rpm package
suse/kernel-default&distro=SUSE Linux Enterprise Live Patching 15 SP4
pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP4
Vulnerabilities (2,888)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-53079 | — | < 5.14.21-150400.24.167.1 | 5.14.21-150400.24.167.1 | May 2, 2025 | In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix steering rules cleanup vport's mc, uc and multicast rules are not deleted in teardown path when EEH happens. Since the vport's promisc settings(uc, mc and all) in firmware are reset after EEH, mlx | ||
| CVE-2023-53078 | — | < 5.14.21-150400.24.167.1 | 5.14.21-150400.24.167.1 | May 2, 2025 | In the Linux kernel, the following vulnerability has been resolved: scsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate() If alua_rtpg_queue() failed from alua_activate(), then 'qdata' is not freed, which will cause following memleak: unreferenced object 0xffff88810b2 | ||
| CVE-2023-53077 | — | < 5.14.21-150400.24.167.1 | 5.14.21-150400.24.167.1 | May 2, 2025 | In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix shift-out-of-bounds in CalculateVMAndRowBytes [WHY] When PTEBufferSizeInRequests is zero, UBSAN reports the following warning because dml_log2 returns an unexpected negative value: shift | ||
| CVE-2023-53075 | — | < 5.14.21-150400.24.167.1 | 5.14.21-150400.24.167.1 | May 2, 2025 | In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix invalid address access in lookup_rec() when index is 0 KASAN reported follow problem: BUG: KASAN: use-after-free in lookup_rec Read of size 8 at addr ffff000199270ff0 by task modprobe CPU: 2 Com | ||
| CVE-2023-53068 | — | < 5.14.21-150400.24.167.1 | 5.14.21-150400.24.167.1 | May 2, 2025 | In the Linux kernel, the following vulnerability has been resolved: net: usb: lan78xx: Limit packet length to skb->len Packet length retrieved from descriptor may be larger than the actual socket buffer length. In such case the cloned skb passed up the network stack will leak k | ||
| CVE-2023-53066 | — | < 5.14.21-150400.24.167.1 | 5.14.21-150400.24.167.1 | May 2, 2025 | In the Linux kernel, the following vulnerability has been resolved: qed/qed_sriov: guard against NULL derefs from qed_iov_get_vf_info We have to make sure that the info returned by the helper is valid before using it. Found by Linux Verification Center (linuxtesting.org) with | ||
| CVE-2023-53065 | — | < 5.14.21-150400.24.167.1 | 5.14.21-150400.24.167.1 | May 2, 2025 | In the Linux kernel, the following vulnerability has been resolved: perf/core: Fix perf_output_begin parameter is incorrectly invoked in perf_event_bpf_output syzkaller reportes a KASAN issue with stack-out-of-bounds. The call trace is as follows: dump_stack+0x9c/0xd3 print | ||
| CVE-2023-53064 | — | < 5.14.21-150400.24.167.1 | 5.14.21-150400.24.167.1 | May 2, 2025 | In the Linux kernel, the following vulnerability has been resolved: iavf: fix hang on reboot with ice When a system with E810 with existing VFs gets rebooted the following hang may be observed. Pid 1 is hung in iavf_remove(), part of a network driver: PID: 1 TASK: fff | ||
| CVE-2023-53062 | — | < 5.14.21-150400.24.167.1 | 5.14.21-150400.24.167.1 | May 2, 2025 | In the Linux kernel, the following vulnerability has been resolved: net: usb: smsc95xx: Limit packet length to skb->len Packet length retrieved from descriptor may be larger than the actual socket buffer length. In such case the cloned skb passed up the network stack will leak | ||
| CVE-2023-53060 | — | < 5.14.21-150400.24.167.1 | 5.14.21-150400.24.167.1 | May 2, 2025 | In the Linux kernel, the following vulnerability has been resolved: igb: revert rtnl_lock() that causes deadlock The commit 6faee3d4ee8b ("igb: Add lock to avoid data race") adds rtnl_lock to eliminate a false data race shown below (FREE from device detaching) | (USE f | ||
| CVE-2023-53059 | — | < 5.14.21-150400.24.167.1 | 5.14.21-150400.24.167.1 | May 2, 2025 | In the Linux kernel, the following vulnerability has been resolved: platform/chrome: cros_ec_chardev: fix kernel data leak from ioctl It is possible to peep kernel page's data by providing larger `insize` in struct cros_ec_command[1] when invoking EC host commands. Fix it by u | ||
| CVE-2023-53058 | — | < 5.14.21-150400.24.167.1 | 5.14.21-150400.24.167.1 | May 2, 2025 | In the Linux kernel, the following vulnerability has been resolved: net/mlx5: E-Switch, Fix an Oops in error handling code The error handling dereferences "vport". There is nothing we can do if it is an error pointer except returning the error code. | ||
| CVE-2023-53056 | — | < 5.14.21-150400.24.167.1 | 5.14.21-150400.24.167.1 | May 2, 2025 | In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Synchronize the IOCB count to be in order A system hang was observed with the following call trace: BUG: kernel NULL pointer dereference, address: 0000000000000000 PGD 0 P4D 0 Oops: 0000 [#1] PR | ||
| CVE-2023-53054 | — | < 5.14.21-150400.24.167.1 | 5.14.21-150400.24.167.1 | May 2, 2025 | In the Linux kernel, the following vulnerability has been resolved: usb: dwc2: fix a devres leak in hw_enable upon suspend resume Each time the platform goes to low power, PM suspend / resume routines call: __dwc2_lowlevel_hw_enable -> devm_add_action_or_reset(). This adds a ne | ||
| CVE-2023-53052 | — | < 5.14.21-150400.24.167.1 | 5.14.21-150400.24.167.1 | May 2, 2025 | In the Linux kernel, the following vulnerability has been resolved: cifs: fix use-after-free bug in refresh_cache_worker() The UAF bug occurred because we were putting DFS root sessions in cifs_umount() while DFS cache refresher was being executed. Make DFS root sessions have | ||
| CVE-2023-53051 | — | < 5.14.21-150400.24.167.1 | 5.14.21-150400.24.167.1 | May 2, 2025 | In the Linux kernel, the following vulnerability has been resolved: dm crypt: add cond_resched() to dmcrypt_write() The loop in dmcrypt_write may be running for unbounded amount of time, thus we need cond_resched() in it. This commit fixes the following warning: [ 3391.153255 | ||
| CVE-2023-53049 | — | < 5.14.21-150400.24.167.1 | 5.14.21-150400.24.167.1 | May 2, 2025 | In the Linux kernel, the following vulnerability has been resolved: usb: ucsi: Fix NULL pointer deref in ucsi_connector_change() When ucsi_init() fails, ucsi->connector is NULL, yet in case of ucsi_acpi we may still get events which cause the ucs_acpi code to call ucsi_connecto | ||
| CVE-2023-53045 | — | < 5.14.21-150400.24.167.1 | 5.14.21-150400.24.167.1 | May 2, 2025 | In the Linux kernel, the following vulnerability has been resolved: usb: gadget: u_audio: don't let userspace block driver unbind In the unbind callback for f_uac1 and f_uac2, a call to snd_card_free() via g_audio_cleanup() will disconnect the card and then wait for all resourc | ||
| CVE-2023-53044 | — | < 5.14.21-150400.24.167.1 | 5.14.21-150400.24.167.1 | May 2, 2025 | In the Linux kernel, the following vulnerability has been resolved: dm stats: check for and propagate alloc_percpu failure Check alloc_precpu()'s return value and return an error from dm_stats_init() if it fails. Update alloc_dev() to fail if dm_stats_init() does. Otherwise, a | ||
| CVE-2023-53041 | — | < 5.14.21-150400.24.167.1 | 5.14.21-150400.24.167.1 | May 2, 2025 | In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Perform lockless command completion in abort path While adding and removing the controller, the following call trace was observed: WARNING: CPU: 3 PID: 623596 at kernel/dma/mapping.c:532 dma_fre |
- CVE-2023-53079May 2, 2025affected < 5.14.21-150400.24.167.1fixed 5.14.21-150400.24.167.1
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix steering rules cleanup vport's mc, uc and multicast rules are not deleted in teardown path when EEH happens. Since the vport's promisc settings(uc, mc and all) in firmware are reset after EEH, mlx
- CVE-2023-53078May 2, 2025affected < 5.14.21-150400.24.167.1fixed 5.14.21-150400.24.167.1
In the Linux kernel, the following vulnerability has been resolved: scsi: scsi_dh_alua: Fix memleak for 'qdata' in alua_activate() If alua_rtpg_queue() failed from alua_activate(), then 'qdata' is not freed, which will cause following memleak: unreferenced object 0xffff88810b2
- CVE-2023-53077May 2, 2025affected < 5.14.21-150400.24.167.1fixed 5.14.21-150400.24.167.1
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix shift-out-of-bounds in CalculateVMAndRowBytes [WHY] When PTEBufferSizeInRequests is zero, UBSAN reports the following warning because dml_log2 returns an unexpected negative value: shift
- CVE-2023-53075May 2, 2025affected < 5.14.21-150400.24.167.1fixed 5.14.21-150400.24.167.1
In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix invalid address access in lookup_rec() when index is 0 KASAN reported follow problem: BUG: KASAN: use-after-free in lookup_rec Read of size 8 at addr ffff000199270ff0 by task modprobe CPU: 2 Com
- CVE-2023-53068May 2, 2025affected < 5.14.21-150400.24.167.1fixed 5.14.21-150400.24.167.1
In the Linux kernel, the following vulnerability has been resolved: net: usb: lan78xx: Limit packet length to skb->len Packet length retrieved from descriptor may be larger than the actual socket buffer length. In such case the cloned skb passed up the network stack will leak k
- CVE-2023-53066May 2, 2025affected < 5.14.21-150400.24.167.1fixed 5.14.21-150400.24.167.1
In the Linux kernel, the following vulnerability has been resolved: qed/qed_sriov: guard against NULL derefs from qed_iov_get_vf_info We have to make sure that the info returned by the helper is valid before using it. Found by Linux Verification Center (linuxtesting.org) with
- CVE-2023-53065May 2, 2025affected < 5.14.21-150400.24.167.1fixed 5.14.21-150400.24.167.1
In the Linux kernel, the following vulnerability has been resolved: perf/core: Fix perf_output_begin parameter is incorrectly invoked in perf_event_bpf_output syzkaller reportes a KASAN issue with stack-out-of-bounds. The call trace is as follows: dump_stack+0x9c/0xd3 print
- CVE-2023-53064May 2, 2025affected < 5.14.21-150400.24.167.1fixed 5.14.21-150400.24.167.1
In the Linux kernel, the following vulnerability has been resolved: iavf: fix hang on reboot with ice When a system with E810 with existing VFs gets rebooted the following hang may be observed. Pid 1 is hung in iavf_remove(), part of a network driver: PID: 1 TASK: fff
- CVE-2023-53062May 2, 2025affected < 5.14.21-150400.24.167.1fixed 5.14.21-150400.24.167.1
In the Linux kernel, the following vulnerability has been resolved: net: usb: smsc95xx: Limit packet length to skb->len Packet length retrieved from descriptor may be larger than the actual socket buffer length. In such case the cloned skb passed up the network stack will leak
- CVE-2023-53060May 2, 2025affected < 5.14.21-150400.24.167.1fixed 5.14.21-150400.24.167.1
In the Linux kernel, the following vulnerability has been resolved: igb: revert rtnl_lock() that causes deadlock The commit 6faee3d4ee8b ("igb: Add lock to avoid data race") adds rtnl_lock to eliminate a false data race shown below (FREE from device detaching) | (USE f
- CVE-2023-53059May 2, 2025affected < 5.14.21-150400.24.167.1fixed 5.14.21-150400.24.167.1
In the Linux kernel, the following vulnerability has been resolved: platform/chrome: cros_ec_chardev: fix kernel data leak from ioctl It is possible to peep kernel page's data by providing larger `insize` in struct cros_ec_command[1] when invoking EC host commands. Fix it by u
- CVE-2023-53058May 2, 2025affected < 5.14.21-150400.24.167.1fixed 5.14.21-150400.24.167.1
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: E-Switch, Fix an Oops in error handling code The error handling dereferences "vport". There is nothing we can do if it is an error pointer except returning the error code.
- CVE-2023-53056May 2, 2025affected < 5.14.21-150400.24.167.1fixed 5.14.21-150400.24.167.1
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Synchronize the IOCB count to be in order A system hang was observed with the following call trace: BUG: kernel NULL pointer dereference, address: 0000000000000000 PGD 0 P4D 0 Oops: 0000 [#1] PR
- CVE-2023-53054May 2, 2025affected < 5.14.21-150400.24.167.1fixed 5.14.21-150400.24.167.1
In the Linux kernel, the following vulnerability has been resolved: usb: dwc2: fix a devres leak in hw_enable upon suspend resume Each time the platform goes to low power, PM suspend / resume routines call: __dwc2_lowlevel_hw_enable -> devm_add_action_or_reset(). This adds a ne
- CVE-2023-53052May 2, 2025affected < 5.14.21-150400.24.167.1fixed 5.14.21-150400.24.167.1
In the Linux kernel, the following vulnerability has been resolved: cifs: fix use-after-free bug in refresh_cache_worker() The UAF bug occurred because we were putting DFS root sessions in cifs_umount() while DFS cache refresher was being executed. Make DFS root sessions have
- CVE-2023-53051May 2, 2025affected < 5.14.21-150400.24.167.1fixed 5.14.21-150400.24.167.1
In the Linux kernel, the following vulnerability has been resolved: dm crypt: add cond_resched() to dmcrypt_write() The loop in dmcrypt_write may be running for unbounded amount of time, thus we need cond_resched() in it. This commit fixes the following warning: [ 3391.153255
- CVE-2023-53049May 2, 2025affected < 5.14.21-150400.24.167.1fixed 5.14.21-150400.24.167.1
In the Linux kernel, the following vulnerability has been resolved: usb: ucsi: Fix NULL pointer deref in ucsi_connector_change() When ucsi_init() fails, ucsi->connector is NULL, yet in case of ucsi_acpi we may still get events which cause the ucs_acpi code to call ucsi_connecto
- CVE-2023-53045May 2, 2025affected < 5.14.21-150400.24.167.1fixed 5.14.21-150400.24.167.1
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: u_audio: don't let userspace block driver unbind In the unbind callback for f_uac1 and f_uac2, a call to snd_card_free() via g_audio_cleanup() will disconnect the card and then wait for all resourc
- CVE-2023-53044May 2, 2025affected < 5.14.21-150400.24.167.1fixed 5.14.21-150400.24.167.1
In the Linux kernel, the following vulnerability has been resolved: dm stats: check for and propagate alloc_percpu failure Check alloc_precpu()'s return value and return an error from dm_stats_init() if it fails. Update alloc_dev() to fail if dm_stats_init() does. Otherwise, a
- CVE-2023-53041May 2, 2025affected < 5.14.21-150400.24.167.1fixed 5.14.21-150400.24.167.1
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Perform lockless command completion in abort path While adding and removing the controller, the following call trace was observed: WARNING: CPU: 3 PID: 623596 at kernel/dma/mapping.c:532 dma_fre
Page 47 of 145