VYPR

rpm package

suse/kernel-default&distro=SUSE Linux Enterprise Server 12 SP5-LTSS

pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSS

Vulnerabilities (1,878)

  • CVE-2022-48962Oct 21, 2024
    affected < 4.12.14-122.234.1fixed 4.12.14-122.234.1

    In the Linux kernel, the following vulnerability has been resolved: net: hisilicon: Fix potential use-after-free in hisi_femac_rx() The skb is delivered to napi_gro_receive() which may free it, after calling this, dereferencing skb may trigger use-after-free.

  • CVE-2022-48960Oct 21, 2024
    affected < 4.12.14-122.234.1fixed 4.12.14-122.234.1

    In the Linux kernel, the following vulnerability has been resolved: net: hisilicon: Fix potential use-after-free in hix5hd2_rx() The skb is delivered to napi_gro_receive() which may free it, after calling this, dereferencing skb may trigger use-after-free.

  • CVE-2022-48958Oct 21, 2024
    affected < 4.12.14-122.234.1fixed 4.12.14-122.234.1

    In the Linux kernel, the following vulnerability has been resolved: ethernet: aeroflex: fix potential skb leak in greth_init_rings() The greth_init_rings() function won't free the newly allocated skb when dma_mapping_error() returns error, so add dev_kfree_skb() to fix it. Com

  • CVE-2022-48956Oct 21, 2024
    affected < 4.12.14-122.234.1fixed 4.12.14-122.234.1

    In the Linux kernel, the following vulnerability has been resolved: ipv6: avoid use-after-free in ip6_fragment() Blamed commit claimed rcu_read_lock() was held by ip6_fragment() callers. It seems to not be always true, at least for UDP stack. syzbot reported: BUG: KASAN: use

  • CVE-2022-48953Oct 21, 2024
    affected < 4.12.14-122.250.1fixed 4.12.14-122.250.1

    In the Linux kernel, the following vulnerability has been resolved: rtc: cmos: Fix event handler registration ordering issue Because acpi_install_fixed_event_handler() enables the event automatically on success, it is incorrect to call it before the handler routine passed to it

  • CVE-2022-48951Oct 21, 2024
    affected < 4.12.14-122.234.1fixed 4.12.14-122.234.1

    In the Linux kernel, the following vulnerability has been resolved: ASoC: ops: Check bounds for second channel in snd_soc_put_volsw_sx() The bounds checks in snd_soc_put_volsw_sx() are only being applied to the first channel, meaning it is possible to write out of bounds values

  • CVE-2022-48949Oct 21, 2024
    affected < 4.12.14-122.234.1fixed 4.12.14-122.234.1

    In the Linux kernel, the following vulnerability has been resolved: igb: Initialize mailbox message for VF reset When a MAC address is not assigned to the VF, that portion of the message sent to the VF is not set. The memory, however, is allocated from the stack meaning that in

  • CVE-2022-48946Oct 21, 2024
    affected < 4.12.14-122.234.1fixed 4.12.14-122.234.1

    In the Linux kernel, the following vulnerability has been resolved: udf: Fix preallocation discarding at indirect extent boundary When preallocation extent is the first one in the extent block, the code would corrupt extent tree header instead. Fix the problem and use udf_delet

  • CVE-2024-50055Oct 21, 2024
    affected < 4.12.14-122.237.1fixed 4.12.14-122.237.1

    In the Linux kernel, the following vulnerability has been resolved: driver core: bus: Fix double free in driver API bus_register() For bus_register(), any error which happens after kset_register() will cause that @priv are freed twice, fixed by setting @priv with NULL after the

  • CVE-2024-50047Oct 21, 2024
    affected < 4.12.14-122.234.1fixed 4.12.14-122.234.1

    In the Linux kernel, the following vulnerability has been resolved: smb: client: fix UAF in async decryption Doing an async decryption (large read) crashes with a slab-use-after-free way down in the crypto API. Reproducer: # mount.cifs -o ...,seal,esize=1 //srv/share /mnt

  • CVE-2024-50038Oct 21, 2024
    affected < 4.12.14-122.258.1fixed 4.12.14-122.258.1

    In the Linux kernel, the following vulnerability has been resolved: netfilter: xtables: avoid NFPROTO_UNSPEC where needed syzbot managed to call xt_cluster match via ebtables: WARNING: CPU: 0 PID: 11 at net/netfilter/xt_cluster.c:72 xt_cluster_mt+0x196/0x780 [..] ebt_do_tab

  • CVE-2024-50036Oct 21, 2024
    affected < 4.12.14-122.250.1fixed 4.12.14-122.250.1

    In the Linux kernel, the following vulnerability has been resolved: net: do not delay dst_entries_add() in dst_release() dst_entries_add() uses per-cpu data that might be freed at netns dismantle from ip6_route_net_exit() calling dst_entries_destroy() Before ip6_route_net_exit

  • CVE-2024-50024Oct 21, 2024
    affected < 4.12.14-122.234.1fixed 4.12.14-122.234.1

    In the Linux kernel, the following vulnerability has been resolved: net: Fix an unsafe loop on the list The kernel may crash when deleting a genetlink family if there are still listeners for that family: Oops: Kernel access of bad area, sig: 11 [#1] ... NIP [c000000000c080

  • CVE-2024-50007HigOct 21, 2024
    affected < 4.12.14-122.234.1fixed 4.12.14-122.234.1

    In the Linux kernel, the following vulnerability has been resolved: ALSA: asihpi: Fix potential OOB array access ASIHPI driver stores some values in the static array upon a response from the driver, and its index depends on the firmware. We shouldn't trust it blindly. This pa

  • CVE-2024-50006MedOct 21, 2024
    affected < 4.12.14-122.234.1fixed 4.12.14-122.234.1

    In the Linux kernel, the following vulnerability has been resolved: ext4: fix i_data_sem unlock order in ext4_ind_migrate() Fuzzing reports a possible deadlock in jbd2_log_wait_commit. This issue is triggered when an EXT4_IOC_MIGRATE ioctl is set to require synchronous updates

  • CVE-2024-49996HigOct 21, 2024
    affected < 4.12.14-122.234.1fixed 4.12.14-122.234.1

    In the Linux kernel, the following vulnerability has been resolved: cifs: Fix buffer overflow when parsing NFS reparse points ReparseDataLength is sum of the InodeType size and DataBuffer size. So to get DataBuffer size it is needed to subtract InodeType's size from ReparseData

  • CVE-2024-49991HigOct 21, 2024
    affected < 4.12.14-122.234.1fixed 4.12.14-122.234.1

    In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: amdkfd_free_gtt_mem clear the correct pointer Pass pointer reference to amdgpu_bo_unref to clear the correct pointer, otherwise amdgpu_bo_unref clear the local variable, the original pointer not set

  • CVE-2024-49966HigOct 21, 2024
    affected < 4.12.14-122.234.1fixed 4.12.14-122.234.1

    In the Linux kernel, the following vulnerability has been resolved: ocfs2: cancel dqi_sync_work before freeing oinfo ocfs2_global_read_info() will initialize and schedule dqi_sync_work at the end, if error occurs after successfully reading global quota, it will trigger the foll

  • CVE-2024-49952MedOct 21, 2024
    affected < 4.12.14-122.237.1fixed 4.12.14-122.237.1

    In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: prevent nf_skb_duplicated corruption syzbot found that nf_dup_ipv4() or nf_dup_ipv6() could write per-cpu variable nf_skb_duplicated in an unsafe way [1]. Disabling preemption as hinted b

  • CVE-2024-49950HigOct 21, 2024
    affected < 4.12.14-122.237.1fixed 4.12.14-122.237.1

    In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix uaf in l2cap_connect [Syzbot reported] BUG: KASAN: slab-use-after-free in l2cap_connect.constprop.0+0x10d8/0x1270 net/bluetooth/l2cap_core.c:3949 Read of size 8 at addr ffff8880241e9800 by

Page 83 of 94