space to fix the cgroup creat
- CVE-2024-43884Aug 26, 2024affected < 4.12.14-122.231.1fixed 4.12.14-122.231.1
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Add error handling to pair_device() hci_conn_params_add() never checks for a NULL value and could lead to a NULL pointer dereference causing a crash. Fixed by adding error handling in the func
- CVE-2024-43883Aug 23, 2024affected < 4.12.14-122.228.1fixed 4.12.14-122.228.1
In the Linux kernel, the following vulnerability has been resolved: usb: vhci-hcd: Do not drop references before new references are gained At a few places the driver carries stale pointers to references that can still be used. Make sure that does not happen. This strictly speak
- CVE-2022-48938Aug 22, 2024affected < 4.12.14-122.228.1fixed 4.12.14-122.228.1
In the Linux kernel, the following vulnerability has been resolved: CDC-NCM: avoid overflow in sanity checking A broken device may give an extreme offset like 0xFFF0 and a reasonable length for a fragment. In the sanity check as formulated now, this will create an integer overf
- CVE-2022-48931Aug 22, 2024affected < 4.12.14-122.228.1fixed 4.12.14-122.228.1
In the Linux kernel, the following vulnerability has been resolved: configfs: fix a race in configfs_{,un}register_subsystem() When configfs_register_subsystem() or configfs_unregister_subsystem() is executing link_group() or unlink_group(), it is possible that two processes ad
- CVE-2022-48930Aug 22, 2024affected < 4.12.14-122.228.1fixed 4.12.14-122.228.1
In the Linux kernel, the following vulnerability has been resolved: RDMA/ib_srp: Fix a deadlock Remove the flush_workqueue(system_long_wq) call since flushing system_long_wq is deadlock-prone and since that call is redundant with a preceding cancel_work_sync()
- CVE-2022-48943Aug 22, 2024affected < 4.12.14-122.231.1fixed 4.12.14-122.231.1
In the Linux kernel, the following vulnerability has been resolved: KVM: x86/mmu: make apf token non-zero to fix bug In current async pagefault logic, when a page is ready, KVM relies on kvm_arch_can_dequeue_async_page_present() to determine whether to deliver a READY event to
- CVE-2022-48925Aug 22, 2024affected < 4.12.14-122.228.1fixed 4.12.14-122.228.1
In the Linux kernel, the following vulnerability has been resolved: RDMA/cma: Do not change route.addr.src_addr outside state checks If the state is not idle then resolve_prepare_src() should immediately fail and no change to global state should happen. However, it unconditiona
- CVE-2022-48920Aug 22, 2024affected < 4.12.14-122.228.1fixed 4.12.14-122.228.1
In the Linux kernel, the following vulnerability has been resolved: btrfs: get rid of warning on transaction commit when using flushoncommit When using the flushoncommit mount option, during almost every transaction commit we trigger a warning from __writeback_inodes_sb_nr():
- CVE-2022-48919Aug 22, 2024affected < 4.12.14-122.228.1fixed 4.12.14-122.228.1
In the Linux kernel, the following vulnerability has been resolved: cifs: fix double free race when mount fails in cifs_get_root() When cifs_get_root() fails during cifs_smb3_do_mount() we call deactivate_locked_super() which eventually will call delayed_free() which will free
- CVE-2022-48911Aug 22, 2024affected < 4.12.14-122.231.1fixed 4.12.14-122.231.1
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_queue: fix possible use-after-free Eric Dumazet says: The sock_hold() side seems suspect, because there is no guarantee that sk_refcnt is not already 0. On failure, we cannot queue the packet
- CVE-2022-48910Aug 22, 2024affected < 4.12.14-122.228.1fixed 4.12.14-122.228.1
In the Linux kernel, the following vulnerability has been resolved: net: ipv6: ensure we call ipv6_mc_down() at most once There are two reasons for addrconf_notify() to be called with NETDEV_DOWN: either the network device is actually going down, or IPv6 was disabled on the int
- CVE-2022-48905Aug 22, 2024affected < 4.12.14-122.228.1fixed 4.12.14-122.228.1
In the Linux kernel, the following vulnerability has been resolved: ibmvnic: free reset-work-item when flushing Fix a tiny memory leak when flushing the reset work queue.
- CVE-2023-52907Aug 21, 2024affected < 4.12.14-122.228.1fixed 4.12.14-122.228.1
In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: Wait for out_urb's completion in pn533_usb_send_frame() Fix a use-after-free that occurs in hcd when in_urb sent from pn533_usb_send_frame() is completed earlier than out_urb. Its callback frees the
- CVE-2023-52901Aug 21, 2024affected < 4.12.14-122.228.1fixed 4.12.14-122.228.1
In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Check endpoint is valid before dereferencing it When the host controller is not responding, all URBs queued to all endpoints need to be killed. This can cause a kernel panic if we dereference an inva
- CVE-2023-52898Aug 21, 2024affected < 4.12.14-122.234.1fixed 4.12.14-122.234.1
In the Linux kernel, the following vulnerability has been resolved: xhci: Fix null pointer dereference when host dies Make sure xhci_free_dev() and xhci_kill_endpoint_urbs() do not race and cause null pointer dereference when host suddenly dies. Usb core may call xhci_free_dev
- CVE-2023-52893Aug 21, 2024affected < 4.12.14-122.228.1fixed 4.12.14-122.228.1
In the Linux kernel, the following vulnerability has been resolved: gsmi: fix null-deref in gsmi_get_variable We can get EFI variables without fetching the attribute, so we must allow for that in gsmi. commit 859748255b43 ("efi: pstore: Omit efivars caching EFI varstore access
- CVE-2022-48899Aug 21, 2024affected < 4.12.14-122.228.1fixed 4.12.14-122.228.1
In the Linux kernel, the following vulnerability has been resolved: drm/virtio: Fix GEM handle creation UAF Userspace can guess the handle value and try to race GEM object creation with handle close, resulting in a use-after-free if we dereference the object after dropping the
Page 91 of 166