rpm package
suse/kernel-default&distro=SUSE Linux Enterprise Live Patching 15 SP5
pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP5
Vulnerabilities (4,709)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-48644 | Med | 5.5 | < 5.14.21-150500.55.62.2 | 5.14.21-150500.55.62.2 | Apr 28, 2024 | In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: avoid disabling offload when it was never enabled In an incredibly strange API design decision, qdisc->destroy() gets called even if qdisc->init() never succeeded, not exclusively since commi | |
| CVE-2022-48642 | Med | 5.5 | < 5.14.21-150500.55.62.2 | 5.14.21-150500.55.62.2 | Apr 28, 2024 | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fix percpu memory leak at nf_tables_addchain() It seems to me that percpu memory for chain stats started leaking since commit 3bc158f8d0330f0a ("netfilter: nf_tables: map basechain priorit | |
| CVE-2022-48640 | Med | 5.5 | < 5.14.21-150500.55.62.2 | 5.14.21-150500.55.62.2 | Apr 28, 2024 | In the Linux kernel, the following vulnerability has been resolved: bonding: fix NULL deref in bond_rr_gen_slave_id Fix a NULL dereference of the struct bonding.rr_tx_counter member because if a bond is initially created with an initial mode != zero (Round Robin) the memory req | |
| CVE-2022-48639 | Med | 5.5 | < 5.14.21-150500.55.62.2 | 5.14.21-150500.55.62.2 | Apr 28, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: sched: fix possible refcount leak in tc_new_tfilter() tfilter_put need to be called to put the refount got by tp->ops->get to avoid possible refcount leak when chain->tmplt_ops != NULL and chain->tmplt_ops | |
| CVE-2022-48638 | Med | 5.3 | < 5.14.21-150500.55.62.2 | 5.14.21-150500.55.62.2 | Apr 28, 2024 | In the Linux kernel, the following vulnerability has been resolved: cgroup: cgroup_get_from_id() must check the looked-up kn is a directory cgroup has to be one kernfs dir, otherwise kernel panic is caused, especially cgroup id is provide from userspace. | |
| CVE-2022-48637 | Hig | 7.8 | < 5.14.21-150500.55.62.2 | 5.14.21-150500.55.62.2 | Apr 28, 2024 | In the Linux kernel, the following vulnerability has been resolved: bnxt: prevent skb UAF after handing over to PTP worker When reading the timestamp is required bnxt_tx_int() hands over the ownership of the completed skb to the PTP worker. The skb should not be used afterwards | |
| CVE-2022-48636 | Med | 5.5 | < 5.14.21-150500.55.62.2 | 5.14.21-150500.55.62.2 | Apr 28, 2024 | In the Linux kernel, the following vulnerability has been resolved: s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing pavgroup Fix Oops in dasd_alias_get_start_dev() function caused by the pavgroup pointer being NULL. The pavgroup pointer is checked on the entranc | |
| CVE-2022-48634 | Med | 5.3 | < 5.14.21-150500.55.62.2 | 5.14.21-150500.55.62.2 | Apr 28, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/gma500: Fix BUG: sleeping function called from invalid context errors gma_crtc_page_flip() was holding the event_lock spinlock while calling crtc_funcs->mode_set_base() which takes ww_mutex. The only reaso | |
| CVE-2022-48633 | Med | 5.5 | < 5.14.21-150500.55.68.1 | 5.14.21-150500.55.68.1 | Apr 28, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/gma500: Fix WARN_ON(lock->magic != lock) error psb_gem_unpin() calls dma_resv_lock() but the underlying ww_mutex gets destroyed by drm_gem_object_release() move the drm_gem_object_release() call in psb_gem_ | |
| CVE-2022-48632 | Hig | 7.8 | < 5.14.21-150500.55.62.2 | 5.14.21-150500.55.62.2 | Apr 28, 2024 | In the Linux kernel, the following vulnerability has been resolved: i2c: mlxbf: prevent stack overflow in mlxbf_i2c_smbus_start_transaction() memcpy() is called in a loop while 'operation->length' upper bound is not checked and 'data_idx' also increments. | |
| CVE-2022-48631 | Med | 5.5 | < 5.14.21-150500.55.62.2 | 5.14.21-150500.55.62.2 | Apr 28, 2024 | In the Linux kernel, the following vulnerability has been resolved: ext4: fix bug in extents parsing when eh_entries == 0 and eh_depth > 0 When walking through an inode extents, the ext4_ext_binsearch_idx() function assumes that the extent header has been previously validated. | |
| CVE-2024-26928 | Hig | 7.8 | < 5.14.21-150500.55.68.1 | 5.14.21-150500.55.68.1 | Apr 28, 2024 | In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF in cifs_debug_files_proc_show() Skip sessions that are being teared down (status == SES_EXITING) to avoid UAF. | |
| CVE-2024-26927 | Hig | 8.4 | < 5.14.21-150500.55.62.2 | 5.14.21-150500.55.62.2 | Apr 28, 2024 | In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Add some bounds checking to firmware data Smatch complains about "head->full_size - head->header_size" can underflow. To some extent, we're always going to have to trust the firmware a bit. However | |
| CVE-2023-52646 | Med | 5.5 | < 5.14.21-150500.55.68.1 | 5.14.21-150500.55.68.1 | Apr 26, 2024 | In the Linux kernel, the following vulnerability has been resolved: aio: fix mremap after fork null-deref Commit e4a0d3e720e7 ("aio: Make it possible to remap aio ring") introduced a null-deref if mremap is called on an old aio mapping after fork as mm->ioctx_table will be set | |
| CVE-2024-26925 | Med | 5.5 | < 5.14.21-150500.55.68.1 | 5.14.21-150500.55.68.1 | Apr 25, 2024 | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path The commit mutex should not be released during the critical section between nft_gc_seq_begin() and nft_gc_seq_end(), otherwise, async GC | |
| CVE-2024-26924 | Med | 5.9 | < 5.14.21-150500.55.91.1 | 5.14.21-150500.55.91.1 | Apr 25, 2024 | In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo: do not free live element Pablo reports a crash with large batches of elements with a back-to-back add/remove pattern. Quoting Pablo: add_elem("00000000") timeout 100 ms ... ad | |
| CVE-2024-26923 | Med | 4.7 | < 5.14.21-150500.55.73.1 | 5.14.21-150500.55.73.1 | Apr 25, 2024 | In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix garbage collector racing against connect() Garbage collector does not take into account the risk of embryo getting enqueued during the garbage collection. If such embryo has a peer that carries SCM | |
| CVE-2024-26922 | Med | 5.5 | < 5.14.21-150500.55.68.1 | 5.14.21-150500.55.68.1 | Apr 23, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate the parameters of bo mapping operations more clearly Verify the parameters of amdgpu_vm_bo_(map/replace_map/clearing_mappings) in one common place. | |
| CVE-2024-26921 | Med | 5.5 | < 5.14.21-150500.55.68.1 | 5.14.21-150500.55.68.1 | Apr 18, 2024 | In the Linux kernel, the following vulnerability has been resolved: inet: inet_defrag: prevent sk release while still in use ip_local_out() and other functions can pass skb->sk as function argument. If the skb is a fragment and reassembly happens before such function call retu | |
| CVE-2024-26920 | Med | 5.5 | < 5.14.21-150500.55.68.1 | 5.14.21-150500.55.68.1 | Apr 17, 2024 | In the Linux kernel, the following vulnerability has been resolved: tracing/trigger: Fix to return error if failed to alloc snapshot Fix register_snapshot_trigger() to return error code if it failed to allocate a snapshot instead of 0 (success). Unless that, it will register sn |
- affected < 5.14.21-150500.55.62.2fixed 5.14.21-150500.55.62.2
In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: avoid disabling offload when it was never enabled In an incredibly strange API design decision, qdisc->destroy() gets called even if qdisc->init() never succeeded, not exclusively since commi
- affected < 5.14.21-150500.55.62.2fixed 5.14.21-150500.55.62.2
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fix percpu memory leak at nf_tables_addchain() It seems to me that percpu memory for chain stats started leaking since commit 3bc158f8d0330f0a ("netfilter: nf_tables: map basechain priorit
- affected < 5.14.21-150500.55.62.2fixed 5.14.21-150500.55.62.2
In the Linux kernel, the following vulnerability has been resolved: bonding: fix NULL deref in bond_rr_gen_slave_id Fix a NULL dereference of the struct bonding.rr_tx_counter member because if a bond is initially created with an initial mode != zero (Round Robin) the memory req
- affected < 5.14.21-150500.55.62.2fixed 5.14.21-150500.55.62.2
In the Linux kernel, the following vulnerability has been resolved: net: sched: fix possible refcount leak in tc_new_tfilter() tfilter_put need to be called to put the refount got by tp->ops->get to avoid possible refcount leak when chain->tmplt_ops != NULL and chain->tmplt_ops
- affected < 5.14.21-150500.55.62.2fixed 5.14.21-150500.55.62.2
In the Linux kernel, the following vulnerability has been resolved: cgroup: cgroup_get_from_id() must check the looked-up kn is a directory cgroup has to be one kernfs dir, otherwise kernel panic is caused, especially cgroup id is provide from userspace.
- affected < 5.14.21-150500.55.62.2fixed 5.14.21-150500.55.62.2
In the Linux kernel, the following vulnerability has been resolved: bnxt: prevent skb UAF after handing over to PTP worker When reading the timestamp is required bnxt_tx_int() hands over the ownership of the completed skb to the PTP worker. The skb should not be used afterwards
- affected < 5.14.21-150500.55.62.2fixed 5.14.21-150500.55.62.2
In the Linux kernel, the following vulnerability has been resolved: s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing pavgroup Fix Oops in dasd_alias_get_start_dev() function caused by the pavgroup pointer being NULL. The pavgroup pointer is checked on the entranc
- affected < 5.14.21-150500.55.62.2fixed 5.14.21-150500.55.62.2
In the Linux kernel, the following vulnerability has been resolved: drm/gma500: Fix BUG: sleeping function called from invalid context errors gma_crtc_page_flip() was holding the event_lock spinlock while calling crtc_funcs->mode_set_base() which takes ww_mutex. The only reaso
- affected < 5.14.21-150500.55.68.1fixed 5.14.21-150500.55.68.1
In the Linux kernel, the following vulnerability has been resolved: drm/gma500: Fix WARN_ON(lock->magic != lock) error psb_gem_unpin() calls dma_resv_lock() but the underlying ww_mutex gets destroyed by drm_gem_object_release() move the drm_gem_object_release() call in psb_gem_
- affected < 5.14.21-150500.55.62.2fixed 5.14.21-150500.55.62.2
In the Linux kernel, the following vulnerability has been resolved: i2c: mlxbf: prevent stack overflow in mlxbf_i2c_smbus_start_transaction() memcpy() is called in a loop while 'operation->length' upper bound is not checked and 'data_idx' also increments.
- affected < 5.14.21-150500.55.62.2fixed 5.14.21-150500.55.62.2
In the Linux kernel, the following vulnerability has been resolved: ext4: fix bug in extents parsing when eh_entries == 0 and eh_depth > 0 When walking through an inode extents, the ext4_ext_binsearch_idx() function assumes that the extent header has been previously validated.
- affected < 5.14.21-150500.55.68.1fixed 5.14.21-150500.55.68.1
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF in cifs_debug_files_proc_show() Skip sessions that are being teared down (status == SES_EXITING) to avoid UAF.
- affected < 5.14.21-150500.55.62.2fixed 5.14.21-150500.55.62.2
In the Linux kernel, the following vulnerability has been resolved: ASoC: SOF: Add some bounds checking to firmware data Smatch complains about "head->full_size - head->header_size" can underflow. To some extent, we're always going to have to trust the firmware a bit. However
- affected < 5.14.21-150500.55.68.1fixed 5.14.21-150500.55.68.1
In the Linux kernel, the following vulnerability has been resolved: aio: fix mremap after fork null-deref Commit e4a0d3e720e7 ("aio: Make it possible to remap aio ring") introduced a null-deref if mremap is called on an old aio mapping after fork as mm->ioctx_table will be set
- affected < 5.14.21-150500.55.68.1fixed 5.14.21-150500.55.68.1
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path The commit mutex should not be released during the critical section between nft_gc_seq_begin() and nft_gc_seq_end(), otherwise, async GC
- affected < 5.14.21-150500.55.91.1fixed 5.14.21-150500.55.91.1
In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo: do not free live element Pablo reports a crash with large batches of elements with a back-to-back add/remove pattern. Quoting Pablo: add_elem("00000000") timeout 100 ms ... ad
- affected < 5.14.21-150500.55.73.1fixed 5.14.21-150500.55.73.1
In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix garbage collector racing against connect() Garbage collector does not take into account the risk of embryo getting enqueued during the garbage collection. If such embryo has a peer that carries SCM
- affected < 5.14.21-150500.55.68.1fixed 5.14.21-150500.55.68.1
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: validate the parameters of bo mapping operations more clearly Verify the parameters of amdgpu_vm_bo_(map/replace_map/clearing_mappings) in one common place.
- affected < 5.14.21-150500.55.68.1fixed 5.14.21-150500.55.68.1
In the Linux kernel, the following vulnerability has been resolved: inet: inet_defrag: prevent sk release while still in use ip_local_out() and other functions can pass skb->sk as function argument. If the skb is a fragment and reassembly happens before such function call retu
- affected < 5.14.21-150500.55.68.1fixed 5.14.21-150500.55.68.1
In the Linux kernel, the following vulnerability has been resolved: tracing/trigger: Fix to return error if failed to alloc snapshot Fix register_snapshot_trigger() to return error code if it failed to allocate a snapshot instead of 0 (success). Unless that, it will register sn
Page 204 of 236