rpm package

suse/kernel-default&distro=SUSE Linux Enterprise Server 12 SP5-LTSS

pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSS

Vulnerabilities (1,794)

CVE	CVSS	Affected versions	Fixed in	Published	Description
CVE-2022-49589	—	< 4.12.14-122.255.1	4.12.14-122.255.1	Feb 26, 2025	In the Linux kernel, the following vulnerability has been resolved: igmp: Fix data-races around sysctl_igmp_qrv. While reading sysctl_igmp_qrv, it can be changed concurrently. Thus, we need to add READ_ONCE() to its readers. This test can be packed into a helper, so such chang
CVE-2022-49584	—	< 4.12.14-122.255.1	4.12.14-122.255.1	Feb 26, 2025	In the Linux kernel, the following vulnerability has been resolved: ixgbe: Add locking to prevent panic when setting sriov_numvfs to zero It is possible to disable VFs while the PF driver is processing requests from the VF driver. This can result in a panic. BUG: unable to ha
CVE-2022-49581	—	< 4.12.14-122.255.1	4.12.14-122.255.1	Feb 26, 2025	In the Linux kernel, the following vulnerability has been resolved: be2net: Fix buffer overflow in be_get_module_eeprom be_cmd_read_port_transceiver_data assumes that it is given a buffer that is at least PAGE_DATA_LEN long, or twice that if the module supports SFF 8472. Howeve
CVE-2022-49578	—	< 4.12.14-122.255.1	4.12.14-122.255.1	Feb 26, 2025	In the Linux kernel, the following vulnerability has been resolved: ip: Fix data-races around sysctl_ip_prot_sock. sysctl_ip_prot_sock is accessed concurrently, and there is always a chance of data-race. So, all readers and writers need some basic protection to avoid load/stor
CVE-2022-49566	—	< 4.12.14-122.255.1	4.12.14-122.255.1	Feb 26, 2025	In the Linux kernel, the following vulnerability has been resolved: crypto: qat - fix memory leak in RSA When an RSA key represented in form 2 (as defined in PKCS #1 V2.1) is used, some components of the private key persist even after the TFM is released. Replace the explicit c
CVE-2022-49564	—	< 4.12.14-122.255.1	4.12.14-122.255.1	Feb 26, 2025	In the Linux kernel, the following vulnerability has been resolved: crypto: qat - add param check for DH Reject requests with a source buffer that is bigger than the size of the key. This is to prevent a possible integer underflow that might happen when copying the source scatt
CVE-2022-49563	—	< 4.12.14-122.255.1	4.12.14-122.255.1	Feb 26, 2025	In the Linux kernel, the following vulnerability has been resolved: crypto: qat - add param check for RSA Reject requests with a source buffer that is bigger than the size of the key. This is to prevent a possible integer underflow that might happen when copying the source scat
CVE-2022-49561	—	< 4.12.14-122.258.1	4.12.14-122.258.1	Feb 26, 2025	In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: re-fetch conntrack after insertion In case the conntrack is clashing, insertion can free skb->_nfct and set skb->_nfct to the already-confirmed entry. This wasn't found before because the
CVE-2022-49555	—	< 4.12.14-122.255.1	4.12.14-122.255.1	Feb 26, 2025	In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_qca: Use del_timer_sync() before freeing While looking at a crash report on a timer list being corrupted, which usually happens when a timer is freed while still active. This is commonly triggere
CVE-2022-49546	—	< 4.12.14-122.255.1	4.12.14-122.255.1	Feb 26, 2025	In the Linux kernel, the following vulnerability has been resolved: x86/kexec: fix memory leak of elf header buffer This is reported by kmemleak detector: unreferenced object 0xffffc900002a9000 (size 4096): comm "kexec", pid 14950, jiffies 4295110793 (age 373.951s) hex dum
CVE-2022-49545	—	< 4.12.14-122.255.1	4.12.14-122.255.1	Feb 26, 2025	In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Cancel pending work at closing a MIDI substream At closing a USB MIDI output substream, there might be still a pending work, which would eventually access the rawmidi runtime object that is bei
CVE-2022-49544	—	< 4.12.14-122.255.1	4.12.14-122.255.1	Feb 26, 2025	In the Linux kernel, the following vulnerability has been resolved: ipw2x00: Fix potential NULL dereference in libipw_xmit() crypt and crypt->ops could be null, so we need to checking null before dereference
CVE-2022-49542	—	< 4.12.14-122.258.1	4.12.14-122.258.1	Feb 26, 2025	In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Move cfg_log_verbose check before calling lpfc_dmp_dbg() In an attempt to log message 0126 with LOG_TRACE_EVENT, the following hard lockup call trace hangs the system. Call Trace: _raw_spin_lock_i
CVE-2022-49538	—	< 4.12.14-122.255.1	4.12.14-122.255.1	Feb 26, 2025	In the Linux kernel, the following vulnerability has been resolved: ALSA: jack: Access input_dev under mutex It is possible when using ASoC that input_dev is unregistered while calling snd_jack_report, which causes NULL pointer dereference. In order to prevent this serialize ac
CVE-2022-49537	—	< 4.12.14-122.258.1	4.12.14-122.258.1	Feb 26, 2025	In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix call trace observed during I/O with CMF enabled The following was seen with CMF enabled: BUG: using smp_processor_id() in preemptible code: systemd-udevd/31711 kernel: caller is lpfc_update_cmf
CVE-2022-49536	—	< 4.12.14-122.258.1	4.12.14-122.258.1	Feb 26, 2025	In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix SCSI I/O completion and abort handler deadlock During stress I/O tests with 500+ vports, hard LOCKUP call traces are observed. CPU A: native_queued_spin_lock_slowpath+0x192 _raw_spin_lock_irq
CVE-2022-49535	—	< 4.12.14-122.258.1	4.12.14-122.258.1	Feb 26, 2025	In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix null pointer dereference after failing to issue FLOGI and PLOGI If lpfc_issue_els_flogi() fails and returns non-zero status, the node reference count is decremented to trigger the release of the
CVE-2022-49534	—	< 4.12.14-122.258.1	4.12.14-122.258.1	Feb 26, 2025	In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Protect memory leak for NPIV ports sending PLOGI_RJT There is a potential memory leak in lpfc_ignore_els_cmpl() and lpfc_els_rsp_reject() that was allocated from NPIV PLOGI_RJT (lpfc_rcv_plogi()'s l
CVE-2022-49532	—	< 4.12.14-122.255.1	4.12.14-122.255.1	Feb 26, 2025	In the Linux kernel, the following vulnerability has been resolved: drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes drm_cvt_mode may return NULL and we should check it. This bug is found by syzkaller: FAULT_INJECTION stacktrace: [ 168.567394] FAULT_INJE
CVE-2022-49530	—	< 4.12.14-122.255.1	4.12.14-122.255.1	Feb 26, 2025	In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: fix double free in si_parse_power_table() In function si_parse_power_table(), array adev->pm.dpm.ps and its member is allocated. If the allocation of each member fails, the array itself is freed and

CVE-2022-49589Feb 26, 2025
affected < 4.12.14-122.255.1fixed 4.12.14-122.255.1
In the Linux kernel, the following vulnerability has been resolved: igmp: Fix data-races around sysctl_igmp_qrv. While reading sysctl_igmp_qrv, it can be changed concurrently. Thus, we need to add READ_ONCE() to its readers. This test can be packed into a helper, so such chang
CVE-2022-49584Feb 26, 2025
affected < 4.12.14-122.255.1fixed 4.12.14-122.255.1
In the Linux kernel, the following vulnerability has been resolved: ixgbe: Add locking to prevent panic when setting sriov_numvfs to zero It is possible to disable VFs while the PF driver is processing requests from the VF driver. This can result in a panic. BUG: unable to ha
CVE-2022-49581Feb 26, 2025
affected < 4.12.14-122.255.1fixed 4.12.14-122.255.1
In the Linux kernel, the following vulnerability has been resolved: be2net: Fix buffer overflow in be_get_module_eeprom be_cmd_read_port_transceiver_data assumes that it is given a buffer that is at least PAGE_DATA_LEN long, or twice that if the module supports SFF 8472. Howeve
CVE-2022-49578Feb 26, 2025
affected < 4.12.14-122.255.1fixed 4.12.14-122.255.1
In the Linux kernel, the following vulnerability has been resolved: ip: Fix data-races around sysctl_ip_prot_sock. sysctl_ip_prot_sock is accessed concurrently, and there is always a chance of data-race. So, all readers and writers need some basic protection to avoid load/stor
CVE-2022-49566Feb 26, 2025
affected < 4.12.14-122.255.1fixed 4.12.14-122.255.1
In the Linux kernel, the following vulnerability has been resolved: crypto: qat - fix memory leak in RSA When an RSA key represented in form 2 (as defined in PKCS #1 V2.1) is used, some components of the private key persist even after the TFM is released. Replace the explicit c
CVE-2022-49564Feb 26, 2025
affected < 4.12.14-122.255.1fixed 4.12.14-122.255.1
In the Linux kernel, the following vulnerability has been resolved: crypto: qat - add param check for DH Reject requests with a source buffer that is bigger than the size of the key. This is to prevent a possible integer underflow that might happen when copying the source scatt
CVE-2022-49563Feb 26, 2025
affected < 4.12.14-122.255.1fixed 4.12.14-122.255.1
In the Linux kernel, the following vulnerability has been resolved: crypto: qat - add param check for RSA Reject requests with a source buffer that is bigger than the size of the key. This is to prevent a possible integer underflow that might happen when copying the source scat
CVE-2022-49561Feb 26, 2025
affected < 4.12.14-122.258.1fixed 4.12.14-122.258.1
In the Linux kernel, the following vulnerability has been resolved: netfilter: conntrack: re-fetch conntrack after insertion In case the conntrack is clashing, insertion can free skb->_nfct and set skb->_nfct to the already-confirmed entry. This wasn't found before because the
CVE-2022-49555Feb 26, 2025
affected < 4.12.14-122.255.1fixed 4.12.14-122.255.1
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_qca: Use del_timer_sync() before freeing While looking at a crash report on a timer list being corrupted, which usually happens when a timer is freed while still active. This is commonly triggere
CVE-2022-49546Feb 26, 2025
affected < 4.12.14-122.255.1fixed 4.12.14-122.255.1
In the Linux kernel, the following vulnerability has been resolved: x86/kexec: fix memory leak of elf header buffer This is reported by kmemleak detector: unreferenced object 0xffffc900002a9000 (size 4096): comm "kexec", pid 14950, jiffies 4295110793 (age 373.951s) hex dum
CVE-2022-49545Feb 26, 2025
affected < 4.12.14-122.255.1fixed 4.12.14-122.255.1
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Cancel pending work at closing a MIDI substream At closing a USB MIDI output substream, there might be still a pending work, which would eventually access the rawmidi runtime object that is bei
CVE-2022-49544Feb 26, 2025
affected < 4.12.14-122.255.1fixed 4.12.14-122.255.1
In the Linux kernel, the following vulnerability has been resolved: ipw2x00: Fix potential NULL dereference in libipw_xmit() crypt and crypt->ops could be null, so we need to checking null before dereference
CVE-2022-49542Feb 26, 2025
affected < 4.12.14-122.258.1fixed 4.12.14-122.258.1
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Move cfg_log_verbose check before calling lpfc_dmp_dbg() In an attempt to log message 0126 with LOG_TRACE_EVENT, the following hard lockup call trace hangs the system. Call Trace: _raw_spin_lock_i
CVE-2022-49538Feb 26, 2025
affected < 4.12.14-122.255.1fixed 4.12.14-122.255.1
In the Linux kernel, the following vulnerability has been resolved: ALSA: jack: Access input_dev under mutex It is possible when using ASoC that input_dev is unregistered while calling snd_jack_report, which causes NULL pointer dereference. In order to prevent this serialize ac
CVE-2022-49537Feb 26, 2025
affected < 4.12.14-122.258.1fixed 4.12.14-122.258.1
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix call trace observed during I/O with CMF enabled The following was seen with CMF enabled: BUG: using smp_processor_id() in preemptible code: systemd-udevd/31711 kernel: caller is lpfc_update_cmf
CVE-2022-49536Feb 26, 2025
affected < 4.12.14-122.258.1fixed 4.12.14-122.258.1
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix SCSI I/O completion and abort handler deadlock During stress I/O tests with 500+ vports, hard LOCKUP call traces are observed. CPU A: native_queued_spin_lock_slowpath+0x192 _raw_spin_lock_irq
CVE-2022-49535Feb 26, 2025
affected < 4.12.14-122.258.1fixed 4.12.14-122.258.1
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix null pointer dereference after failing to issue FLOGI and PLOGI If lpfc_issue_els_flogi() fails and returns non-zero status, the node reference count is decremented to trigger the release of the
CVE-2022-49534Feb 26, 2025
affected < 4.12.14-122.258.1fixed 4.12.14-122.258.1
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Protect memory leak for NPIV ports sending PLOGI_RJT There is a potential memory leak in lpfc_ignore_els_cmpl() and lpfc_els_rsp_reject() that was allocated from NPIV PLOGI_RJT (lpfc_rcv_plogi()'s l
CVE-2022-49532Feb 26, 2025
affected < 4.12.14-122.255.1fixed 4.12.14-122.255.1
In the Linux kernel, the following vulnerability has been resolved: drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes drm_cvt_mode may return NULL and we should check it. This bug is found by syzkaller: FAULT_INJECTION stacktrace: [ 168.567394] FAULT_INJE
CVE-2022-49530Feb 26, 2025
affected < 4.12.14-122.255.1fixed 4.12.14-122.255.1
In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: fix double free in si_parse_power_table() In function si_parse_power_table(), array adev->pm.dpm.ps and its member is allocated. If the allocation of each member fails, the array itself is freed and

Page 58 of 90