rpm package
suse/kernel-default&distro=SUSE Linux Enterprise Live Patching 15 SP4
pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP4
Vulnerabilities (2,888)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-47470 | Hig | 7.8 | < 5.14.21-150400.24.122.2 | 5.14.21-150400.24.122.2 | May 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: mm, slub: fix potential use-after-free in slab_debugfs_fops When sysfs_slab_add failed, we shouldn't call debugfs_slab_add() for s because s will be freed soon. And slab_debugfs_fops will use s later leading t | |
| CVE-2021-47468 | Med | 5.5 | < 5.14.21-150400.24.122.2 | 5.14.21-150400.24.122.2 | May 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: isdn: mISDN: Fix sleeping function called from invalid context The driver can call card->isac.release() function from an atomic context. Fix this by calling this function after releasing the lock. The followi | |
| CVE-2021-47467 | Med | 5.3 | < 5.14.21-150400.24.122.2 | 5.14.21-150400.24.122.2 | May 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: kunit: fix reference count leak in kfree_at_end The reference counting issue happens in the normal path of kfree_at_end(). When kunit_alloc_and_get_resource() is invoked, the function forgets to handle the retu | |
| CVE-2021-47466 | Med | 5.5 | < 5.14.21-150400.24.122.2 | 5.14.21-150400.24.122.2 | May 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: mm, slub: fix potential memoryleak in kmem_cache_open() In error path, the random_seq of slub cache might be leaked. Fix this by using __kmem_cache_release() to release all the relevant resources. | |
| CVE-2021-47465 | Med | 5.5 | < 5.14.21-150400.24.122.2 | 5.14.21-150400.24.122.2 | May 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: KVM: PPC: Book3S HV: Fix stack handling in idle_kvm_start_guest() In commit 10d91611f426 ("powerpc/64s: Reimplement book3s idle code in C") kvm_start_guest() became idle_kvm_start_guest(). The old code allocate | |
| CVE-2021-47464 | Hig | 7.4 | < 5.14.21-150400.24.122.2 | 5.14.21-150400.24.122.2 | May 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: audit: fix possible null-pointer dereference in audit_filter_rules Fix possible null-pointer dereference in audit_filter_rules. audit_filter_rules() error: we previously assumed 'ctx' could be null | |
| CVE-2021-47463 | Med | 5.5 | < 5.14.21-150400.24.122.2 | 5.14.21-150400.24.122.2 | May 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: mm/secretmem: fix NULL page->mapping dereference in page_is_secretmem() Check for a NULL page->mapping before dereferencing the mapping in page_is_secretmem(), as the page's mapping can be nullified while gup() | |
| CVE-2021-47462 | Med | 5.5 | < 5.14.21-150400.24.122.2 | 5.14.21-150400.24.122.2 | May 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: mm/mempolicy: do not allow illegal MPOL_F_NUMA_BALANCING | MPOL_LOCAL in mbind() syzbot reported access to unitialized memory in mbind() [1] Issue came with commit bda420b98505 ("numa balancing: migrate on fau | |
| CVE-2021-47461 | Med | 4.7 | < 5.14.21-150400.24.122.2 | 5.14.21-150400.24.122.2 | May 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: userfaultfd: fix a race between writeprotect and exit_mmap() A race is possible when a process exits, its VMAs are removed by exit_mmap() and at the same time userfaultfd_writeprotect() is called. The race was | |
| CVE-2021-47460 | Med | 5.5 | < 5.14.21-150400.24.122.2 | 5.14.21-150400.24.122.2 | May 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix data corruption after conversion from inline format Commit 6dbf7bb55598 ("fs: Don't invalidate page buffers in block_write_full_page()") uncovered a latent bug in ocfs2 conversion from inline inode f | |
| CVE-2021-47459 | Hig | 7.8 | < 5.14.21-150400.24.122.2 | 5.14.21-150400.24.122.2 | May 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: can: j1939: j1939_netdev_start(): fix UAF for rx_kref of j1939_priv It will trigger UAF for rx_kref of j1939_priv as following. cpu0 cpu1 j1939_sk_bind(socket0, ndev0 | |
| CVE-2021-47458 | Hig | 7.8 | < 5.14.21-150400.24.122.2 | 5.14.21-150400.24.122.2 | May 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: ocfs2: mount fails with buffer overflow in strlen Starting with kernel 5.11 built with CONFIG_FORTIFY_SOURCE mouting an ocfs2 filesystem with either o2cb or pcmk cluster stack fails with the trace below. Probl | |
| CVE-2021-47457 | Med | 5.5 | < 5.14.21-150400.24.122.2 | 5.14.21-150400.24.122.2 | May 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: can: isotp: isotp_sendmsg(): add result check for wait_event_interruptible() Using wait_event_interruptible() to wait for complete transmission, but do not check the result of wait_event_interruptible() which c | |
| CVE-2021-47456 | Hig | 8.4 | < 5.14.21-150400.24.122.2 | 5.14.21-150400.24.122.2 | May 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: can: peak_pci: peak_pci_remove(): fix UAF When remove the module peek_pci, referencing 'chan' again after releasing 'dev' will cause UAF. Fix this by releasing 'dev' later. The following log reveals it: [ | |
| CVE-2021-47455 | Med | 5.5 | < 5.14.21-150400.24.122.2 | 5.14.21-150400.24.122.2 | May 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: ptp: Fix possible memory leak in ptp_clock_register() I got memory leak as follows when doing fault injection test: unreferenced object 0xffff88800906c618 (size 8): comm "i2c-idt82p33931", pid 4421, jiffies | |
| CVE-2021-47454 | Med | 5.5 | < 5.14.21-150400.24.122.2 | 5.14.21-150400.24.122.2 | May 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: powerpc/smp: do not decrement idle task preempt count in CPU offline With PREEMPT_COUNT=y, when a CPU is offlined and then onlined again, we get: BUG: scheduling while atomic: swapper/1/0/0x00000000 no locks h | |
| CVE-2021-47453 | Med | 5.5 | < 5.14.21-150400.24.122.2 | 5.14.21-150400.24.122.2 | May 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: ice: Avoid crash from unnecessary IDA free In the remove path, there is an attempt to free the aux_idx IDA whether it was allocated or not. This can potentially cause a crash when unloading the driver on syste | |
| CVE-2021-47452 | Med | 5.5 | < 5.14.21-150400.24.122.2 | 5.14.21-150400.24.122.2 | May 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: skip netdev events generated on netns removal syzbot reported following (harmless) WARN: WARNING: CPU: 1 PID: 2648 at net/netfilter/core.c:468 nft_netdev_unregister_hooks net/netfilter | |
| CVE-2021-47451 | Med | 5.5 | < 5.14.21-150400.24.122.2 | 5.14.21-150400.24.122.2 | May 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: netfilter: xt_IDLETIMER: fix panic that occurs when timer_type has garbage value Currently, when the rule related to IDLETIMER is added, idletimer_tg timer structure is initialized by kmalloc on executing idlet | |
| CVE-2021-47450 | Med | 5.5 | < 5.14.21-150400.24.122.2 | 5.14.21-150400.24.122.2 | May 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Fix host stage-2 PGD refcount The KVM page-table library refcounts the pages of concatenated stage-2 PGDs individually. However, when running KVM in protected mode, the host's stage-2 PGD is current |
- affected < 5.14.21-150400.24.122.2fixed 5.14.21-150400.24.122.2
In the Linux kernel, the following vulnerability has been resolved: mm, slub: fix potential use-after-free in slab_debugfs_fops When sysfs_slab_add failed, we shouldn't call debugfs_slab_add() for s because s will be freed soon. And slab_debugfs_fops will use s later leading t
- affected < 5.14.21-150400.24.122.2fixed 5.14.21-150400.24.122.2
In the Linux kernel, the following vulnerability has been resolved: isdn: mISDN: Fix sleeping function called from invalid context The driver can call card->isac.release() function from an atomic context. Fix this by calling this function after releasing the lock. The followi
- affected < 5.14.21-150400.24.122.2fixed 5.14.21-150400.24.122.2
In the Linux kernel, the following vulnerability has been resolved: kunit: fix reference count leak in kfree_at_end The reference counting issue happens in the normal path of kfree_at_end(). When kunit_alloc_and_get_resource() is invoked, the function forgets to handle the retu
- affected < 5.14.21-150400.24.122.2fixed 5.14.21-150400.24.122.2
In the Linux kernel, the following vulnerability has been resolved: mm, slub: fix potential memoryleak in kmem_cache_open() In error path, the random_seq of slub cache might be leaked. Fix this by using __kmem_cache_release() to release all the relevant resources.
- affected < 5.14.21-150400.24.122.2fixed 5.14.21-150400.24.122.2
In the Linux kernel, the following vulnerability has been resolved: KVM: PPC: Book3S HV: Fix stack handling in idle_kvm_start_guest() In commit 10d91611f426 ("powerpc/64s: Reimplement book3s idle code in C") kvm_start_guest() became idle_kvm_start_guest(). The old code allocate
- affected < 5.14.21-150400.24.122.2fixed 5.14.21-150400.24.122.2
In the Linux kernel, the following vulnerability has been resolved: audit: fix possible null-pointer dereference in audit_filter_rules Fix possible null-pointer dereference in audit_filter_rules. audit_filter_rules() error: we previously assumed 'ctx' could be null
- affected < 5.14.21-150400.24.122.2fixed 5.14.21-150400.24.122.2
In the Linux kernel, the following vulnerability has been resolved: mm/secretmem: fix NULL page->mapping dereference in page_is_secretmem() Check for a NULL page->mapping before dereferencing the mapping in page_is_secretmem(), as the page's mapping can be nullified while gup()
- affected < 5.14.21-150400.24.122.2fixed 5.14.21-150400.24.122.2
In the Linux kernel, the following vulnerability has been resolved: mm/mempolicy: do not allow illegal MPOL_F_NUMA_BALANCING | MPOL_LOCAL in mbind() syzbot reported access to unitialized memory in mbind() [1] Issue came with commit bda420b98505 ("numa balancing: migrate on fau
- affected < 5.14.21-150400.24.122.2fixed 5.14.21-150400.24.122.2
In the Linux kernel, the following vulnerability has been resolved: userfaultfd: fix a race between writeprotect and exit_mmap() A race is possible when a process exits, its VMAs are removed by exit_mmap() and at the same time userfaultfd_writeprotect() is called. The race was
- affected < 5.14.21-150400.24.122.2fixed 5.14.21-150400.24.122.2
In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix data corruption after conversion from inline format Commit 6dbf7bb55598 ("fs: Don't invalidate page buffers in block_write_full_page()") uncovered a latent bug in ocfs2 conversion from inline inode f
- affected < 5.14.21-150400.24.122.2fixed 5.14.21-150400.24.122.2
In the Linux kernel, the following vulnerability has been resolved: can: j1939: j1939_netdev_start(): fix UAF for rx_kref of j1939_priv It will trigger UAF for rx_kref of j1939_priv as following. cpu0 cpu1 j1939_sk_bind(socket0, ndev0
- affected < 5.14.21-150400.24.122.2fixed 5.14.21-150400.24.122.2
In the Linux kernel, the following vulnerability has been resolved: ocfs2: mount fails with buffer overflow in strlen Starting with kernel 5.11 built with CONFIG_FORTIFY_SOURCE mouting an ocfs2 filesystem with either o2cb or pcmk cluster stack fails with the trace below. Probl
- affected < 5.14.21-150400.24.122.2fixed 5.14.21-150400.24.122.2
In the Linux kernel, the following vulnerability has been resolved: can: isotp: isotp_sendmsg(): add result check for wait_event_interruptible() Using wait_event_interruptible() to wait for complete transmission, but do not check the result of wait_event_interruptible() which c
- affected < 5.14.21-150400.24.122.2fixed 5.14.21-150400.24.122.2
In the Linux kernel, the following vulnerability has been resolved: can: peak_pci: peak_pci_remove(): fix UAF When remove the module peek_pci, referencing 'chan' again after releasing 'dev' will cause UAF. Fix this by releasing 'dev' later. The following log reveals it: [
- affected < 5.14.21-150400.24.122.2fixed 5.14.21-150400.24.122.2
In the Linux kernel, the following vulnerability has been resolved: ptp: Fix possible memory leak in ptp_clock_register() I got memory leak as follows when doing fault injection test: unreferenced object 0xffff88800906c618 (size 8): comm "i2c-idt82p33931", pid 4421, jiffies
- affected < 5.14.21-150400.24.122.2fixed 5.14.21-150400.24.122.2
In the Linux kernel, the following vulnerability has been resolved: powerpc/smp: do not decrement idle task preempt count in CPU offline With PREEMPT_COUNT=y, when a CPU is offlined and then onlined again, we get: BUG: scheduling while atomic: swapper/1/0/0x00000000 no locks h
- affected < 5.14.21-150400.24.122.2fixed 5.14.21-150400.24.122.2
In the Linux kernel, the following vulnerability has been resolved: ice: Avoid crash from unnecessary IDA free In the remove path, there is an attempt to free the aux_idx IDA whether it was allocated or not. This can potentially cause a crash when unloading the driver on syste
- affected < 5.14.21-150400.24.122.2fixed 5.14.21-150400.24.122.2
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: skip netdev events generated on netns removal syzbot reported following (harmless) WARN: WARNING: CPU: 1 PID: 2648 at net/netfilter/core.c:468 nft_netdev_unregister_hooks net/netfilter
- affected < 5.14.21-150400.24.122.2fixed 5.14.21-150400.24.122.2
In the Linux kernel, the following vulnerability has been resolved: netfilter: xt_IDLETIMER: fix panic that occurs when timer_type has garbage value Currently, when the rule related to IDLETIMER is added, idletimer_tg timer structure is initialized by kmalloc on executing idlet
- affected < 5.14.21-150400.24.122.2fixed 5.14.21-150400.24.122.2
In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Fix host stage-2 PGD refcount The KVM page-table library refcounts the pages of concatenated stage-2 PGDs individually. However, when running KVM in protected mode, the host's stage-2 PGD is current
Page 105 of 145