rpm package

suse/kernel-default&distro=SUSE Linux Enterprise Server 12 SP5

pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5

Vulnerabilities (1,486)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2022-48672		—	< 4.12.14-122.219.1	4.12.14-122.219.1	May 3, 2024	In the Linux kernel, the following vulnerability has been resolved: of: fdt: fix off-by-one error in unflatten_dt_nodes() Commit 78c44d910d3e ("drivers/of: Fix depth when unflattening devicetree") forgot to fix up the depth check in the loop body in unflatten_dt_nodes() which m
CVE-2024-27078	Med	5.5	< 4.12.14-122.216.1	4.12.14-122.216.1	May 1, 2024	In the Linux kernel, the following vulnerability has been resolved: media: v4l2-tpg: fix some memleaks in tpg_alloc In tpg_alloc, resources should be deallocated in each and every error-handling paths, since they are allocated in for statements. Otherwise there would be memleak
CVE-2024-27072	Med	5.5	< 4.12.14-122.216.1	4.12.14-122.216.1	May 1, 2024	In the Linux kernel, the following vulnerability has been resolved: media: usbtv: Remove useless locks in usbtv_video_free() Remove locks calls in usbtv_video_free() because are useless and may led to a deadlock as reported here: https://syzkaller.appspot.com/x/bisect.txt?x=166
CVE-2024-27059	Med	5.5	< 4.12.14-122.219.1	4.12.14-122.219.1	May 1, 2024	In the Linux kernel, the following vulnerability has been resolved: USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command The isd200 sub-driver in usb-storage uses the HEADS and SECTORS values in the ATA ID information to calculate cylinder and head values when crea
CVE-2024-27025	Med	5.5	< 4.12.14-122.225.1	4.12.14-122.225.1	May 1, 2024	In the Linux kernel, the following vulnerability has been resolved: nbd: null check for nla_nest_start nla_nest_start() may fail and return NULL. Insert a check and set errno based on other call sites within the same source code.
CVE-2024-27388		—	< 4.12.14-122.216.1	4.12.14-122.216.1	May 1, 2024	In the Linux kernel, the following vulnerability has been resolved: SUNRPC: fix some memleaks in gssx_dec_option_array The creds and oa->data need to be freed in the error-handling paths after their allocation. So this patch add these deallocations in the corresponding paths.
CVE-2024-27075		—	< 4.12.14-122.216.1	4.12.14-122.216.1	May 1, 2024	In the Linux kernel, the following vulnerability has been resolved: media: dvb-frontends: avoid stack overflow warnings with clang A previous patch worked around a KASAN issue in stv0367, now a similar problem showed up with clang: drivers/media/dvb-frontends/stv0367.c:1222:12
CVE-2024-27074		—	< 4.12.14-122.216.1	4.12.14-122.216.1	May 1, 2024	In the Linux kernel, the following vulnerability has been resolved: media: go7007: fix a memleak in go7007_load_encoder In go7007_load_encoder, bounce(i.e. go->boot_fw), is allocated without a deallocation thereafter. After the following call chain: saa7134_go7007_init \|-> g
CVE-2024-27073		—	< 4.12.14-122.216.1	4.12.14-122.216.1	May 1, 2024	In the Linux kernel, the following vulnerability has been resolved: media: ttpci: fix two memleaks in budget_av_attach When saa7146_register_device and saa7146_vv_init fails, budget_av_attach should free the resources it allocates, like the error-handling of ttpci_budget_init d
CVE-2023-52653		—	< 4.12.14-122.216.1	4.12.14-122.216.1	May 1, 2024	In the Linux kernel, the following vulnerability has been resolved: SUNRPC: fix a memleak in gss_import_v2_context The ctx->mech_used.data allocated by kmemdup is not freed in neither gss_import_v2_context nor it only caller gss_krb5_import_sec_context, which frees ctx on error
CVE-2023-52652		—	< 4.12.14-122.216.1	4.12.14-122.216.1	May 1, 2024	In the Linux kernel, the following vulnerability has been resolved: NTB: fix possible name leak in ntb_register_device() If device_register() fails in ntb_register_device(), the device name allocated by dev_set_name() should be freed. As per the comment in device_register(), ca
CVE-2024-27062		—	< 4.12.14-122.219.1	4.12.14-122.219.1	May 1, 2024	In the Linux kernel, the following vulnerability has been resolved: nouveau: lock the client object tree. It appears the client object tree has no locking unless I've missed something else. Fix races around adding/removing client objects, mostly vram bar mappings. 4562.099306
CVE-2024-27054		—	< 4.12.14-122.216.1	4.12.14-122.216.1	May 1, 2024	In the Linux kernel, the following vulnerability has been resolved: s390/dasd: fix double module refcount decrement Once the discipline is associated with the device, deleting the device takes care of decrementing the module's refcount. Doing it manually on this error path cau
CVE-2024-27046		—	< 4.12.14-122.216.1	4.12.14-122.216.1	May 1, 2024	In the Linux kernel, the following vulnerability has been resolved: nfp: flower: handle acti_netdevs allocation failure The kmalloc_array() in nfp_fl_lag_do_work() will return null, if the physical memory has run out. As a result, if we dereference the acti_netdevs, the null po
CVE-2024-27043		—	< 4.12.14-122.216.1	4.12.14-122.216.1	May 1, 2024	In the Linux kernel, the following vulnerability has been resolved: media: edia: dvbdev: fix a use-after-free In dvb_register_device, pdvbdev is set equal to dvbdev, which is freed in several error-handling paths. However, pdvbdev is not set to NULL after dvbdev's deallocatio
CVE-2023-52650		—	< 4.12.14-122.216.1	4.12.14-122.216.1	May 1, 2024	In the Linux kernel, the following vulnerability has been resolved: drm/tegra: dsi: Add missing check for of_find_device_by_node Add check for the return value of of_find_device_by_node() and return the error if it fails in order to avoid NULL pointer dereference.
CVE-2024-27020	Hig	7.0	< 4.12.14-122.225.1	4.12.14-122.225.1	May 1, 2024	In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() nft_unregister_expr() can concurrent with __nft_expr_type_get(), and there is not any protection when iterate over nf_tables_expressions li
CVE-2024-27013	Med	5.5	< 4.12.14-122.216.1	4.12.14-122.216.1	May 1, 2024	In the Linux kernel, the following vulnerability has been resolved: tun: limit printing rate when illegal packet received by tun dev vhost_worker will call tun call backs to receive packets. If too many illegal packets arrives, tun_do_read will keep dumping packet contents. Whe
CVE-2024-26993	Med	5.5	< 4.12.14-122.216.1	4.12.14-122.216.1	May 1, 2024	In the Linux kernel, the following vulnerability has been resolved: fs: sysfs: Fix reference leak in sysfs_break_active_protection() The sysfs_break_active_protection() routine has an obvious reference leak in its error path. If the call to kernfs_find_and_get() fails then kn
CVE-2024-26973	Med	5.5	< 4.12.14-122.222.1	4.12.14-122.222.1	May 1, 2024	In the Linux kernel, the following vulnerability has been resolved: fat: fix uninitialized field in nostale filehandles When fat_encode_fh_nostale() encodes file handle without a parent it stores only first 10 bytes of the file handle. However the length of the file handle must

CVE-2022-48672May 3, 2024
affected < 4.12.14-122.219.1fixed 4.12.14-122.219.1
In the Linux kernel, the following vulnerability has been resolved: of: fdt: fix off-by-one error in unflatten_dt_nodes() Commit 78c44d910d3e ("drivers/of: Fix depth when unflattening devicetree") forgot to fix up the depth check in the loop body in unflatten_dt_nodes() which m
CVE-2024-27078MedMay 1, 2024
affected < 4.12.14-122.216.1fixed 4.12.14-122.216.1
In the Linux kernel, the following vulnerability has been resolved: media: v4l2-tpg: fix some memleaks in tpg_alloc In tpg_alloc, resources should be deallocated in each and every error-handling paths, since they are allocated in for statements. Otherwise there would be memleak
CVE-2024-27072MedMay 1, 2024
affected < 4.12.14-122.216.1fixed 4.12.14-122.216.1
In the Linux kernel, the following vulnerability has been resolved: media: usbtv: Remove useless locks in usbtv_video_free() Remove locks calls in usbtv_video_free() because are useless and may led to a deadlock as reported here: https://syzkaller.appspot.com/x/bisect.txt?x=166
CVE-2024-27059MedMay 1, 2024
affected < 4.12.14-122.219.1fixed 4.12.14-122.219.1
In the Linux kernel, the following vulnerability has been resolved: USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command The isd200 sub-driver in usb-storage uses the HEADS and SECTORS values in the ATA ID information to calculate cylinder and head values when crea
CVE-2024-27025MedMay 1, 2024
affected < 4.12.14-122.225.1fixed 4.12.14-122.225.1
In the Linux kernel, the following vulnerability has been resolved: nbd: null check for nla_nest_start nla_nest_start() may fail and return NULL. Insert a check and set errno based on other call sites within the same source code.
CVE-2024-27388May 1, 2024
affected < 4.12.14-122.216.1fixed 4.12.14-122.216.1
In the Linux kernel, the following vulnerability has been resolved: SUNRPC: fix some memleaks in gssx_dec_option_array The creds and oa->data need to be freed in the error-handling paths after their allocation. So this patch add these deallocations in the corresponding paths.
CVE-2024-27075May 1, 2024
affected < 4.12.14-122.216.1fixed 4.12.14-122.216.1
In the Linux kernel, the following vulnerability has been resolved: media: dvb-frontends: avoid stack overflow warnings with clang A previous patch worked around a KASAN issue in stv0367, now a similar problem showed up with clang: drivers/media/dvb-frontends/stv0367.c:1222:12
CVE-2024-27074May 1, 2024
affected < 4.12.14-122.216.1fixed 4.12.14-122.216.1
In the Linux kernel, the following vulnerability has been resolved: media: go7007: fix a memleak in go7007_load_encoder In go7007_load_encoder, bounce(i.e. go->boot_fw), is allocated without a deallocation thereafter. After the following call chain: saa7134_go7007_init |-> g
CVE-2024-27073May 1, 2024
affected < 4.12.14-122.216.1fixed 4.12.14-122.216.1
In the Linux kernel, the following vulnerability has been resolved: media: ttpci: fix two memleaks in budget_av_attach When saa7146_register_device and saa7146_vv_init fails, budget_av_attach should free the resources it allocates, like the error-handling of ttpci_budget_init d
CVE-2023-52653May 1, 2024
affected < 4.12.14-122.216.1fixed 4.12.14-122.216.1
In the Linux kernel, the following vulnerability has been resolved: SUNRPC: fix a memleak in gss_import_v2_context The ctx->mech_used.data allocated by kmemdup is not freed in neither gss_import_v2_context nor it only caller gss_krb5_import_sec_context, which frees ctx on error
CVE-2023-52652May 1, 2024
affected < 4.12.14-122.216.1fixed 4.12.14-122.216.1
In the Linux kernel, the following vulnerability has been resolved: NTB: fix possible name leak in ntb_register_device() If device_register() fails in ntb_register_device(), the device name allocated by dev_set_name() should be freed. As per the comment in device_register(), ca
CVE-2024-27062May 1, 2024
affected < 4.12.14-122.219.1fixed 4.12.14-122.219.1
In the Linux kernel, the following vulnerability has been resolved: nouveau: lock the client object tree. It appears the client object tree has no locking unless I've missed something else. Fix races around adding/removing client objects, mostly vram bar mappings. 4562.099306
CVE-2024-27054May 1, 2024
affected < 4.12.14-122.216.1fixed 4.12.14-122.216.1
In the Linux kernel, the following vulnerability has been resolved: s390/dasd: fix double module refcount decrement Once the discipline is associated with the device, deleting the device takes care of decrementing the module's refcount. Doing it manually on this error path cau
CVE-2024-27046May 1, 2024
affected < 4.12.14-122.216.1fixed 4.12.14-122.216.1
In the Linux kernel, the following vulnerability has been resolved: nfp: flower: handle acti_netdevs allocation failure The kmalloc_array() in nfp_fl_lag_do_work() will return null, if the physical memory has run out. As a result, if we dereference the acti_netdevs, the null po
CVE-2024-27043May 1, 2024
affected < 4.12.14-122.216.1fixed 4.12.14-122.216.1
In the Linux kernel, the following vulnerability has been resolved: media: edia: dvbdev: fix a use-after-free In dvb_register_device, *pdvbdev is set equal to dvbdev, which is freed in several error-handling paths. However, *pdvbdev is not set to NULL after dvbdev's deallocatio
CVE-2023-52650May 1, 2024
affected < 4.12.14-122.216.1fixed 4.12.14-122.216.1
In the Linux kernel, the following vulnerability has been resolved: drm/tegra: dsi: Add missing check for of_find_device_by_node Add check for the return value of of_find_device_by_node() and return the error if it fails in order to avoid NULL pointer dereference.
CVE-2024-27020HigMay 1, 2024
affected < 4.12.14-122.225.1fixed 4.12.14-122.225.1
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() nft_unregister_expr() can concurrent with __nft_expr_type_get(), and there is not any protection when iterate over nf_tables_expressions li
CVE-2024-27013MedMay 1, 2024
affected < 4.12.14-122.216.1fixed 4.12.14-122.216.1
In the Linux kernel, the following vulnerability has been resolved: tun: limit printing rate when illegal packet received by tun dev vhost_worker will call tun call backs to receive packets. If too many illegal packets arrives, tun_do_read will keep dumping packet contents. Whe
CVE-2024-26993MedMay 1, 2024
affected < 4.12.14-122.216.1fixed 4.12.14-122.216.1
In the Linux kernel, the following vulnerability has been resolved: fs: sysfs: Fix reference leak in sysfs_break_active_protection() The sysfs_break_active_protection() routine has an obvious reference leak in its error path. If the call to kernfs_find_and_get() fails then kn
CVE-2024-26973MedMay 1, 2024
affected < 4.12.14-122.222.1fixed 4.12.14-122.222.1
In the Linux kernel, the following vulnerability has been resolved: fat: fix uninitialized field in nostale filehandles When fat_encode_fh_nostale() encodes file handle without a parent it stores only first 10 bytes of the file handle. However the length of the file handle must

Page 30 of 75