rpm package
suse/kernel-default&distro=SUSE Linux Enterprise Live Patching 15 SP4
pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP4
Vulnerabilities (2,888)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-52875 | Med | 5.5 | < 5.14.21-150400.24.122.2 | 5.14.21-150400.24.122.2 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: clk-mt2701: Add check for mtk_alloc_clk_data Add the check for the return value of mtk_alloc_clk_data() in order to avoid NULL pointer dereference. | |
| CVE-2023-52873 | Med | 5.5 | < 5.14.21-150400.24.122.2 | 5.14.21-150400.24.122.2 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: clk-mt6779: Add check for mtk_alloc_clk_data Add the check for the return value of mtk_alloc_clk_data() in order to avoid NULL pointer dereference. | |
| CVE-2023-52872 | Med | 5.5 | < 5.14.21-150400.24.122.2 | 5.14.21-150400.24.122.2 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: tty: n_gsm: fix race condition in status line change on dead connections gsm_cleanup_mux() cleans up the gsm by closing all DLCIs, stopping all timers, removing the virtual tty devices and clearing the data que | |
| CVE-2023-52871 | Med | 5.5 | < 5.14.21-150400.24.122.2 | 5.14.21-150400.24.122.2 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: soc: qcom: llcc: Handle a second device without data corruption Usually there is only one llcc device. But if there were a second, even a failed probe call would modify the global drv_data pointer. So check if | |
| CVE-2023-52870 | Med | 4.1 | < 5.14.21-150400.24.122.2 | 5.14.21-150400.24.122.2 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: clk-mt6765: Add check for mtk_alloc_clk_data Add the check for the return value of mtk_alloc_clk_data() in order to avoid NULL pointer dereference. | |
| CVE-2023-52868 | Hig | 7.8 | < 5.14.21-150400.24.122.2 | 5.14.21-150400.24.122.2 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: thermal: core: prevent potential string overflow The dev->id value comes from ida_alloc() so it's a number between zero and INT_MAX. If it's too high then these sprintf()s will overflow. | |
| CVE-2023-52867 | Hig | 7.8 | < 5.14.21-150400.24.122.2 | 5.14.21-150400.24.122.2 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/radeon: possible buffer overflow Buffer 'afmt_status' of size 6 could overflow, since index 'afmt_idx' is checked after access. | |
| CVE-2023-52865 | Med | 5.5 | < 5.14.21-150400.24.122.2 | 5.14.21-150400.24.122.2 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: clk-mt6797: Add check for mtk_alloc_clk_data Add the check for the return value of mtk_alloc_clk_data() in order to avoid NULL pointer dereference. | |
| CVE-2023-52864 | Hig | 7.8 | < 5.14.21-150400.24.122.2 | 5.14.21-150400.24.122.2 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: platform/x86: wmi: Fix opening of char device Since commit fa1f68db6ca7 ("drivers: misc: pass miscdevice pointer via file private data"), the miscdevice stores a pointer to itself inside filp->private_data, whi | |
| CVE-2023-52858 | Med | 6.2 | < 5.14.21-150400.24.122.2 | 5.14.21-150400.24.122.2 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: clk-mt7629: Add check for mtk_alloc_clk_data Add the check for the return value of mtk_alloc_clk_data() in order to avoid NULL pointer dereference. | |
| CVE-2023-52856 | Med | 5.5 | < 5.14.21-150400.24.122.2 | 5.14.21-150400.24.122.2 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/bridge: lt8912b: Fix crash on bridge detach The lt8912b driver, in its bridge detach function, calls drm_connector_unregister() and drm_connector_cleanup(). drm_connector_unregister() should be called only | |
| CVE-2023-52855 | Med | 5.5 | < 5.14.21-150400.24.122.2 | 5.14.21-150400.24.122.2 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: usb: dwc2: fix possible NULL pointer dereference caused by driver concurrency In _dwc2_hcd_urb_enqueue(), "urb->hcpriv = NULL" is executed without holding the lock "hsotg->lock". In _dwc2_hcd_urb_dequeue(): | |
| CVE-2023-52854 | Hig | 7.8 | < 5.14.21-150400.24.122.2 | 5.14.21-150400.24.122.2 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: padata: Fix refcnt handling in padata_free_shell() In a high-load arm64 environment, the pcrypt_aead01 test in LTP can lead to system UAF (Use-After-Free) issues. Due to the lengthy analysis of the pcrypt_aead0 | |
| CVE-2023-52853 | Med | 5.5 | < 5.14.21-150400.24.122.2 | 5.14.21-150400.24.122.2 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: hid: cp2112: Fix duplicate workqueue initialization Previously the cp2112 driver called INIT_DELAYED_WORK within cp2112_gpio_irq_startup, resulting in duplicate initilizations of the workqueue on subsequent IRQ | |
| CVE-2023-52847 | Hig | 7.0 | < 5.14.21-150400.24.122.2 | 5.14.21-150400.24.122.2 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: media: bttv: fix use after free error due to btv->timeout timer There may be some a race condition between timer function bttv_irq_timeout and bttv_remove. The timer is setup in probe and there is no timer_dele | |
| CVE-2023-52846 | Hig | 7.8 | < 5.14.21-150400.24.125.1 | 5.14.21-150400.24.125.1 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: hsr: Prevent use after free in prp_create_tagged_frame() The prp_fill_rct() function can fail. In that situation, it frees the skb and returns NULL. Meanwhile on the success path, it returns the original skb. | |
| CVE-2023-52844 | Med | 6.2 | < 5.14.21-150400.24.122.2 | 5.14.21-150400.24.122.2 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: media: vidtv: psi: Add check for kstrdup Add check for the return value of kstrdup() and return the error if it fails in order to avoid NULL pointer dereference. | |
| CVE-2023-52841 | Med | 5.5 | < 5.14.21-150400.24.122.2 | 5.14.21-150400.24.122.2 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: media: vidtv: mux: Add check and kfree for kstrdup Add check for the return value of kstrdup() and return the error if it fails in order to avoid NULL pointer dereference. Moreover, use kfree() in the later err | |
| CVE-2023-52840 | Hig | 7.8 | < 5.14.21-150400.24.122.2 | 5.14.21-150400.24.122.2 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: Input: synaptics-rmi4 - fix use after free in rmi_unregister_function() The put_device() calls rmi_release_function() which frees "fn" so the dereference on the next line "fn->num_of_irqs" is a use after free. | |
| CVE-2023-52838 | Med | 6.2 | < 5.14.21-150400.24.122.2 | 5.14.21-150400.24.122.2 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: fbdev: imsttfb: fix a resource leak in probe I've re-written the error handling but the bug is that if init_imstt() fails we need to call iounmap(par->cmap_regs). |
- affected < 5.14.21-150400.24.122.2fixed 5.14.21-150400.24.122.2
In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: clk-mt2701: Add check for mtk_alloc_clk_data Add the check for the return value of mtk_alloc_clk_data() in order to avoid NULL pointer dereference.
- affected < 5.14.21-150400.24.122.2fixed 5.14.21-150400.24.122.2
In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: clk-mt6779: Add check for mtk_alloc_clk_data Add the check for the return value of mtk_alloc_clk_data() in order to avoid NULL pointer dereference.
- affected < 5.14.21-150400.24.122.2fixed 5.14.21-150400.24.122.2
In the Linux kernel, the following vulnerability has been resolved: tty: n_gsm: fix race condition in status line change on dead connections gsm_cleanup_mux() cleans up the gsm by closing all DLCIs, stopping all timers, removing the virtual tty devices and clearing the data que
- affected < 5.14.21-150400.24.122.2fixed 5.14.21-150400.24.122.2
In the Linux kernel, the following vulnerability has been resolved: soc: qcom: llcc: Handle a second device without data corruption Usually there is only one llcc device. But if there were a second, even a failed probe call would modify the global drv_data pointer. So check if
- affected < 5.14.21-150400.24.122.2fixed 5.14.21-150400.24.122.2
In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: clk-mt6765: Add check for mtk_alloc_clk_data Add the check for the return value of mtk_alloc_clk_data() in order to avoid NULL pointer dereference.
- affected < 5.14.21-150400.24.122.2fixed 5.14.21-150400.24.122.2
In the Linux kernel, the following vulnerability has been resolved: thermal: core: prevent potential string overflow The dev->id value comes from ida_alloc() so it's a number between zero and INT_MAX. If it's too high then these sprintf()s will overflow.
- affected < 5.14.21-150400.24.122.2fixed 5.14.21-150400.24.122.2
In the Linux kernel, the following vulnerability has been resolved: drm/radeon: possible buffer overflow Buffer 'afmt_status' of size 6 could overflow, since index 'afmt_idx' is checked after access.
- affected < 5.14.21-150400.24.122.2fixed 5.14.21-150400.24.122.2
In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: clk-mt6797: Add check for mtk_alloc_clk_data Add the check for the return value of mtk_alloc_clk_data() in order to avoid NULL pointer dereference.
- affected < 5.14.21-150400.24.122.2fixed 5.14.21-150400.24.122.2
In the Linux kernel, the following vulnerability has been resolved: platform/x86: wmi: Fix opening of char device Since commit fa1f68db6ca7 ("drivers: misc: pass miscdevice pointer via file private data"), the miscdevice stores a pointer to itself inside filp->private_data, whi
- affected < 5.14.21-150400.24.122.2fixed 5.14.21-150400.24.122.2
In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: clk-mt7629: Add check for mtk_alloc_clk_data Add the check for the return value of mtk_alloc_clk_data() in order to avoid NULL pointer dereference.
- affected < 5.14.21-150400.24.122.2fixed 5.14.21-150400.24.122.2
In the Linux kernel, the following vulnerability has been resolved: drm/bridge: lt8912b: Fix crash on bridge detach The lt8912b driver, in its bridge detach function, calls drm_connector_unregister() and drm_connector_cleanup(). drm_connector_unregister() should be called only
- affected < 5.14.21-150400.24.122.2fixed 5.14.21-150400.24.122.2
In the Linux kernel, the following vulnerability has been resolved: usb: dwc2: fix possible NULL pointer dereference caused by driver concurrency In _dwc2_hcd_urb_enqueue(), "urb->hcpriv = NULL" is executed without holding the lock "hsotg->lock". In _dwc2_hcd_urb_dequeue():
- affected < 5.14.21-150400.24.122.2fixed 5.14.21-150400.24.122.2
In the Linux kernel, the following vulnerability has been resolved: padata: Fix refcnt handling in padata_free_shell() In a high-load arm64 environment, the pcrypt_aead01 test in LTP can lead to system UAF (Use-After-Free) issues. Due to the lengthy analysis of the pcrypt_aead0
- affected < 5.14.21-150400.24.122.2fixed 5.14.21-150400.24.122.2
In the Linux kernel, the following vulnerability has been resolved: hid: cp2112: Fix duplicate workqueue initialization Previously the cp2112 driver called INIT_DELAYED_WORK within cp2112_gpio_irq_startup, resulting in duplicate initilizations of the workqueue on subsequent IRQ
- affected < 5.14.21-150400.24.122.2fixed 5.14.21-150400.24.122.2
In the Linux kernel, the following vulnerability has been resolved: media: bttv: fix use after free error due to btv->timeout timer There may be some a race condition between timer function bttv_irq_timeout and bttv_remove. The timer is setup in probe and there is no timer_dele
- affected < 5.14.21-150400.24.125.1fixed 5.14.21-150400.24.125.1
In the Linux kernel, the following vulnerability has been resolved: hsr: Prevent use after free in prp_create_tagged_frame() The prp_fill_rct() function can fail. In that situation, it frees the skb and returns NULL. Meanwhile on the success path, it returns the original skb.
- affected < 5.14.21-150400.24.122.2fixed 5.14.21-150400.24.122.2
In the Linux kernel, the following vulnerability has been resolved: media: vidtv: psi: Add check for kstrdup Add check for the return value of kstrdup() and return the error if it fails in order to avoid NULL pointer dereference.
- affected < 5.14.21-150400.24.122.2fixed 5.14.21-150400.24.122.2
In the Linux kernel, the following vulnerability has been resolved: media: vidtv: mux: Add check and kfree for kstrdup Add check for the return value of kstrdup() and return the error if it fails in order to avoid NULL pointer dereference. Moreover, use kfree() in the later err
- affected < 5.14.21-150400.24.122.2fixed 5.14.21-150400.24.122.2
In the Linux kernel, the following vulnerability has been resolved: Input: synaptics-rmi4 - fix use after free in rmi_unregister_function() The put_device() calls rmi_release_function() which frees "fn" so the dereference on the next line "fn->num_of_irqs" is a use after free.
- affected < 5.14.21-150400.24.122.2fixed 5.14.21-150400.24.122.2
In the Linux kernel, the following vulnerability has been resolved: fbdev: imsttfb: fix a resource leak in probe I've re-written the error handling but the bug is that if init_imstt() fails we need to call iounmap(par->cmap_regs).
Page 107 of 145