rpm package
suse/kernel-default&distro=SUSE Manager Proxy 4.3
pkg:rpm/suse/kernel-default&distro=SUSE%20Manager%20Proxy%204.3
Vulnerabilities (1,907)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-48916 | — | < 5.14.21-150400.24.133.2 | 5.14.21-150400.24.133.2 | Aug 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix double list_add when enabling VMD in scalable mode When enabling VMD and IOMMU scalable mode, the following kernel panic call trace/kernel log is shown in Eagle Stream platform (Sapphire Rapids | ||
| CVE-2022-48915 | — | < 5.14.21-150400.24.133.2 | 5.14.21-150400.24.133.2 | Aug 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: thermal: core: Fix TZ_GET_TRIP NULL pointer dereference Do not call get_trip_hyst() from thermal_genl_cmd_tz_get_trip() if the thermal zone does not define one. | ||
| CVE-2022-48914 | — | < 5.14.21-150400.24.133.2 | 5.14.21-150400.24.133.2 | Aug 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: xen/netfront: destroy queues before real_num_tx_queues is zeroed xennet_destroy_queues() relies on info->netdev->real_num_tx_queues to delete queues. Since d7dac083414eb5bb99a6d2ed53dc2c1b405224e5 ("net-sysfs: | ||
| CVE-2022-48913 | — | < 5.14.21-150400.24.133.2 | 5.14.21-150400.24.133.2 | Aug 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: blktrace: fix use after free for struct blk_trace When tracing the whole disk, 'dropped' and 'msg' will be created under 'q->debugfs_dir' and 'bt->dir' is NULL, thus blk_trace_free() won't remove those files. W | ||
| CVE-2022-48912 | — | < 5.14.21-150400.24.133.2 | 5.14.21-150400.24.133.2 | Aug 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: netfilter: fix use-after-free in __nf_register_net_hook() We must not dereference @new_hooks after nf_hook_mutex has been released, because other threads might have freed our allocated hooks already. BUG: KASA | ||
| CVE-2022-48911 | — | < 5.14.21-150400.24.136.1 | 5.14.21-150400.24.136.1 | Aug 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_queue: fix possible use-after-free Eric Dumazet says: The sock_hold() side seems suspect, because there is no guarantee that sk_refcnt is not already 0. On failure, we cannot queue the packet | ||
| CVE-2022-48909 | — | < 5.14.21-150400.24.133.2 | 5.14.21-150400.24.133.2 | Aug 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: net/smc: fix connection leak There's a potential leak issue under following execution sequence : smc_release smc_connect_work if (sk->sk_state == SMC_INIT) send_clc_confirim tcp_abort(); ... | ||
| CVE-2022-48907 | — | < 5.14.21-150400.24.133.2 | 5.14.21-150400.24.133.2 | Aug 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: auxdisplay: lcd2s: Fix memory leak in ->remove() Once allocated the struct lcd2s_data is never freed. Fix the memory leak by switching to devm_kzalloc(). | ||
| CVE-2022-48905 | — | < 5.14.21-150400.24.133.2 | 5.14.21-150400.24.133.2 | Aug 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: ibmvnic: free reset-work-item when flushing Fix a tiny memory leak when flushing the reset work queue. | ||
| CVE-2022-48904 | — | < 5.14.21-150400.24.133.2 | 5.14.21-150400.24.133.2 | Aug 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Fix I/O page table memory leak The current logic updates the I/O page table mode for the domain before calling the logic to free memory used for the page table. This results in IOMMU page table memor | ||
| CVE-2022-48903 | — | < 5.14.21-150400.24.133.2 | 5.14.21-150400.24.133.2 | Aug 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: btrfs: fix relocation crash due to premature return from btrfs_commit_transaction() We are seeing crashes similar to the following trace: [38.969182] WARNING: CPU: 20 PID: 2105 at fs/btrfs/relocation.c:4070 bt | ||
| CVE-2021-4441 | — | < 5.14.21-150400.24.133.2 | 5.14.21-150400.24.133.2 | Aug 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: spi: spi-zynq-qspi: Fix a NULL pointer dereference in zynq_qspi_exec_mem_op() In zynq_qspi_exec_mem_op(), kzalloc() is directly used in memset(), which could lead to a NULL pointer dereference on failure of kza | ||
| CVE-2023-52911 | — | < 5.14.21-150400.24.133.2 | 5.14.21-150400.24.133.2 | Aug 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/msm: another fix for the headless Adreno GPU Fix another oops reproducible when rebooting the board with the Adreno GPU working in the headless mode (e.g. iMX platforms). Unable to handle kernel NULL point | ||
| CVE-2023-52907 | — | < 5.14.21-150400.24.133.2 | 5.14.21-150400.24.133.2 | Aug 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: Wait for out_urb's completion in pn533_usb_send_frame() Fix a use-after-free that occurs in hcd when in_urb sent from pn533_usb_send_frame() is completed earlier than out_urb. Its callback frees the | ||
| CVE-2023-52905 | — | < 5.14.21-150400.24.133.2 | 5.14.21-150400.24.133.2 | Aug 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: Fix resource leakage in VF driver unbind resources allocated like mcam entries to support the Ntuple feature and hash tables for the tc feature are not getting freed in driver unbind. This patch f | ||
| CVE-2023-52901 | — | < 5.14.21-150400.24.133.2 | 5.14.21-150400.24.133.2 | Aug 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Check endpoint is valid before dereferencing it When the host controller is not responding, all URBs queued to all endpoints need to be killed. This can cause a kernel panic if we dereference an inva | ||
| CVE-2023-52900 | — | < 5.14.21-150400.24.133.2 | 5.14.21-150400.24.133.2 | Aug 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix general protection fault in nilfs_btree_insert() If nilfs2 reads a corrupted disk image and tries to reads a b-tree node block by calling __nilfs_btree_get_block() against an invalid virtual block a | ||
| CVE-2023-52898 | — | < 5.14.21-150400.24.133.2 | 5.14.21-150400.24.133.2 | Aug 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: xhci: Fix null pointer dereference when host dies Make sure xhci_free_dev() and xhci_kill_endpoint_urbs() do not race and cause null pointer dereference when host suddenly dies. Usb core may call xhci_free_dev | ||
| CVE-2023-52896 | — | < 5.14.21-150400.24.133.2 | 5.14.21-150400.24.133.2 | Aug 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: btrfs: fix race between quota rescan and disable leading to NULL pointer deref If we have one task trying to start the quota rescan worker while another one is trying to disable quotas, we can end up hitting a | ||
| CVE-2023-52894 | — | < 5.14.21-150400.24.133.2 | 5.14.21-150400.24.133.2 | Aug 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_ncm: fix potential NULL ptr deref in ncm_bitrate() In Google internal bug 265639009 we've received an (as yet) unreproducible crash report from an aarch64 GKI 5.10.149-android13 running device. |
- CVE-2022-48916Aug 22, 2024affected < 5.14.21-150400.24.133.2fixed 5.14.21-150400.24.133.2
In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix double list_add when enabling VMD in scalable mode When enabling VMD and IOMMU scalable mode, the following kernel panic call trace/kernel log is shown in Eagle Stream platform (Sapphire Rapids
- CVE-2022-48915Aug 22, 2024affected < 5.14.21-150400.24.133.2fixed 5.14.21-150400.24.133.2
In the Linux kernel, the following vulnerability has been resolved: thermal: core: Fix TZ_GET_TRIP NULL pointer dereference Do not call get_trip_hyst() from thermal_genl_cmd_tz_get_trip() if the thermal zone does not define one.
- CVE-2022-48914Aug 22, 2024affected < 5.14.21-150400.24.133.2fixed 5.14.21-150400.24.133.2
In the Linux kernel, the following vulnerability has been resolved: xen/netfront: destroy queues before real_num_tx_queues is zeroed xennet_destroy_queues() relies on info->netdev->real_num_tx_queues to delete queues. Since d7dac083414eb5bb99a6d2ed53dc2c1b405224e5 ("net-sysfs:
- CVE-2022-48913Aug 22, 2024affected < 5.14.21-150400.24.133.2fixed 5.14.21-150400.24.133.2
In the Linux kernel, the following vulnerability has been resolved: blktrace: fix use after free for struct blk_trace When tracing the whole disk, 'dropped' and 'msg' will be created under 'q->debugfs_dir' and 'bt->dir' is NULL, thus blk_trace_free() won't remove those files. W
- CVE-2022-48912Aug 22, 2024affected < 5.14.21-150400.24.133.2fixed 5.14.21-150400.24.133.2
In the Linux kernel, the following vulnerability has been resolved: netfilter: fix use-after-free in __nf_register_net_hook() We must not dereference @new_hooks after nf_hook_mutex has been released, because other threads might have freed our allocated hooks already. BUG: KASA
- CVE-2022-48911Aug 22, 2024affected < 5.14.21-150400.24.136.1fixed 5.14.21-150400.24.136.1
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_queue: fix possible use-after-free Eric Dumazet says: The sock_hold() side seems suspect, because there is no guarantee that sk_refcnt is not already 0. On failure, we cannot queue the packet
- CVE-2022-48909Aug 22, 2024affected < 5.14.21-150400.24.133.2fixed 5.14.21-150400.24.133.2
In the Linux kernel, the following vulnerability has been resolved: net/smc: fix connection leak There's a potential leak issue under following execution sequence : smc_release smc_connect_work if (sk->sk_state == SMC_INIT) send_clc_confirim tcp_abort(); ...
- CVE-2022-48907Aug 22, 2024affected < 5.14.21-150400.24.133.2fixed 5.14.21-150400.24.133.2
In the Linux kernel, the following vulnerability has been resolved: auxdisplay: lcd2s: Fix memory leak in ->remove() Once allocated the struct lcd2s_data is never freed. Fix the memory leak by switching to devm_kzalloc().
- CVE-2022-48905Aug 22, 2024affected < 5.14.21-150400.24.133.2fixed 5.14.21-150400.24.133.2
In the Linux kernel, the following vulnerability has been resolved: ibmvnic: free reset-work-item when flushing Fix a tiny memory leak when flushing the reset work queue.
- CVE-2022-48904Aug 22, 2024affected < 5.14.21-150400.24.133.2fixed 5.14.21-150400.24.133.2
In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Fix I/O page table memory leak The current logic updates the I/O page table mode for the domain before calling the logic to free memory used for the page table. This results in IOMMU page table memor
- CVE-2022-48903Aug 22, 2024affected < 5.14.21-150400.24.133.2fixed 5.14.21-150400.24.133.2
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix relocation crash due to premature return from btrfs_commit_transaction() We are seeing crashes similar to the following trace: [38.969182] WARNING: CPU: 20 PID: 2105 at fs/btrfs/relocation.c:4070 bt
- CVE-2021-4441Aug 22, 2024affected < 5.14.21-150400.24.133.2fixed 5.14.21-150400.24.133.2
In the Linux kernel, the following vulnerability has been resolved: spi: spi-zynq-qspi: Fix a NULL pointer dereference in zynq_qspi_exec_mem_op() In zynq_qspi_exec_mem_op(), kzalloc() is directly used in memset(), which could lead to a NULL pointer dereference on failure of kza
- CVE-2023-52911Aug 21, 2024affected < 5.14.21-150400.24.133.2fixed 5.14.21-150400.24.133.2
In the Linux kernel, the following vulnerability has been resolved: drm/msm: another fix for the headless Adreno GPU Fix another oops reproducible when rebooting the board with the Adreno GPU working in the headless mode (e.g. iMX platforms). Unable to handle kernel NULL point
- CVE-2023-52907Aug 21, 2024affected < 5.14.21-150400.24.133.2fixed 5.14.21-150400.24.133.2
In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: Wait for out_urb's completion in pn533_usb_send_frame() Fix a use-after-free that occurs in hcd when in_urb sent from pn533_usb_send_frame() is completed earlier than out_urb. Its callback frees the
- CVE-2023-52905Aug 21, 2024affected < 5.14.21-150400.24.133.2fixed 5.14.21-150400.24.133.2
In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: Fix resource leakage in VF driver unbind resources allocated like mcam entries to support the Ntuple feature and hash tables for the tc feature are not getting freed in driver unbind. This patch f
- CVE-2023-52901Aug 21, 2024affected < 5.14.21-150400.24.133.2fixed 5.14.21-150400.24.133.2
In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Check endpoint is valid before dereferencing it When the host controller is not responding, all URBs queued to all endpoints need to be killed. This can cause a kernel panic if we dereference an inva
- CVE-2023-52900Aug 21, 2024affected < 5.14.21-150400.24.133.2fixed 5.14.21-150400.24.133.2
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix general protection fault in nilfs_btree_insert() If nilfs2 reads a corrupted disk image and tries to reads a b-tree node block by calling __nilfs_btree_get_block() against an invalid virtual block a
- CVE-2023-52898Aug 21, 2024affected < 5.14.21-150400.24.133.2fixed 5.14.21-150400.24.133.2
In the Linux kernel, the following vulnerability has been resolved: xhci: Fix null pointer dereference when host dies Make sure xhci_free_dev() and xhci_kill_endpoint_urbs() do not race and cause null pointer dereference when host suddenly dies. Usb core may call xhci_free_dev
- CVE-2023-52896Aug 21, 2024affected < 5.14.21-150400.24.133.2fixed 5.14.21-150400.24.133.2
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix race between quota rescan and disable leading to NULL pointer deref If we have one task trying to start the quota rescan worker while another one is trying to disable quotas, we can end up hitting a
- CVE-2023-52894Aug 21, 2024affected < 5.14.21-150400.24.133.2fixed 5.14.21-150400.24.133.2
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_ncm: fix potential NULL ptr deref in ncm_bitrate() In Google internal bug 265639009 we've received an (as yet) unreproducible crash report from an aarch64 GKI 5.10.149-android13 running device.
Page 54 of 96