suse/kernel-default&distro=SUSE Manager Server LTS 4.3

Vulnerabilities (542)

• CVE-2022-50453Oct 1, 2025
  affected < 5.14.21-150400.24.179.1fixed 5.14.21-150400.24.179.1

  In the Linux kernel, the following vulnerability has been resolved: gpiolib: cdev: fix NULL-pointer dereferences There are several places where we can crash the kernel by requesting lines, unbinding the GPIO device, then calling any of the system calls relevant to the GPIO char

• CVE-2022-50449Oct 1, 2025
  affected < 5.14.21-150400.24.179.1fixed 5.14.21-150400.24.179.1

  In the Linux kernel, the following vulnerability has been resolved: clk: samsung: Fix memory leak in _samsung_clk_register_pll() If clk_register() fails, @pll->rate_table may have allocated memory by kmemdup(), so it needs to be freed, otherwise will cause memory leak issue, th

• CVE-2023-53487Oct 1, 2025
  affected < 5.14.21-150400.24.179.1fixed 5.14.21-150400.24.179.1

  In the Linux kernel, the following vulnerability has been resolved: powerpc/rtas_flash: allow user copy to flash block cache objects With hardened usercopy enabled (CONFIG_HARDENED_USERCOPY=y), using the /proc/powerpc/rtas/firmware_update interface to prepare a system firmware

• CVE-2023-53485Oct 1, 2025
  affected < 5.14.21-150400.24.179.1fixed 5.14.21-150400.24.179.1

  In the Linux kernel, the following vulnerability has been resolved: fs: jfs: Fix UBSAN: array-index-out-of-bounds in dbAllocDmapLev Syzkaller reported the following issue: UBSAN: array-index-out-of-bounds in fs/jfs/jfs_dmap.c:1965:6 index -84 is out of range for type 's8[341]'

• CVE-2023-53476Oct 1, 2025
  affected < 5.14.21-150400.24.179.1fixed 5.14.21-150400.24.179.1

  In the Linux kernel, the following vulnerability has been resolved: iw_cxgb4: Fix potential NULL dereference in c4iw_fill_res_cm_id_entry() This condition needs to match the previous "if (epcp->state == LISTEN) {" exactly to avoid a NULL dereference of either "listen_ep" or "ep

• CVE-2023-53475Oct 1, 2025
  affected < 5.14.21-150400.24.179.1fixed 5.14.21-150400.24.179.1

  In the Linux kernel, the following vulnerability has been resolved: usb: xhci: tegra: fix sleep in atomic call When we set the dual-role port to Host mode, we observed the following splat: [ 167.057718] BUG: sleeping function called from invalid context at include/linux/sched/

• CVE-2023-53474Oct 1, 2025
  affected < 5.14.21-150400.24.179.1fixed 5.14.21-150400.24.179.1

  In the Linux kernel, the following vulnerability has been resolved: x86/MCE/AMD: Use an u64 for bank_map Thee maximum number of MCA banks is 64 (MAX_NR_BANKS), see a0bc32b3cacf ("x86/mce: Increase maximum number of banks to 64"). However, the bank_map which contains a bitfi

• CVE-2023-53473Oct 1, 2025
  affected < 5.14.21-150400.24.179.1fixed 5.14.21-150400.24.179.1

  In the Linux kernel, the following vulnerability has been resolved: ext4: improve error handling from ext4_dirhash() The ext4_dirhash() will *almost* never fail, especially when the hash tree feature was first introduced. However, with the addition of support of encrypted, cas

• CVE-2023-53472Oct 1, 2025
  affected < 5.14.21-150400.24.179.1fixed 5.14.21-150400.24.179.1

  In the Linux kernel, the following vulnerability has been resolved: pwm: lpc32xx: Remove handling of PWM channels Because LPC32xx PWM controllers have only a single output which is registered as the only PWM device/channel per controller, it is known in advance that pwm->hwpwm

• CVE-2023-53471Oct 1, 2025
  affected < 5.14.21-150400.24.179.1fixed 5.14.21-150400.24.179.1

  In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/gfx: disable gfx9 cp_ecc_error_irq only when enabling legacy gfx ras gfx9 cp_ecc_error_irq is only enabled when legacy gfx ras is assert. So in gfx_v9_0_hw_fini, interrupt disablement for cp_ecc_erro

• CVE-2023-53468Oct 1, 2025
  affected < 5.14.21-150400.24.179.1fixed 5.14.21-150400.24.179.1

  In the Linux kernel, the following vulnerability has been resolved: ubifs: Fix memory leak in alloc_wbufs() kmemleak reported a sequence of memory leaks, and show them as following: unreferenced object 0xffff8881575f8400 (size 1024): comm "mount", pid 19625, jiffies 4297

• CVE-2023-53465Oct 1, 2025
  affected < 5.14.21-150400.24.179.1fixed 5.14.21-150400.24.179.1

  In the Linux kernel, the following vulnerability has been resolved: soundwire: qcom: fix storing port config out-of-bounds The 'qcom_swrm_ctrl->pconfig' has size of QCOM_SDW_MAX_PORTS (14), however we index it starting from 1, not 0, to match real port numbers. This can lead to

• CVE-2023-53464Oct 1, 2025
  affected < 5.14.21-150400.24.179.1fixed 5.14.21-150400.24.179.1

  In the Linux kernel, the following vulnerability has been resolved: scsi: iscsi_tcp: Check that sock is valid before iscsi_set_param() The validity of sock should be checked before assignment to avoid incorrect values. Commit 57569c37f0ad ("scsi: iscsi: iscsi_tcp: Fix null-ptr-

• CVE-2023-53463Oct 1, 2025
  affected < 5.14.21-150400.24.179.1fixed 5.14.21-150400.24.179.1

  In the Linux kernel, the following vulnerability has been resolved: ibmvnic: Do not reset dql stats on NON_FATAL err All ibmvnic resets, make a call to netdev_tx_reset_queue() when re-opening the device. netdev_tx_reset_queue() resets the num_queued and num_completed byte count

• CVE-2023-53458Oct 1, 2025
  affected < 5.14.21-150400.24.179.1fixed 5.14.21-150400.24.179.1

  In the Linux kernel, the following vulnerability has been resolved: media: cx23885: Fix a null-ptr-deref bug in buffer_prepare() and buffer_finish() When the driver calls cx23885_risc_buffer() to prepare the buffer, the function call dma_alloc_coherent may fail, resulting in a

• CVE-2023-53457Oct 1, 2025
  affected < 5.14.21-150400.24.179.1fixed 5.14.21-150400.24.179.1

  In the Linux kernel, the following vulnerability has been resolved: FS: JFS: Fix null-ptr-deref Read in txBegin Syzkaller reported an issue where txBegin may be called on a superblock in a read-only mounted filesystem which leads to NULL pointer deref. This could be solved b

• CVE-2023-53454Oct 1, 2025
  affected < 5.14.21-150400.24.179.1fixed 5.14.21-150400.24.179.1

  In the Linux kernel, the following vulnerability has been resolved: HID: multitouch: Correct devm device reference for hidinput input_dev name Reference the HID device rather than the input device for the devm allocation of the input_dev name. Referencing the input_dev would le

• CVE-2023-53453Oct 1, 2025
  affected < 5.14.21-150400.24.179.1fixed 5.14.21-150400.24.179.1

  In the Linux kernel, the following vulnerability has been resolved: drm/radeon: free iio for atombios when driver shutdown Fix below kmemleak when unload radeon driver: unreferenced object 0xffff9f8608ede200 (size 512): comm "systemd-udevd", pid 326, jiffies 4294682822 (age

• CVE-2023-53452Oct 1, 2025
  affected < 5.14.21-150400.24.179.1fixed 5.14.21-150400.24.179.1

  In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: fix potential race condition between napi_init and napi_enable A race condition can happen if netdev is registered, but NAPI isn't initialized yet, and meanwhile user space starts the netdev that w

• CVE-2023-53451Oct 1, 2025
  affected < 5.14.21-150400.24.179.1fixed 5.14.21-150400.24.179.1

  In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix potential NULL pointer dereference Klocwork tool reported 'cur_dsd' may be dereferenced. Add fix to validate pointer before dereferencing the pointer.