rpm package
suse/kernel-default&distro=SUSE Linux Enterprise Live Patching 15 SP4
pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP4
Vulnerabilities (2,888)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-48930 | Med | 5.5 | < 5.14.21-150400.24.133.2 | 5.14.21-150400.24.133.2 | Aug 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: RDMA/ib_srp: Fix a deadlock Remove the flush_workqueue(system_long_wq) call since flushing system_long_wq is deadlock-prone and since that call is redundant with a preceding cancel_work_sync() | |
| CVE-2022-48929 | Med | 5.5 | < 5.14.21-150400.24.133.2 | 5.14.21-150400.24.133.2 | Aug 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: bpf: Fix crash due to out of bounds access into reg2btf_ids. When commit e6ac2450d6de ("bpf: Support bpf program calling kernel function") added kfunc support, it defined reg2btf_ids as a cheap way to translate | |
| CVE-2022-48928 | Med | 5.5 | < 5.14.21-150400.24.133.2 | 5.14.21-150400.24.133.2 | Aug 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: iio: adc: men_z188_adc: Fix a resource leak in an error handling path If iio_device_register() fails, a previous ioremap() is left unbalanced. Update the error handling path and add the missing iounmap() call, | |
| CVE-2022-48927 | Hig | 7.8 | < 5.14.21-150400.24.133.2 | 5.14.21-150400.24.133.2 | Aug 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: iio: adc: tsc2046: fix memory corruption by preventing array overflow On one side we have indio_dev->num_channels includes all physical channels + timestamp channel. On other side we have an array allocated onl | |
| CVE-2022-48926 | Hig | 7.8 | < 5.14.21-150400.24.133.2 | 5.14.21-150400.24.133.2 | Aug 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: usb: gadget: rndis: add spinlock for rndis response list There's no lock for rndis response list. It could cause list corruption if there're two different list_add at the same time like below. It's better to ad | |
| CVE-2022-48925 | Hig | 7.8 | < 5.14.21-150400.24.133.2 | 5.14.21-150400.24.133.2 | Aug 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: RDMA/cma: Do not change route.addr.src_addr outside state checks If the state is not idle then resolve_prepare_src() should immediately fail and no change to global state should happen. However, it unconditiona | |
| CVE-2022-48924 | Med | 5.5 | < 5.14.21-150400.24.133.2 | 5.14.21-150400.24.133.2 | Aug 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: thermal: int340x: fix memory leak in int3400_notify() It is easy to hit the below memory leaks in my TigerLake platform: unreferenced object 0xffff927c8b91dbc0 (size 32): comm "kworker/0:2", pid 112, jiffies | |
| CVE-2022-48923 | Med | 5.5 | < 5.14.21-150400.24.136.1 | 5.14.21-150400.24.136.1 | Aug 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: btrfs: prevent copying too big compressed lzo segment Compressed length can be corrupted to be a lot larger than memory we have allocated for buffer. This will cause memcpy in copy_compressed_segment to write o | |
| CVE-2022-48921 | Med | 4.7 | < 5.14.21-150400.24.133.2 | 5.14.21-150400.24.133.2 | Aug 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: sched/fair: Fix fault in reweight_entity Syzbot found a GPF in reweight_entity. This has been bisected to commit 4ef0c5c6b5ba ("kernel/sched: Fix sched_fork() access an invalid sched_task_group") There is a ra | |
| CVE-2022-48919 | Hig | 7.8 | < 5.14.21-150400.24.133.2 | 5.14.21-150400.24.133.2 | Aug 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: cifs: fix double free race when mount fails in cifs_get_root() When cifs_get_root() fails during cifs_smb3_do_mount() we call deactivate_locked_super() which eventually will call delayed_free() which will free | |
| CVE-2022-48918 | Med | 5.5 | < 5.14.21-150400.24.133.2 | 5.14.21-150400.24.133.2 | Aug 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: iwlwifi: mvm: check debugfs_dir ptr before use When "debugfs=off" is used on the kernel command line, iwiwifi's mvm module uses an invalid/unchecked debugfs_dir pointer and causes a BUG: BUG: kernel NULL poin | |
| CVE-2022-48916 | Med | 5.5 | < 5.14.21-150400.24.133.2 | 5.14.21-150400.24.133.2 | Aug 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix double list_add when enabling VMD in scalable mode When enabling VMD and IOMMU scalable mode, the following kernel panic call trace/kernel log is shown in Eagle Stream platform (Sapphire Rapids | |
| CVE-2022-48915 | Med | 5.5 | < 5.14.21-150400.24.133.2 | 5.14.21-150400.24.133.2 | Aug 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: thermal: core: Fix TZ_GET_TRIP NULL pointer dereference Do not call get_trip_hyst() from thermal_genl_cmd_tz_get_trip() if the thermal zone does not define one. | |
| CVE-2022-48914 | Med | 5.5 | < 5.14.21-150400.24.133.2 | 5.14.21-150400.24.133.2 | Aug 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: xen/netfront: destroy queues before real_num_tx_queues is zeroed xennet_destroy_queues() relies on info->netdev->real_num_tx_queues to delete queues. Since d7dac083414eb5bb99a6d2ed53dc2c1b405224e5 ("net-sysfs: | |
| CVE-2022-48913 | Hig | 7.8 | < 5.14.21-150400.24.133.2 | 5.14.21-150400.24.133.2 | Aug 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: blktrace: fix use after free for struct blk_trace When tracing the whole disk, 'dropped' and 'msg' will be created under 'q->debugfs_dir' and 'bt->dir' is NULL, thus blk_trace_free() won't remove those files. W | |
| CVE-2022-48912 | Hig | 7.8 | < 5.14.21-150400.24.133.2 | 5.14.21-150400.24.133.2 | Aug 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: netfilter: fix use-after-free in __nf_register_net_hook() We must not dereference @new_hooks after nf_hook_mutex has been released, because other threads might have freed our allocated hooks already. BUG: KASA | |
| CVE-2022-48911 | Med | 5.5 | < 5.14.21-150400.24.136.1 | 5.14.21-150400.24.136.1 | Aug 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_queue: fix possible use-after-free Eric Dumazet says: The sock_hold() side seems suspect, because there is no guarantee that sk_refcnt is not already 0. On failure, we cannot queue the packet | |
| CVE-2022-48909 | Med | 5.5 | < 5.14.21-150400.24.133.2 | 5.14.21-150400.24.133.2 | Aug 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: net/smc: fix connection leak There's a potential leak issue under following execution sequence : smc_release smc_connect_work if (sk->sk_state == SMC_INIT) send_clc_confirim tcp_abort(); ... | |
| CVE-2022-48907 | Med | 5.5 | < 5.14.21-150400.24.133.2 | 5.14.21-150400.24.133.2 | Aug 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: auxdisplay: lcd2s: Fix memory leak in ->remove() Once allocated the struct lcd2s_data is never freed. Fix the memory leak by switching to devm_kzalloc(). | |
| CVE-2022-48905 | Med | 5.5 | < 5.14.21-150400.24.133.2 | 5.14.21-150400.24.133.2 | Aug 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: ibmvnic: free reset-work-item when flushing Fix a tiny memory leak when flushing the reset work queue. |
- affected < 5.14.21-150400.24.133.2fixed 5.14.21-150400.24.133.2
In the Linux kernel, the following vulnerability has been resolved: RDMA/ib_srp: Fix a deadlock Remove the flush_workqueue(system_long_wq) call since flushing system_long_wq is deadlock-prone and since that call is redundant with a preceding cancel_work_sync()
- affected < 5.14.21-150400.24.133.2fixed 5.14.21-150400.24.133.2
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix crash due to out of bounds access into reg2btf_ids. When commit e6ac2450d6de ("bpf: Support bpf program calling kernel function") added kfunc support, it defined reg2btf_ids as a cheap way to translate
- affected < 5.14.21-150400.24.133.2fixed 5.14.21-150400.24.133.2
In the Linux kernel, the following vulnerability has been resolved: iio: adc: men_z188_adc: Fix a resource leak in an error handling path If iio_device_register() fails, a previous ioremap() is left unbalanced. Update the error handling path and add the missing iounmap() call,
- affected < 5.14.21-150400.24.133.2fixed 5.14.21-150400.24.133.2
In the Linux kernel, the following vulnerability has been resolved: iio: adc: tsc2046: fix memory corruption by preventing array overflow On one side we have indio_dev->num_channels includes all physical channels + timestamp channel. On other side we have an array allocated onl
- affected < 5.14.21-150400.24.133.2fixed 5.14.21-150400.24.133.2
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: rndis: add spinlock for rndis response list There's no lock for rndis response list. It could cause list corruption if there're two different list_add at the same time like below. It's better to ad
- affected < 5.14.21-150400.24.133.2fixed 5.14.21-150400.24.133.2
In the Linux kernel, the following vulnerability has been resolved: RDMA/cma: Do not change route.addr.src_addr outside state checks If the state is not idle then resolve_prepare_src() should immediately fail and no change to global state should happen. However, it unconditiona
- affected < 5.14.21-150400.24.133.2fixed 5.14.21-150400.24.133.2
In the Linux kernel, the following vulnerability has been resolved: thermal: int340x: fix memory leak in int3400_notify() It is easy to hit the below memory leaks in my TigerLake platform: unreferenced object 0xffff927c8b91dbc0 (size 32): comm "kworker/0:2", pid 112, jiffies
- affected < 5.14.21-150400.24.136.1fixed 5.14.21-150400.24.136.1
In the Linux kernel, the following vulnerability has been resolved: btrfs: prevent copying too big compressed lzo segment Compressed length can be corrupted to be a lot larger than memory we have allocated for buffer. This will cause memcpy in copy_compressed_segment to write o
- affected < 5.14.21-150400.24.133.2fixed 5.14.21-150400.24.133.2
In the Linux kernel, the following vulnerability has been resolved: sched/fair: Fix fault in reweight_entity Syzbot found a GPF in reweight_entity. This has been bisected to commit 4ef0c5c6b5ba ("kernel/sched: Fix sched_fork() access an invalid sched_task_group") There is a ra
- affected < 5.14.21-150400.24.133.2fixed 5.14.21-150400.24.133.2
In the Linux kernel, the following vulnerability has been resolved: cifs: fix double free race when mount fails in cifs_get_root() When cifs_get_root() fails during cifs_smb3_do_mount() we call deactivate_locked_super() which eventually will call delayed_free() which will free
- affected < 5.14.21-150400.24.133.2fixed 5.14.21-150400.24.133.2
In the Linux kernel, the following vulnerability has been resolved: iwlwifi: mvm: check debugfs_dir ptr before use When "debugfs=off" is used on the kernel command line, iwiwifi's mvm module uses an invalid/unchecked debugfs_dir pointer and causes a BUG: BUG: kernel NULL poin
- affected < 5.14.21-150400.24.133.2fixed 5.14.21-150400.24.133.2
In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix double list_add when enabling VMD in scalable mode When enabling VMD and IOMMU scalable mode, the following kernel panic call trace/kernel log is shown in Eagle Stream platform (Sapphire Rapids
- affected < 5.14.21-150400.24.133.2fixed 5.14.21-150400.24.133.2
In the Linux kernel, the following vulnerability has been resolved: thermal: core: Fix TZ_GET_TRIP NULL pointer dereference Do not call get_trip_hyst() from thermal_genl_cmd_tz_get_trip() if the thermal zone does not define one.
- affected < 5.14.21-150400.24.133.2fixed 5.14.21-150400.24.133.2
In the Linux kernel, the following vulnerability has been resolved: xen/netfront: destroy queues before real_num_tx_queues is zeroed xennet_destroy_queues() relies on info->netdev->real_num_tx_queues to delete queues. Since d7dac083414eb5bb99a6d2ed53dc2c1b405224e5 ("net-sysfs:
- affected < 5.14.21-150400.24.133.2fixed 5.14.21-150400.24.133.2
In the Linux kernel, the following vulnerability has been resolved: blktrace: fix use after free for struct blk_trace When tracing the whole disk, 'dropped' and 'msg' will be created under 'q->debugfs_dir' and 'bt->dir' is NULL, thus blk_trace_free() won't remove those files. W
- affected < 5.14.21-150400.24.133.2fixed 5.14.21-150400.24.133.2
In the Linux kernel, the following vulnerability has been resolved: netfilter: fix use-after-free in __nf_register_net_hook() We must not dereference @new_hooks after nf_hook_mutex has been released, because other threads might have freed our allocated hooks already. BUG: KASA
- affected < 5.14.21-150400.24.136.1fixed 5.14.21-150400.24.136.1
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_queue: fix possible use-after-free Eric Dumazet says: The sock_hold() side seems suspect, because there is no guarantee that sk_refcnt is not already 0. On failure, we cannot queue the packet
- affected < 5.14.21-150400.24.133.2fixed 5.14.21-150400.24.133.2
In the Linux kernel, the following vulnerability has been resolved: net/smc: fix connection leak There's a potential leak issue under following execution sequence : smc_release smc_connect_work if (sk->sk_state == SMC_INIT) send_clc_confirim tcp_abort(); ...
- affected < 5.14.21-150400.24.133.2fixed 5.14.21-150400.24.133.2
In the Linux kernel, the following vulnerability has been resolved: auxdisplay: lcd2s: Fix memory leak in ->remove() Once allocated the struct lcd2s_data is never freed. Fix the memory leak by switching to devm_kzalloc().
- affected < 5.14.21-150400.24.133.2fixed 5.14.21-150400.24.133.2
In the Linux kernel, the following vulnerability has been resolved: ibmvnic: free reset-work-item when flushing Fix a tiny memory leak when flushing the reset work queue.
Page 89 of 145