rpm package
suse/kernel-default-base&distro=SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS
pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSS
Vulnerabilities (812)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-38559 | Med | 4.4 | < 5.3.18-150200.24.197.1.150200.9.101.1 | 5.3.18-150200.24.197.1.150200.9.101.1 | Jun 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: scsi: qedf: Ensure the copied buf is NUL terminated Currently, we allocate a count-sized kernel buffer and copy count from userspace to that buffer. Later, we use kstrtouint on this buffer but we don't ensure t | |
| CVE-2024-38545 | Hig | 7.8 | < 5.3.18-150200.24.197.1.150200.9.101.1 | 5.3.18-150200.24.197.1.150200.9.101.1 | Jun 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix UAF for cq async event The refcount of CQ is not protected by locks. When CQ asynchronous events and CQ destruction are concurrent, CQ may have been released, which will cause UAF. Use the xa_loc | |
| CVE-2024-38541 | Cri | 9.8 | < 5.3.18-150200.24.197.1.150200.9.101.1 | 5.3.18-150200.24.197.1.150200.9.101.1 | Jun 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: of: module: add buffer overflow check in of_modalias() In of_modalias(), if the buffer happens to be too small even for the 1st snprintf() call, the len parameter will become negative and str parameter (if not | |
| CVE-2024-36974 | Hig | 7.8 | < 5.3.18-150200.24.200.1.150200.9.103.1 | 5.3.18-150200.24.200.1.150200.9.103.1 | Jun 18, 2024 | In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP If one TCA_TAPRIO_ATTR_PRIOMAP attribute has been provided, taprio_parse_mqprio_opt() must validate it, or userspace can inject arbitrary data to the k | |
| CVE-2024-36971 | Hig | 7.8 | KEV | < 5.3.18-150200.24.206.1.150200.9.107.1 | 5.3.18-150200.24.206.1.150200.9.107.1 | Jun 10, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: fix __dst_negative_advice() race __dst_negative_advice() does not enforce proper RCU rules when sk->dst_cache must be cleared, leading to possible UAF. RCU rules are that we must first clear sk->sk_dst_ca |
| CVE-2024-36964 | Med | 5.5 | < 5.3.18-150200.24.197.1.150200.9.101.1 | 5.3.18-150200.24.197.1.150200.9.101.1 | Jun 3, 2024 | In the Linux kernel, the following vulnerability has been resolved: fs/9p: only translate RWX permissions for plain 9P2000 Garbage in plain 9P2000's perm bits is allowed through, which causes it to be able to set (among others) the suid bit. This was presumably not the intent s | |
| CVE-2024-36940 | Hig | 7.8 | < 5.3.18-150200.24.197.1.150200.9.101.1 | 5.3.18-150200.24.197.1.150200.9.101.1 | May 30, 2024 | In the Linux kernel, the following vulnerability has been resolved: pinctrl: core: delete incorrect free in pinctrl_enable() The "pctldev" struct is allocated in devm_pinctrl_register_and_init(). It's a devm_ managed pointer that is freed by devm_pinctrl_dev_release(), so freei | |
| CVE-2024-36904 | Hig | 7.8 | < 5.3.18-150200.24.197.1.150200.9.101.1 | 5.3.18-150200.24.197.1.150200.9.101.1 | May 30, 2024 | In the Linux kernel, the following vulnerability has been resolved: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). Anderson Nascimento reported a use-after-free splat in tcp_twsk_unique() with nice analysis. Since commit ec94c2696f0b ("tcp/dccp: avoid one atomic operat | |
| CVE-2024-36894 | Med | 5.6 | < 5.3.18-150200.24.197.1.150200.9.101.1 | 5.3.18-150200.24.197.1.150200.9.101.1 | May 30, 2024 | In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete FFS based applications can utilize the aio_cancel() callback to dequeue pending USB requests submitted to the UDC. There is a scenario | |
| CVE-2023-52881 | Med | 5.5 | < 5.3.18-150200.24.197.1.150200.9.101.1 | 5.3.18-150200.24.197.1.150200.9.101.1 | May 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: tcp: do not accept ACK of bytes we never sent This patch is based on a detailed report and ideas from Yepeng Pan and Christian Rossow. ACK seq validation is currently following RFC 5961 5.2 guidelines: The | |
| CVE-2023-52880 | Med | 5.5 | < 5.3.18-150200.24.194.1.150200.9.99.1 | 5.3.18-150200.24.194.1.150200.9.99.1 | May 24, 2024 | In the Linux kernel, the following vulnerability has been resolved: tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc Any unprivileged user can attach N_GSM0710 ldisc, but it requires CAP_NET_ADMIN to create a GSM network anyway. Require initial namespace CAP_NET_ADM | |
| CVE-2021-47571 | Hig | 7.8 | < 5.3.18-150200.24.197.1.150200.9.101.1 | 5.3.18-150200.24.197.1.150200.9.101.1 | May 24, 2024 | In the Linux kernel, the following vulnerability has been resolved: staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect() The free_rtllib() function frees the "dev" pointer so there is use after free on the next line. Re-arrange things to avoid that. | |
| CVE-2021-47565 | Hig | 7.8 | < 5.3.18-150200.24.194.1.150200.9.99.1 | 5.3.18-150200.24.194.1.150200.9.99.1 | May 24, 2024 | In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Fix kernel panic during drive powercycle test While looping over shost's sdev list it is possible that one of the drives is getting removed and its sas_target object is freed but its sdev object | |
| CVE-2021-47563 | Med | 5.5 | < 5.3.18-150200.24.194.1.150200.9.99.1 | 5.3.18-150200.24.194.1.150200.9.99.1 | May 24, 2024 | In the Linux kernel, the following vulnerability has been resolved: ice: avoid bpf_prog refcount underflow Ice driver has the routines for managing XDP resources that are shared between ndo_bpf op and VSI rebuild flow. The latter takes place for example when user changes queue | |
| CVE-2021-47562 | Med | 5.5 | < 5.3.18-150200.24.194.1.150200.9.99.1 | 5.3.18-150200.24.194.1.150200.9.99.1 | May 24, 2024 | In the Linux kernel, the following vulnerability has been resolved: ice: fix vsi->txq_map sizing The approach of having XDP queue per CPU regardless of user's setting exposed a hidden bug that could occur in case when Rx queue count differ from Tx queue count. Currently vsi->tx | |
| CVE-2021-47542 | Med | 5.5 | < 5.3.18-150200.24.194.1.150200.9.99.1 | 5.3.18-150200.24.194.1.150200.9.99.1 | May 24, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: qlogic: qlcnic: Fix a NULL pointer dereference in qlcnic_83xx_add_rings() In qlcnic_83xx_add_rings(), the indirect function of ahw->hw_ops->alloc_mbx_args will be called to allocate memory for cmd.req.arg, | |
| CVE-2021-47541 | Hig | 7.8 | < 5.3.18-150200.24.194.1.150200.9.99.1 | 5.3.18-150200.24.194.1.150200.9.99.1 | May 24, 2024 | In the Linux kernel, the following vulnerability has been resolved: net/mlx4_en: Fix an use-after-free bug in mlx4_en_try_alloc_resources() In mlx4_en_try_alloc_resources(), mlx4_en_copy_priv() is called and tmp->tx_cq will be freed on the error path of mlx4_en_copy_priv(). Aft | |
| CVE-2021-47538 | Med | 5.5 | < 5.3.18-150200.24.194.1.150200.9.99.1 | 5.3.18-150200.24.194.1.150200.9.99.1 | May 24, 2024 | In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix rxrpc_local leak in rxrpc_lookup_peer() Need to call rxrpc_put_local() for peer candidate before kfree() as it holds a ref to rxrpc_local. [DH: v2: Changed to abstract the peer freeing code out into | |
| CVE-2021-47522 | Med | 5.5 | < 5.3.18-150200.24.194.1.150200.9.99.1 | 5.3.18-150200.24.194.1.150200.9.99.1 | May 24, 2024 | In the Linux kernel, the following vulnerability has been resolved: HID: bigbenff: prevent null pointer dereference When emulating the device through uhid, there is a chance we don't have output reports and so report_field is null. | |
| CVE-2021-47520 | Hig | 7.8 | < 5.3.18-150200.24.200.1.150200.9.103.1 | 5.3.18-150200.24.200.1.150200.9.103.1 | May 24, 2024 | In the Linux kernel, the following vulnerability has been resolved: can: pch_can: pch_can_rx_normal: fix use after free After calling netif_receive_skb(skb), dereferencing skb is unsafe. Especially, the can_frame cf which aliases skb memory is dereferenced just after the call n |
- affected < 5.3.18-150200.24.197.1.150200.9.101.1fixed 5.3.18-150200.24.197.1.150200.9.101.1
In the Linux kernel, the following vulnerability has been resolved: scsi: qedf: Ensure the copied buf is NUL terminated Currently, we allocate a count-sized kernel buffer and copy count from userspace to that buffer. Later, we use kstrtouint on this buffer but we don't ensure t
- affected < 5.3.18-150200.24.197.1.150200.9.101.1fixed 5.3.18-150200.24.197.1.150200.9.101.1
In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix UAF for cq async event The refcount of CQ is not protected by locks. When CQ asynchronous events and CQ destruction are concurrent, CQ may have been released, which will cause UAF. Use the xa_loc
- affected < 5.3.18-150200.24.197.1.150200.9.101.1fixed 5.3.18-150200.24.197.1.150200.9.101.1
In the Linux kernel, the following vulnerability has been resolved: of: module: add buffer overflow check in of_modalias() In of_modalias(), if the buffer happens to be too small even for the 1st snprintf() call, the len parameter will become negative and str parameter (if not
- affected < 5.3.18-150200.24.200.1.150200.9.103.1fixed 5.3.18-150200.24.200.1.150200.9.103.1
In the Linux kernel, the following vulnerability has been resolved: net/sched: taprio: always validate TCA_TAPRIO_ATTR_PRIOMAP If one TCA_TAPRIO_ATTR_PRIOMAP attribute has been provided, taprio_parse_mqprio_opt() must validate it, or userspace can inject arbitrary data to the k
- affected < 5.3.18-150200.24.206.1.150200.9.107.1fixed 5.3.18-150200.24.206.1.150200.9.107.1
In the Linux kernel, the following vulnerability has been resolved: net: fix __dst_negative_advice() race __dst_negative_advice() does not enforce proper RCU rules when sk->dst_cache must be cleared, leading to possible UAF. RCU rules are that we must first clear sk->sk_dst_ca
- affected < 5.3.18-150200.24.197.1.150200.9.101.1fixed 5.3.18-150200.24.197.1.150200.9.101.1
In the Linux kernel, the following vulnerability has been resolved: fs/9p: only translate RWX permissions for plain 9P2000 Garbage in plain 9P2000's perm bits is allowed through, which causes it to be able to set (among others) the suid bit. This was presumably not the intent s
- affected < 5.3.18-150200.24.197.1.150200.9.101.1fixed 5.3.18-150200.24.197.1.150200.9.101.1
In the Linux kernel, the following vulnerability has been resolved: pinctrl: core: delete incorrect free in pinctrl_enable() The "pctldev" struct is allocated in devm_pinctrl_register_and_init(). It's a devm_ managed pointer that is freed by devm_pinctrl_dev_release(), so freei
- affected < 5.3.18-150200.24.197.1.150200.9.101.1fixed 5.3.18-150200.24.197.1.150200.9.101.1
In the Linux kernel, the following vulnerability has been resolved: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). Anderson Nascimento reported a use-after-free splat in tcp_twsk_unique() with nice analysis. Since commit ec94c2696f0b ("tcp/dccp: avoid one atomic operat
- affected < 5.3.18-150200.24.197.1.150200.9.101.1fixed 5.3.18-150200.24.197.1.150200.9.101.1
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete FFS based applications can utilize the aio_cancel() callback to dequeue pending USB requests submitted to the UDC. There is a scenario
- affected < 5.3.18-150200.24.197.1.150200.9.101.1fixed 5.3.18-150200.24.197.1.150200.9.101.1
In the Linux kernel, the following vulnerability has been resolved: tcp: do not accept ACK of bytes we never sent This patch is based on a detailed report and ideas from Yepeng Pan and Christian Rossow. ACK seq validation is currently following RFC 5961 5.2 guidelines: The
- affected < 5.3.18-150200.24.194.1.150200.9.99.1fixed 5.3.18-150200.24.194.1.150200.9.99.1
In the Linux kernel, the following vulnerability has been resolved: tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc Any unprivileged user can attach N_GSM0710 ldisc, but it requires CAP_NET_ADMIN to create a GSM network anyway. Require initial namespace CAP_NET_ADM
- affected < 5.3.18-150200.24.197.1.150200.9.101.1fixed 5.3.18-150200.24.197.1.150200.9.101.1
In the Linux kernel, the following vulnerability has been resolved: staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect() The free_rtllib() function frees the "dev" pointer so there is use after free on the next line. Re-arrange things to avoid that.
- affected < 5.3.18-150200.24.194.1.150200.9.99.1fixed 5.3.18-150200.24.194.1.150200.9.99.1
In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Fix kernel panic during drive powercycle test While looping over shost's sdev list it is possible that one of the drives is getting removed and its sas_target object is freed but its sdev object
- affected < 5.3.18-150200.24.194.1.150200.9.99.1fixed 5.3.18-150200.24.194.1.150200.9.99.1
In the Linux kernel, the following vulnerability has been resolved: ice: avoid bpf_prog refcount underflow Ice driver has the routines for managing XDP resources that are shared between ndo_bpf op and VSI rebuild flow. The latter takes place for example when user changes queue
- affected < 5.3.18-150200.24.194.1.150200.9.99.1fixed 5.3.18-150200.24.194.1.150200.9.99.1
In the Linux kernel, the following vulnerability has been resolved: ice: fix vsi->txq_map sizing The approach of having XDP queue per CPU regardless of user's setting exposed a hidden bug that could occur in case when Rx queue count differ from Tx queue count. Currently vsi->tx
- affected < 5.3.18-150200.24.194.1.150200.9.99.1fixed 5.3.18-150200.24.194.1.150200.9.99.1
In the Linux kernel, the following vulnerability has been resolved: net: qlogic: qlcnic: Fix a NULL pointer dereference in qlcnic_83xx_add_rings() In qlcnic_83xx_add_rings(), the indirect function of ahw->hw_ops->alloc_mbx_args will be called to allocate memory for cmd.req.arg,
- affected < 5.3.18-150200.24.194.1.150200.9.99.1fixed 5.3.18-150200.24.194.1.150200.9.99.1
In the Linux kernel, the following vulnerability has been resolved: net/mlx4_en: Fix an use-after-free bug in mlx4_en_try_alloc_resources() In mlx4_en_try_alloc_resources(), mlx4_en_copy_priv() is called and tmp->tx_cq will be freed on the error path of mlx4_en_copy_priv(). Aft
- affected < 5.3.18-150200.24.194.1.150200.9.99.1fixed 5.3.18-150200.24.194.1.150200.9.99.1
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix rxrpc_local leak in rxrpc_lookup_peer() Need to call rxrpc_put_local() for peer candidate before kfree() as it holds a ref to rxrpc_local. [DH: v2: Changed to abstract the peer freeing code out into
- affected < 5.3.18-150200.24.194.1.150200.9.99.1fixed 5.3.18-150200.24.194.1.150200.9.99.1
In the Linux kernel, the following vulnerability has been resolved: HID: bigbenff: prevent null pointer dereference When emulating the device through uhid, there is a chance we don't have output reports and so report_field is null.
- affected < 5.3.18-150200.24.200.1.150200.9.103.1fixed 5.3.18-150200.24.200.1.150200.9.103.1
In the Linux kernel, the following vulnerability has been resolved: can: pch_can: pch_can_rx_normal: fix use after free After calling netif_receive_skb(skb), dereferencing skb is unsafe. Especially, the can_frame cf which aliases skb memory is dereferenced just after the call n
Page 6 of 41