VYPR

rpm package

suse/kernel-default&distro=SUSE Linux Enterprise Server 15 SP4-LTSS

pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSS

Vulnerabilities (2,843)

  • CVE-2022-49579Feb 26, 2025
    affected < 5.14.21-150400.24.158.1fixed 5.14.21-150400.24.158.1

    In the Linux kernel, the following vulnerability has been resolved: ipv4: Fix data-races around sysctl_fib_multipath_hash_policy. While reading sysctl_fib_multipath_hash_policy, it can be changed concurrently. Thus, we need to add READ_ONCE() to its readers.

  • CVE-2022-49570Feb 26, 2025
    affected < 5.14.21-150400.24.158.1fixed 5.14.21-150400.24.158.1

    In the Linux kernel, the following vulnerability has been resolved: gpio: gpio-xilinx: Fix integer overflow Current implementation is not able to configure more than 32 pins due to incorrect data type. So type casting with unsigned long to avoid it.

  • CVE-2022-49569Feb 26, 2025
    affected < 5.14.21-150400.24.158.1fixed 5.14.21-150400.24.158.1

    In the Linux kernel, the following vulnerability has been resolved: spi: bcm2835: bcm2835_spi_handle_err(): fix NULL pointer deref for non DMA transfers In case a IRQ based transfer times out the bcm2835_spi_handle_err() function is called. Since commit 1513ceee70f2 ("spi: bcm2

  • CVE-2022-49568Feb 26, 2025
    affected < 5.14.21-150400.24.158.1fixed 5.14.21-150400.24.158.1

    In the Linux kernel, the following vulnerability has been resolved: KVM: Don't null dereference ops->destroy A KVM device cleanup happens in either of two callbacks: 1) destroy() which is called when the VM is being destroyed; 2) release() which is called when a device fd is cl

  • CVE-2022-49566Feb 26, 2025
    affected < 5.14.21-150400.24.158.1fixed 5.14.21-150400.24.158.1

    In the Linux kernel, the following vulnerability has been resolved: crypto: qat - fix memory leak in RSA When an RSA key represented in form 2 (as defined in PKCS #1 V2.1) is used, some components of the private key persist even after the TFM is released. Replace the explicit c

  • CVE-2022-49564Feb 26, 2025
    affected < 5.14.21-150400.24.158.1fixed 5.14.21-150400.24.158.1

    In the Linux kernel, the following vulnerability has been resolved: crypto: qat - add param check for DH Reject requests with a source buffer that is bigger than the size of the key. This is to prevent a possible integer underflow that might happen when copying the source scatt

  • CVE-2022-49563Feb 26, 2025
    affected < 5.14.21-150400.24.158.1fixed 5.14.21-150400.24.158.1

    In the Linux kernel, the following vulnerability has been resolved: crypto: qat - add param check for RSA Reject requests with a source buffer that is bigger than the size of the key. This is to prevent a possible integer underflow that might happen when copying the source scat

  • CVE-2021-4453Feb 26, 2025
    affected < 5.14.21-150400.24.158.1fixed 5.14.21-150400.24.158.1

    In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: fix a potential gpu_metrics_table memory leak Memory is allocated for gpu_metrics_table in renoir_init_smc_tables(), but not freed in int smu_v12_0_fini_smc_tables(). Free it!

  • CVE-2022-49562Feb 26, 2025
    affected < 5.14.21-150400.24.158.1fixed 5.14.21-150400.24.158.1

    In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Use __try_cmpxchg_user() to update guest PTE A/D bits Use the recently introduced __try_cmpxchg_user() to update guest PTE A/D bits instead of mapping the PTE into kernel address space. The VM_PFNMAP

  • CVE-2022-49559Feb 26, 2025
    affected < 5.14.21-150400.24.158.1fixed 5.14.21-150400.24.158.1

    In the Linux kernel, the following vulnerability has been resolved: KVM: x86: Drop WARNs that assert a triple fault never "escapes" from L2 Remove WARNs that sanity check that KVM never lets a triple fault for L2 escape and incorrectly end up in L1. In normal operation, the sa

  • CVE-2022-49556Feb 26, 2025
    affected < 5.14.21-150400.24.158.1fixed 5.14.21-150400.24.158.1

    In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: Use kzalloc for sev ioctl interfaces to prevent kernel data leak For some sev ioctl interfaces, the length parameter that is passed maybe less than or equal to SEV_FW_BLOB_MAX_SIZE, but larger than th

  • CVE-2022-49555Feb 26, 2025
    affected < 5.14.21-150400.24.158.1fixed 5.14.21-150400.24.158.1

    In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_qca: Use del_timer_sync() before freeing While looking at a crash report on a timer list being corrupted, which usually happens when a timer is freed while still active. This is commonly triggere

  • CVE-2022-49551Feb 26, 2025
    affected < 5.14.21-150400.24.158.1fixed 5.14.21-150400.24.158.1

    In the Linux kernel, the following vulnerability has been resolved: usb: isp1760: Fix out-of-bounds array access Running the driver through kasan gives an interesting splat: BUG: KASAN: global-out-of-bounds in isp1760_register+0x180/0x70c Read of size 20 at addr f1db2e64 b

  • CVE-2022-49549Feb 26, 2025
    affected < 5.14.21-150400.24.158.1fixed 5.14.21-150400.24.158.1

    In the Linux kernel, the following vulnerability has been resolved: x86/MCE/AMD: Fix memory leak when threshold_create_bank() fails In mce_threshold_create_device(), if threshold_create_bank() fails, the previously allocated threshold banks array @bp will be leaked because the

  • CVE-2022-49546Feb 26, 2025
    affected < 5.14.21-150400.24.158.1fixed 5.14.21-150400.24.158.1

    In the Linux kernel, the following vulnerability has been resolved: x86/kexec: fix memory leak of elf header buffer This is reported by kmemleak detector: unreferenced object 0xffffc900002a9000 (size 4096): comm "kexec", pid 14950, jiffies 4295110793 (age 373.951s) hex dum

  • CVE-2022-49545Feb 26, 2025
    affected < 5.14.21-150400.24.158.1fixed 5.14.21-150400.24.158.1

    In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Cancel pending work at closing a MIDI substream At closing a USB MIDI output substream, there might be still a pending work, which would eventually access the rawmidi runtime object that is bei

  • CVE-2022-49544Feb 26, 2025
    affected < 5.14.21-150400.24.158.1fixed 5.14.21-150400.24.158.1

    In the Linux kernel, the following vulnerability has been resolved: ipw2x00: Fix potential NULL dereference in libipw_xmit() crypt and crypt->ops could be null, so we need to checking null before dereference

  • CVE-2022-49542Feb 26, 2025
    affected < 5.14.21-150400.24.158.1fixed 5.14.21-150400.24.158.1

    In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Move cfg_log_verbose check before calling lpfc_dmp_dbg() In an attempt to log message 0126 with LOG_TRACE_EVENT, the following hard lockup call trace hangs the system. Call Trace: _raw_spin_lock_i

  • CVE-2022-49541Feb 26, 2025
    affected < 5.14.21-150400.24.158.1fixed 5.14.21-150400.24.158.1

    In the Linux kernel, the following vulnerability has been resolved: cifs: fix potential double free during failed mount RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=2088799

  • CVE-2022-49537Feb 26, 2025
    affected < 5.14.21-150400.24.158.1fixed 5.14.21-150400.24.158.1

    In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix call trace observed during I/O with CMF enabled The following was seen with CMF enabled: BUG: using smp_processor_id() in preemptible code: systemd-udevd/31711 kernel: caller is lpfc_update_cmf

Page 71 of 143