rpm package

suse/kernel-default-base&distro=SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS

pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOS

Vulnerabilities (2,310)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2021-47635		—	< 5.14.21-150500.55.100.1.150500.6.47.1	5.14.21-150500.55.100.1.150500.6.47.1	Feb 26, 2025	In the Linux kernel, the following vulnerability has been resolved: ubifs: Fix to add refcount once page is set private MM defined the rule [1] very clearly that once page was set with PG_private flag, we should increment the refcount in that page, also main flows like pageout(
CVE-2021-47633		—	< 5.14.21-150500.55.100.1.150500.6.47.1	5.14.21-150500.55.100.1.150500.6.47.1	Feb 26, 2025	In the Linux kernel, the following vulnerability has been resolved: ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111 The bug was found during fuzzing. Stacktrace locates it in ath5k_eeprom_convert_pcal_info_5111. When none of the curve is selected in the loop, idx can go up t
CVE-2021-47632		—	< 5.14.21-150500.55.100.1.150500.6.47.1	5.14.21-150500.55.100.1.150500.6.47.1	Feb 26, 2025	In the Linux kernel, the following vulnerability has been resolved: powerpc/set_memory: Avoid spinlock recursion in change_page_attr() Commit 1f9ad21c3b38 ("powerpc/mm: Implement set_memory() routines") included a spin_lock() to change_page_attr() in order to safely perform the
CVE-2021-47631		—	< 5.14.21-150500.55.100.1.150500.6.47.1	5.14.21-150500.55.100.1.150500.6.47.1	Feb 26, 2025	In the Linux kernel, the following vulnerability has been resolved: ARM: davinci: da850-evm: Avoid NULL pointer dereference With newer versions of GCC, there is a panic in da850_evm_config_emac() when booting multi_v5_defconfig in QEMU under the palmetto-bmc machine: Unable to
CVE-2025-21702	Hig	7.8	< 5.14.21-150500.55.113.1.150500.6.53.1	5.14.21-150500.55.113.1.150500.6.53.1	Feb 18, 2025	In the Linux kernel, the following vulnerability has been resolved: pfifo_tail_enqueue: Drop new packet when sch->limit == 0 Expected behaviour: In case we reach scheduler's limit, pfifo_tail_enqueue() will drop a packet in scheduler's queue and decrease scheduler's qlen by one
CVE-2025-21703		—	< 5.14.21-150500.55.113.1.150500.6.53.1	5.14.21-150500.55.113.1.150500.6.53.1	Feb 18, 2025	In the Linux kernel, the following vulnerability has been resolved: netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() qdisc_tree_reduce_backlog() notifies parent qdisc only if child qdisc becomes empty, therefore we need to reduce the backlog of the child qdisc befor
CVE-2025-21701	Med	4.7	< 5.14.21-150500.55.121.2.150500.6.57.2	5.14.21-150500.55.121.2.150500.6.57.2	Feb 13, 2025	In the Linux kernel, the following vulnerability has been resolved: net: avoid race between device unregistration and ethnl ops The following trace can be seen if a device is being unregistered while its number of channels are being modified. DEBUG_LOCKS_WARN_ON(lock->magic
CVE-2025-21700		—	< 5.14.21-150500.55.113.1.150500.6.53.1	5.14.21-150500.55.113.1.150500.6.53.1	Feb 13, 2025	In the Linux kernel, the following vulnerability has been resolved: net: sched: Disallow replacing of child qdisc from one parent to another Lion Ackermann was able to create a UAF which can be abused for privilege escalation with the following script Step 1. create root qdisc
CVE-2025-21699		—	< 5.14.21-150500.55.97.1.150500.6.45.1	5.14.21-150500.55.97.1.150500.6.45.1	Feb 12, 2025	In the Linux kernel, the following vulnerability has been resolved: gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag Truncate an inode's address space when flipping the GFS2_DIF_JDATA flag: depending on that flag, the pages in the address space will either use buf
CVE-2025-21692	Hig	7.8	< 5.14.21-150500.55.97.1.150500.6.45.1	5.14.21-150500.55.97.1.150500.6.45.1	Feb 10, 2025	In the Linux kernel, the following vulnerability has been resolved: net: sched: fix ets qdisc OOB Indexing Haowei Yan <g1042620637@gmail.com> found that ets_class_from_arg() can index an Out-Of-Bound class in ets_class_from_arg() when passed clid of 0. The overflow may cause lo
CVE-2025-21693		—	< 5.14.21-150500.55.100.1.150500.6.47.1	5.14.21-150500.55.100.1.150500.6.47.1	Feb 10, 2025	In the Linux kernel, the following vulnerability has been resolved: mm: zswap: properly synchronize freeing resources during CPU hotunplug In zswap_compress() and zswap_decompress(), the per-CPU acomp_ctx of the current CPU at the beginning of the operation is retrieved and use
CVE-2025-21690		—	< 5.14.21-150500.55.97.1.150500.6.45.1	5.14.21-150500.55.97.1.150500.6.45.1	Feb 10, 2025	In the Linux kernel, the following vulnerability has been resolved: scsi: storvsc: Ratelimit warning logs to prevent VM denial of service If there's a persistent error in the hypervisor, the SCSI warning for failed I/O can flood the kernel log and max out CPU utilization, preve
CVE-2023-52925		—	< 5.14.21-150500.55.113.1.150500.6.53.1	5.14.21-150500.55.113.1.150500.6.53.1	Feb 5, 2025	In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: don't fail inserts if duplicate has expired nftables selftests fail: run-tests.sh testcases/sets/0044interval_overlap_0 Expected: 0-2 . 0-3, got: W: [FAILED] ./testcases/sets/0044inter
CVE-2023-52924		—	< 5.14.21-150500.55.113.1.150500.6.53.1	5.14.21-150500.55.113.1.150500.6.53.1	Feb 5, 2025	In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: don't skip expired elements during walk There is an asymmetry between commit/abort and preparation phase if the following conditions are met: 1. set is a verdict map ("1.2.3.4 : jump foo"
CVE-2024-57948	Med	5.5	< 5.14.21-150500.55.97.1.150500.6.45.1	5.14.21-150500.55.97.1.150500.6.45.1	Jan 31, 2025	In the Linux kernel, the following vulnerability has been resolved: mac802154: check local interfaces before deleting sdata list syzkaller reported a corrupted list in ieee802154_if_remove. [1] Remove an IEEE 802.15.4 network interface after unregister an IEEE 802.15.4 hardwar
CVE-2024-57947		—	< 5.14.21-150500.55.116.1.150500.6.55.1	5.14.21-150500.55.116.1.150500.6.55.1	Jan 23, 2025	In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_set_pipapo: fix initial map fill The initial buffer has to be inited to all-ones, but it must restrict it to the size of the first field, not the total field size. After each round in the map sea
CVE-2025-21658		—	< 5.14.21-150500.55.136.1.150500.6.67.1	5.14.21-150500.55.136.1.150500.6.67.1	Jan 21, 2025	In the Linux kernel, the following vulnerability has been resolved: btrfs: avoid NULL pointer dereference if no valid extent tree [BUG] Syzbot reported a crash with the following call trace: BTRFS info (device loop0): scrub: started on devid 1 BUG: kernel NULL pointer dere
CVE-2023-52923		—	< 5.14.21-150500.55.116.1.150500.6.55.1	5.14.21-150500.55.116.1.150500.6.55.1	Jan 20, 2025	In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: adapt set backend to use GC transaction API Use the GC transaction API to replace the old and buggy gc API and the busy mark approach. No set elements are removed from async garbage colle
CVE-2025-21647	Hig	7.1	< 5.14.21-150500.55.97.1.150500.6.45.1	5.14.21-150500.55.97.1.150500.6.45.1	Jan 19, 2025	In the Linux kernel, the following vulnerability has been resolved: sched: sch_cake: add bounds checks to host bulk flow fairness counts Even though we fixed a logic error in the commit cited below, syzbot still managed to trigger an underflow of the per-host bulk flow counters
CVE-2024-54031		—	< 5.14.21-150500.55.136.1.150500.6.67.1	5.14.21-150500.55.136.1.150500.6.67.1	Jan 15, 2025	In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_hash: unaligned atomic read on struct nft_set_ext Access to genmask field in struct nft_set_ext results in unaligned atomic read: [ 72.130109] Unable to handle kernel paging request at vir

CVE-2021-47635Feb 26, 2025
affected < 5.14.21-150500.55.100.1.150500.6.47.1fixed 5.14.21-150500.55.100.1.150500.6.47.1
In the Linux kernel, the following vulnerability has been resolved: ubifs: Fix to add refcount once page is set private MM defined the rule [1] very clearly that once page was set with PG_private flag, we should increment the refcount in that page, also main flows like pageout(
CVE-2021-47633Feb 26, 2025
affected < 5.14.21-150500.55.100.1.150500.6.47.1fixed 5.14.21-150500.55.100.1.150500.6.47.1
In the Linux kernel, the following vulnerability has been resolved: ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111 The bug was found during fuzzing. Stacktrace locates it in ath5k_eeprom_convert_pcal_info_5111. When none of the curve is selected in the loop, idx can go up t
CVE-2021-47632Feb 26, 2025
affected < 5.14.21-150500.55.100.1.150500.6.47.1fixed 5.14.21-150500.55.100.1.150500.6.47.1
In the Linux kernel, the following vulnerability has been resolved: powerpc/set_memory: Avoid spinlock recursion in change_page_attr() Commit 1f9ad21c3b38 ("powerpc/mm: Implement set_memory() routines") included a spin_lock() to change_page_attr() in order to safely perform the
CVE-2021-47631Feb 26, 2025
affected < 5.14.21-150500.55.100.1.150500.6.47.1fixed 5.14.21-150500.55.100.1.150500.6.47.1
In the Linux kernel, the following vulnerability has been resolved: ARM: davinci: da850-evm: Avoid NULL pointer dereference With newer versions of GCC, there is a panic in da850_evm_config_emac() when booting multi_v5_defconfig in QEMU under the palmetto-bmc machine: Unable to
CVE-2025-21702HigFeb 18, 2025
affected < 5.14.21-150500.55.113.1.150500.6.53.1fixed 5.14.21-150500.55.113.1.150500.6.53.1
In the Linux kernel, the following vulnerability has been resolved: pfifo_tail_enqueue: Drop new packet when sch->limit == 0 Expected behaviour: In case we reach scheduler's limit, pfifo_tail_enqueue() will drop a packet in scheduler's queue and decrease scheduler's qlen by one
CVE-2025-21703Feb 18, 2025
affected < 5.14.21-150500.55.113.1.150500.6.53.1fixed 5.14.21-150500.55.113.1.150500.6.53.1
In the Linux kernel, the following vulnerability has been resolved: netem: Update sch->q.qlen before qdisc_tree_reduce_backlog() qdisc_tree_reduce_backlog() notifies parent qdisc only if child qdisc becomes empty, therefore we need to reduce the backlog of the child qdisc befor
CVE-2025-21701MedFeb 13, 2025
affected < 5.14.21-150500.55.121.2.150500.6.57.2fixed 5.14.21-150500.55.121.2.150500.6.57.2
In the Linux kernel, the following vulnerability has been resolved: net: avoid race between device unregistration and ethnl ops The following trace can be seen if a device is being unregistered while its number of channels are being modified. DEBUG_LOCKS_WARN_ON(lock->magic
CVE-2025-21700Feb 13, 2025
affected < 5.14.21-150500.55.113.1.150500.6.53.1fixed 5.14.21-150500.55.113.1.150500.6.53.1
In the Linux kernel, the following vulnerability has been resolved: net: sched: Disallow replacing of child qdisc from one parent to another Lion Ackermann was able to create a UAF which can be abused for privilege escalation with the following script Step 1. create root qdisc
CVE-2025-21699Feb 12, 2025
affected < 5.14.21-150500.55.97.1.150500.6.45.1fixed 5.14.21-150500.55.97.1.150500.6.45.1
In the Linux kernel, the following vulnerability has been resolved: gfs2: Truncate address space when flipping GFS2_DIF_JDATA flag Truncate an inode's address space when flipping the GFS2_DIF_JDATA flag: depending on that flag, the pages in the address space will either use buf
CVE-2025-21692HigFeb 10, 2025
affected < 5.14.21-150500.55.97.1.150500.6.45.1fixed 5.14.21-150500.55.97.1.150500.6.45.1
In the Linux kernel, the following vulnerability has been resolved: net: sched: fix ets qdisc OOB Indexing Haowei Yan <g1042620637@gmail.com> found that ets_class_from_arg() can index an Out-Of-Bound class in ets_class_from_arg() when passed clid of 0. The overflow may cause lo
CVE-2025-21693Feb 10, 2025
affected < 5.14.21-150500.55.100.1.150500.6.47.1fixed 5.14.21-150500.55.100.1.150500.6.47.1
In the Linux kernel, the following vulnerability has been resolved: mm: zswap: properly synchronize freeing resources during CPU hotunplug In zswap_compress() and zswap_decompress(), the per-CPU acomp_ctx of the current CPU at the beginning of the operation is retrieved and use
CVE-2025-21690Feb 10, 2025
affected < 5.14.21-150500.55.97.1.150500.6.45.1fixed 5.14.21-150500.55.97.1.150500.6.45.1
In the Linux kernel, the following vulnerability has been resolved: scsi: storvsc: Ratelimit warning logs to prevent VM denial of service If there's a persistent error in the hypervisor, the SCSI warning for failed I/O can flood the kernel log and max out CPU utilization, preve
CVE-2023-52925Feb 5, 2025
affected < 5.14.21-150500.55.113.1.150500.6.53.1fixed 5.14.21-150500.55.113.1.150500.6.53.1
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: don't fail inserts if duplicate has expired nftables selftests fail: run-tests.sh testcases/sets/0044interval_overlap_0 Expected: 0-2 . 0-3, got: W: [FAILED] ./testcases/sets/0044inter
CVE-2023-52924Feb 5, 2025
affected < 5.14.21-150500.55.113.1.150500.6.53.1fixed 5.14.21-150500.55.113.1.150500.6.53.1
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: don't skip expired elements during walk There is an asymmetry between commit/abort and preparation phase if the following conditions are met: 1. set is a verdict map ("1.2.3.4 : jump foo"
CVE-2024-57948MedJan 31, 2025
affected < 5.14.21-150500.55.97.1.150500.6.45.1fixed 5.14.21-150500.55.97.1.150500.6.45.1
In the Linux kernel, the following vulnerability has been resolved: mac802154: check local interfaces before deleting sdata list syzkaller reported a corrupted list in ieee802154_if_remove. [1] Remove an IEEE 802.15.4 network interface after unregister an IEEE 802.15.4 hardwar
CVE-2024-57947Jan 23, 2025
affected < 5.14.21-150500.55.116.1.150500.6.55.1fixed 5.14.21-150500.55.116.1.150500.6.55.1
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_set_pipapo: fix initial map fill The initial buffer has to be inited to all-ones, but it must restrict it to the size of the first field, not the total field size. After each round in the map sea
CVE-2025-21658Jan 21, 2025
affected < 5.14.21-150500.55.136.1.150500.6.67.1fixed 5.14.21-150500.55.136.1.150500.6.67.1
In the Linux kernel, the following vulnerability has been resolved: btrfs: avoid NULL pointer dereference if no valid extent tree [BUG] Syzbot reported a crash with the following call trace: BTRFS info (device loop0): scrub: started on devid 1 BUG: kernel NULL pointer dere
CVE-2023-52923Jan 20, 2025
affected < 5.14.21-150500.55.116.1.150500.6.55.1fixed 5.14.21-150500.55.116.1.150500.6.55.1
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: adapt set backend to use GC transaction API Use the GC transaction API to replace the old and buggy gc API and the busy mark approach. No set elements are removed from async garbage colle
CVE-2025-21647HigJan 19, 2025
affected < 5.14.21-150500.55.97.1.150500.6.45.1fixed 5.14.21-150500.55.97.1.150500.6.45.1
In the Linux kernel, the following vulnerability has been resolved: sched: sch_cake: add bounds checks to host bulk flow fairness counts Even though we fixed a logic error in the commit cited below, syzbot still managed to trigger an underflow of the per-host bulk flow counters
CVE-2024-54031Jan 15, 2025
affected < 5.14.21-150500.55.136.1.150500.6.67.1fixed 5.14.21-150500.55.136.1.150500.6.67.1
In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_hash: unaligned atomic read on struct nft_set_ext Access to genmask field in struct nft_set_ext results in unaligned atomic read: [ 72.130109] Unable to handle kernel paging request at vir

Page 103 of 116