rpm package
suse/kernel-default&distro=SUSE Linux Enterprise Server LTSS Extended Security 12 SP5
pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5
Vulnerabilities (1,794)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-49865 | — | < 4.12.14-122.261.1 | 4.12.14-122.261.1 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: ipv6: addrlabel: fix infoleak when sending struct ifaddrlblmsg to network When copying a `struct ifaddrlblmsg` to the network, __ifal_reserved remained uninitialized, resulting in a 1-byte infoleak: BUG: KMS | ||
| CVE-2022-49862 | — | < 4.12.14-122.261.1 | 4.12.14-122.261.1 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: tipc: fix the msg->req tlv len check in tipc_nl_compat_name_table_dump_header This is a follow-up for commit 974cb0e3e7c9 ("tipc: fix uninit-value in tipc_nl_compat_name_table_dump") where it should have type c | ||
| CVE-2022-49861 | — | < 4.12.14-122.261.1 | 4.12.14-122.261.1 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: dmaengine: mv_xor_v2: Fix a resource leak in mv_xor_v2_remove() A clk_prepare_enable() call in the probe is not balanced by a corresponding clk_disable_unprepare() in the remove function. Add the missing call. | ||
| CVE-2022-49853 | — | < 4.12.14-122.261.1 | 4.12.14-122.261.1 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: net: macvlan: fix memory leaks of macvlan_common_newlink kmemleak reports memory leaks in macvlan_common_newlink, as follows: ip link add link eth0 name .. type macvlan mode source macaddr add km | ||
| CVE-2022-49846 | — | < 4.12.14-122.261.1 | 4.12.14-122.261.1 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: udf: Fix a slab-out-of-bounds write bug in udf_find_entry() Syzbot reported a slab-out-of-bounds Write bug: loop0: detected capacity change from 0 to 2048 ====================================================== | ||
| CVE-2022-49842 | — | < 4.12.14-122.261.1 | 4.12.14-122.261.1 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: ASoC: core: Fix use-after-free in snd_soc_exit() KASAN reports a use-after-free: BUG: KASAN: use-after-free in device_del+0xb5b/0xc60 Read of size 8 at addr ffff888008655050 by task rmmod/387 CPU: 2 PID: 387 C | ||
| CVE-2022-49840 | — | < 4.12.14-122.261.1 | 4.12.14-122.261.1 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: bpf, test_run: Fix alignment problem in bpf_prog_test_run_skb() We got a syzkaller problem because of aarch64 alignment fault if KFENCE enabled. When the size from user bpf program is an odd number, like 399, 4 | ||
| CVE-2022-49835 | — | < 4.12.14-122.261.1 | 4.12.14-122.261.1 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: fix potential memleak in 'add_widget_node' As 'kobject_add' may allocated memory for 'kobject->name' when return error. And in this function, if call 'kobject_add' failed didn't free kobject. So call | ||
| CVE-2022-49832 | — | < 4.12.14-122.261.1 | 4.12.14-122.261.1 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map Here is the BUG report by KASAN about null pointer dereference: BUG: KASAN: null-ptr-deref in strcmp+0x2e/0x50 Read of size 1 at addr 00 | ||
| CVE-2022-49829 | — | < 4.12.14-122.261.1 | 4.12.14-122.261.1 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: drm/scheduler: fix fence ref counting We leaked dependency fences when processes were beeing killed. Additional to that grab a reference to the last scheduled fence. | ||
| CVE-2022-49826 | — | < 4.12.14-122.261.1 | 4.12.14-122.261.1 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: ata: libata-transport: fix double ata_host_put() in ata_tport_add() In the error path in ata_tport_add(), when calling put_device(), ata_tport_release() is called, it will put the refcount of 'ap->host'. And t | ||
| CVE-2022-49825 | — | < 4.12.14-122.269.1 | 4.12.14-122.269.1 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: ata: libata-transport: fix error handling in ata_tport_add() In ata_tport_add(), the return value of transport_add_device() is not checked. As a result, it causes null-ptr-deref while removing the module, becau | ||
| CVE-2022-49822 | — | < 4.12.14-122.261.1 | 4.12.14-122.261.1 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: cifs: Fix connections leak when tlink setup failed If the tlink setup failed, lost to put the connections, then the module refcnt leak since the cifsd kthread not exit. Also leak the fscache info, and for next | ||
| CVE-2022-49821 | — | < 4.12.14-122.261.1 | 4.12.14-122.261.1 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: mISDN: fix possible memory leak in mISDN_dsp_element_register() Afer commit 1fa5ae857bb1 ("driver core: get rid of struct device's bus_id string array"), the name of device is allocated dynamically, use put_dev | ||
| CVE-2022-49818 | — | < 4.12.14-122.261.1 | 4.12.14-122.261.1 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: mISDN: fix misuse of put_device() in mISDN_register_device() We should not release reference by put_device() before calling device_initialize(). | ||
| CVE-2022-49814 | — | < 4.12.14-122.266.1 | 4.12.14-122.266.1 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: kcm: close race conditions on sk_receive_queue sk->sk_receive_queue is protected by skb queue lock, but for KCM sockets its RX path takes mux->rx_lock to protect more than just skb queue. However, kcm_recvmsg() | ||
| CVE-2022-49813 | — | < 4.12.14-122.261.1 | 4.12.14-122.261.1 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: net: ena: Fix error handling in ena_init() The ena_init() won't destroy workqueue created by create_singlethread_workqueue() when pci_register_driver() failed. Call destroy_workqueue() when pci_register_driver( | ||
| CVE-2022-49789 | — | < 4.12.14-122.261.1 | 4.12.14-122.261.1 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: scsi: zfcp: Fix double free of FSF request when qdio send fails We used to use the wrong type of integer in 'zfcp_fsf_req_send()' to cache the FSF request ID when sending a new FSF request. This is used in case | ||
| CVE-2022-49788 | — | < 4.12.14-122.261.1 | 4.12.14-122.261.1 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram() `struct vmci_event_qp` allocated by qp_notify_peer() contains padding, which may carry uninitialized data to the userspace, as observed by KMSAN | ||
| CVE-2022-49787 | — | < 4.12.14-122.261.1 | 4.12.14-122.261.1 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: mmc: sdhci-pci: Fix possible memory leak caused by missing pci_dev_put() pci_get_device() will increase the reference count for the returned pci_dev. We need to use pci_dev_put() to decrease the reference count |
- CVE-2022-49865May 1, 2025affected < 4.12.14-122.261.1fixed 4.12.14-122.261.1
In the Linux kernel, the following vulnerability has been resolved: ipv6: addrlabel: fix infoleak when sending struct ifaddrlblmsg to network When copying a `struct ifaddrlblmsg` to the network, __ifal_reserved remained uninitialized, resulting in a 1-byte infoleak: BUG: KMS
- CVE-2022-49862May 1, 2025affected < 4.12.14-122.261.1fixed 4.12.14-122.261.1
In the Linux kernel, the following vulnerability has been resolved: tipc: fix the msg->req tlv len check in tipc_nl_compat_name_table_dump_header This is a follow-up for commit 974cb0e3e7c9 ("tipc: fix uninit-value in tipc_nl_compat_name_table_dump") where it should have type c
- CVE-2022-49861May 1, 2025affected < 4.12.14-122.261.1fixed 4.12.14-122.261.1
In the Linux kernel, the following vulnerability has been resolved: dmaengine: mv_xor_v2: Fix a resource leak in mv_xor_v2_remove() A clk_prepare_enable() call in the probe is not balanced by a corresponding clk_disable_unprepare() in the remove function. Add the missing call.
- CVE-2022-49853May 1, 2025affected < 4.12.14-122.261.1fixed 4.12.14-122.261.1
In the Linux kernel, the following vulnerability has been resolved: net: macvlan: fix memory leaks of macvlan_common_newlink kmemleak reports memory leaks in macvlan_common_newlink, as follows: ip link add link eth0 name .. type macvlan mode source macaddr add km
- CVE-2022-49846May 1, 2025affected < 4.12.14-122.261.1fixed 4.12.14-122.261.1
In the Linux kernel, the following vulnerability has been resolved: udf: Fix a slab-out-of-bounds write bug in udf_find_entry() Syzbot reported a slab-out-of-bounds Write bug: loop0: detected capacity change from 0 to 2048 ======================================================
- CVE-2022-49842May 1, 2025affected < 4.12.14-122.261.1fixed 4.12.14-122.261.1
In the Linux kernel, the following vulnerability has been resolved: ASoC: core: Fix use-after-free in snd_soc_exit() KASAN reports a use-after-free: BUG: KASAN: use-after-free in device_del+0xb5b/0xc60 Read of size 8 at addr ffff888008655050 by task rmmod/387 CPU: 2 PID: 387 C
- CVE-2022-49840May 1, 2025affected < 4.12.14-122.261.1fixed 4.12.14-122.261.1
In the Linux kernel, the following vulnerability has been resolved: bpf, test_run: Fix alignment problem in bpf_prog_test_run_skb() We got a syzkaller problem because of aarch64 alignment fault if KFENCE enabled. When the size from user bpf program is an odd number, like 399, 4
- CVE-2022-49835May 1, 2025affected < 4.12.14-122.261.1fixed 4.12.14-122.261.1
In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: fix potential memleak in 'add_widget_node' As 'kobject_add' may allocated memory for 'kobject->name' when return error. And in this function, if call 'kobject_add' failed didn't free kobject. So call
- CVE-2022-49832May 1, 2025affected < 4.12.14-122.261.1fixed 4.12.14-122.261.1
In the Linux kernel, the following vulnerability has been resolved: pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map Here is the BUG report by KASAN about null pointer dereference: BUG: KASAN: null-ptr-deref in strcmp+0x2e/0x50 Read of size 1 at addr 00
- CVE-2022-49829May 1, 2025affected < 4.12.14-122.261.1fixed 4.12.14-122.261.1
In the Linux kernel, the following vulnerability has been resolved: drm/scheduler: fix fence ref counting We leaked dependency fences when processes were beeing killed. Additional to that grab a reference to the last scheduled fence.
- CVE-2022-49826May 1, 2025affected < 4.12.14-122.261.1fixed 4.12.14-122.261.1
In the Linux kernel, the following vulnerability has been resolved: ata: libata-transport: fix double ata_host_put() in ata_tport_add() In the error path in ata_tport_add(), when calling put_device(), ata_tport_release() is called, it will put the refcount of 'ap->host'. And t
- CVE-2022-49825May 1, 2025affected < 4.12.14-122.269.1fixed 4.12.14-122.269.1
In the Linux kernel, the following vulnerability has been resolved: ata: libata-transport: fix error handling in ata_tport_add() In ata_tport_add(), the return value of transport_add_device() is not checked. As a result, it causes null-ptr-deref while removing the module, becau
- CVE-2022-49822May 1, 2025affected < 4.12.14-122.261.1fixed 4.12.14-122.261.1
In the Linux kernel, the following vulnerability has been resolved: cifs: Fix connections leak when tlink setup failed If the tlink setup failed, lost to put the connections, then the module refcnt leak since the cifsd kthread not exit. Also leak the fscache info, and for next
- CVE-2022-49821May 1, 2025affected < 4.12.14-122.261.1fixed 4.12.14-122.261.1
In the Linux kernel, the following vulnerability has been resolved: mISDN: fix possible memory leak in mISDN_dsp_element_register() Afer commit 1fa5ae857bb1 ("driver core: get rid of struct device's bus_id string array"), the name of device is allocated dynamically, use put_dev
- CVE-2022-49818May 1, 2025affected < 4.12.14-122.261.1fixed 4.12.14-122.261.1
In the Linux kernel, the following vulnerability has been resolved: mISDN: fix misuse of put_device() in mISDN_register_device() We should not release reference by put_device() before calling device_initialize().
- CVE-2022-49814May 1, 2025affected < 4.12.14-122.266.1fixed 4.12.14-122.266.1
In the Linux kernel, the following vulnerability has been resolved: kcm: close race conditions on sk_receive_queue sk->sk_receive_queue is protected by skb queue lock, but for KCM sockets its RX path takes mux->rx_lock to protect more than just skb queue. However, kcm_recvmsg()
- CVE-2022-49813May 1, 2025affected < 4.12.14-122.261.1fixed 4.12.14-122.261.1
In the Linux kernel, the following vulnerability has been resolved: net: ena: Fix error handling in ena_init() The ena_init() won't destroy workqueue created by create_singlethread_workqueue() when pci_register_driver() failed. Call destroy_workqueue() when pci_register_driver(
- CVE-2022-49789May 1, 2025affected < 4.12.14-122.261.1fixed 4.12.14-122.261.1
In the Linux kernel, the following vulnerability has been resolved: scsi: zfcp: Fix double free of FSF request when qdio send fails We used to use the wrong type of integer in 'zfcp_fsf_req_send()' to cache the FSF request ID when sending a new FSF request. This is used in case
- CVE-2022-49788May 1, 2025affected < 4.12.14-122.261.1fixed 4.12.14-122.261.1
In the Linux kernel, the following vulnerability has been resolved: misc/vmw_vmci: fix an infoleak in vmci_host_do_receive_datagram() `struct vmci_event_qp` allocated by qp_notify_peer() contains padding, which may carry uninitialized data to the userspace, as observed by KMSAN
- CVE-2022-49787May 1, 2025affected < 4.12.14-122.261.1fixed 4.12.14-122.261.1
In the Linux kernel, the following vulnerability has been resolved: mmc: sdhci-pci: Fix possible memory leak caused by missing pci_dev_put() pci_get_device() will increase the reference count for the returned pci_dev. We need to use pci_dev_put() to decrease the reference count
Page 47 of 90