suse/kernel-default&distro=SUSE Manager Proxy 4.3

Vulnerabilities (1,907)

• CVE-2023-52975HigMar 27, 2025
  affected < 5.14.21-150400.24.161.1fixed 5.14.21-150400.24.161.1

  In the Linux kernel, the following vulnerability has been resolved: scsi: iscsi_tcp: Fix UAF during logout when accessing the shost ipaddress Bug report and analysis from Ding Hui. During iSCSI session logout, if another task accesses the shost ipaddress attr, we can get a KAS

• CVE-2023-53033Mar 27, 2025
  affected < 5.14.21-150400.24.161.1fixed 5.14.21-150400.24.161.1

  In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_payload: incorrect arithmetics when fetching VLAN header bits If the offset + length goes over the ethernet + vlan header, then the length is adjusted to copy the bytes that are within the bounda

• CVE-2023-53030Mar 27, 2025
  affected < 5.14.21-150400.24.161.1fixed 5.14.21-150400.24.161.1

  In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: Avoid use of GFP_KERNEL in atomic context Using GFP_KERNEL in preemption disable context, causing below warning when CONFIG_DEBUG_ATOMIC_SLEEP is enabled. [ 32.542271] BUG: sleeping function ca

• CVE-2023-53029Mar 27, 2025
  affected < 5.14.21-150400.24.161.1fixed 5.14.21-150400.24.161.1

  In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: Fix the use of GFP_KERNEL in atomic context on rt The commit 4af1b64f80fb ("octeontx2-pf: Fix lmtst ID used in aura free") uses the get/put_cpu() to protect the usage of percpu pointer in ->aura_f

• CVE-2023-53028Mar 27, 2025
  affected < 5.14.21-150400.24.161.1fixed 5.14.21-150400.24.161.1

  In the Linux kernel, the following vulnerability has been resolved: Revert "wifi: mac80211: fix memory leak in ieee80211_if_add()" This reverts commit 13e5afd3d773c6fc6ca2b89027befaaaa1ea7293. ieee80211_if_free() is already called from free_netdev(ndev) because ndev->priv_dest

• CVE-2023-53026Mar 27, 2025
  affected < 5.14.21-150400.24.161.1fixed 5.14.21-150400.24.161.1

  In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Fix ib block iterator counter overflow When registering a new DMA MR after selecting the best aligned page size for it, we iterate over the given sglist to split each entry to smaller, aligned to the

• CVE-2023-53024Mar 27, 2025
  affected < 5.14.21-150400.24.161.1fixed 5.14.21-150400.24.161.1

  In the Linux kernel, the following vulnerability has been resolved: bpf: Fix pointer-leak due to insufficient speculative store bypass mitigation To mitigate Spectre v4, 2039f26f3aca ("bpf: Fix leakage due to insufficient speculative store bypass mitigation") inserts lfence ins

• CVE-2023-53023Mar 27, 2025
  affected < 5.14.21-150400.24.161.1fixed 5.14.21-150400.24.161.1

  In the Linux kernel, the following vulnerability has been resolved: net: nfc: Fix use-after-free in local_cleanup() Fix a use-after-free that occurs in kfree_skb() called from local_cleanup(). This could happen when killing nfc daemon (e.g. neard) after detaching an nfc device.

• CVE-2023-53019Mar 27, 2025
  affected < 5.14.21-150400.24.161.1fixed 5.14.21-150400.24.161.1

  In the Linux kernel, the following vulnerability has been resolved: net: mdio: validate parameter addr in mdiobus_get_phy() The caller may pass any value as addr, what may result in an out-of-bounds access to array mdio_map. One existing case is stmmac_init_phy() that may pass

• CVE-2023-53016Mar 27, 2025
  affected < 5.14.21-150400.24.161.1fixed 5.14.21-150400.24.161.1

  In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix possible deadlock in rfcomm_sk_state_change syzbot reports a possible deadlock in rfcomm_sk_state_change [1]. While rfcomm_sock_connect acquires the sk lock and waits for the rfcomm lock, rfcomm_

• CVE-2023-53015Mar 27, 2025
  affected < 5.14.21-150400.24.161.1fixed 5.14.21-150400.24.161.1

  In the Linux kernel, the following vulnerability has been resolved: HID: betop: check shape of output reports betopff_init() only checks the total sum of the report counts for each report field to be at least 4, but hid_betopff_play() expects 4 report fields. A device advertisi

• CVE-2023-53010Mar 27, 2025
  affected < 5.14.21-150400.24.161.1fixed 5.14.21-150400.24.161.1

  In the Linux kernel, the following vulnerability has been resolved: bnxt: Do not read past the end of test names Test names were being concatenated based on a offset beyond the end of the first name, which tripped the buffer overflow detection logic: detected buffer overflow

• CVE-2023-53008Mar 27, 2025
  affected < 5.14.21-150400.24.161.1fixed 5.14.21-150400.24.161.1

  In the Linux kernel, the following vulnerability has been resolved: cifs: fix potential memory leaks in session setup Make sure to free cifs_ses::auth_key.response before allocating it as we might end up leaking memory in reconnect or mounting.

• CVE-2023-53007Mar 27, 2025
  affected < 5.14.21-150400.24.161.1fixed 5.14.21-150400.24.161.1

  In the Linux kernel, the following vulnerability has been resolved: tracing: Make sure trace_printk() can output as soon as it can be used Currently trace_printk() can be used as soon as early_trace_init() is called from start_kernel(). But if a crash happens, and "ftrace_dump_

• CVE-2023-53006Mar 27, 2025
  affected < 5.14.21-150400.24.161.1fixed 5.14.21-150400.24.161.1

  In the Linux kernel, the following vulnerability has been resolved: cifs: Fix oops due to uncleared server->smbd_conn in reconnect In smbd_destroy(), clear the server->smbd_conn pointer after freeing the smbd_connection struct that it points to so that reconnection doesn't get

• CVE-2023-53005Mar 27, 2025
  affected < 5.14.21-150400.24.161.1fixed 5.14.21-150400.24.161.1

  In the Linux kernel, the following vulnerability has been resolved: trace_events_hist: add check for return value of 'create_hist_field' Function 'create_hist_field' is called recursively at trace_events_hist.c:1954 and can return NULL-value that's why we have to check it to av

• CVE-2023-53000Mar 27, 2025
  affected < 5.14.21-150400.24.161.1fixed 5.14.21-150400.24.161.1

  In the Linux kernel, the following vulnerability has been resolved: netlink: prevent potential spectre v1 gadgets Most netlink attributes are parsed and validated from __nla_validate_parse() or validate_nla() u16 type = nla_type(nla); if (type == 0 || type > maxtype)

• CVE-2023-52993Mar 27, 2025
  affected < 5.14.21-150400.24.161.1fixed 5.14.21-150400.24.161.1

  In the Linux kernel, the following vulnerability has been resolved: x86/i8259: Mark legacy PIC interrupts with IRQ_LEVEL Baoquan reported that after triggering a crash the subsequent crash-kernel fails to boot about half of the time. It triggers a NULL pointer dereference in th

• CVE-2023-52992Mar 27, 2025
  affected < 5.14.21-150400.24.161.1fixed 5.14.21-150400.24.161.1

  In the Linux kernel, the following vulnerability has been resolved: bpf: Skip task with pid=1 in send_signal_common() The following kernel panic can be triggered when a task with pid=1 attaches a prog that attempts to send killing signal to itself, also see [1] for more details

• CVE-2023-52989Mar 27, 2025
  affected < 5.14.21-150400.24.161.1fixed 5.14.21-150400.24.161.1

  In the Linux kernel, the following vulnerability has been resolved: firewire: fix memory leak for payload of request subaction to IEC 61883-1 FCP region This patch is fix for Linux kernel v2.6.33 or later. For request subaction to IEC 61883-1 FCP region, Linux FireWire subsyst