rpm package
suse/kernel-default-base&distro=SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS
pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP5-ESPOS
Vulnerabilities (2,318)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-47202 | — | < 5.14.21-150500.55.91.1.150500.6.41.1 | 5.14.21-150500.55.91.1.150500.6.41.1 | Apr 10, 2024 | In the Linux kernel, the following vulnerability has been resolved: thermal: Fix NULL pointer dereferences in of_thermal_ functions of_parse_thermal_zones() parses the thermal-zones node and registers a thermal_zone device for each subnode. However, if a thermal zone is consumi | ||
| CVE-2024-26808 | — | < 5.14.21-150500.55.113.1.150500.6.53.1 | 5.14.21-150500.55.113.1.150500.6.53.1 | Apr 4, 2024 | In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechain Remove netdevice from inet/ingress basechain in case NETDEV_UNREGISTER event is reported, otherwise a stale reference to netdevic | ||
| CVE-2024-26804 | — | < 5.14.21-150500.55.110.1.150500.6.51.3 | 5.14.21-150500.55.110.1.150500.6.51.3 | Apr 4, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: ip_tunnel: prevent perpetual headroom growth syzkaller triggered following kasan splat: BUG: KASAN: use-after-free in __skb_flow_dissect+0x19d1/0x7a50 net/core/flow_dissector.c:1170 Read of size 1 at addr | ||
| CVE-2024-26758 | — | < 5.14.21-150500.55.94.1.150500.6.43.1 | 5.14.21-150500.55.94.1.150500.6.43.1 | Apr 3, 2024 | In the Linux kernel, the following vulnerability has been resolved: md: Don't ignore suspended array in md_check_recovery() mddev_suspend() never stop sync_thread, hence it doesn't make sense to ignore suspended array in md_check_recovery(), which might cause sync_thread can't | ||
| CVE-2024-26661 | — | < 5.14.21-150500.55.136.1.150500.6.67.1 | 5.14.21-150500.55.136.1.150500.6.67.1 | Apr 2, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add NULL test for 'timing generator' in 'dcn21_set_pipe()' In "u32 otg_inst = pipe_ctx->stream_res.tg->inst;" pipe_ctx->stream_res.tg could be NULL, it is relying on the caller to ensure the tg | ||
| CVE-2024-26643 | Med | 5.5 | < 5.14.21-150500.55.116.1.150500.6.55.1 | 5.14.21-150500.55.116.1.150500.6.55.1 | Mar 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout While the rhashtable set gc runs asynchronously, a race allows it to collect elements from anonymous sets with timeouts while it | |
| CVE-2024-26634 | — | < 5.14.21-150500.55.100.1.150500.6.47.1 | 5.14.21-150500.55.100.1.150500.6.47.1 | Mar 18, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: fix removing a namespace with conflicting altnames Mark reports a BUG() when a net namespace is removed. kernel BUG at net/core/dev.c:11520! Physical interfaces moved outside of init_net get "refunde | ||
| CVE-2023-52572 | — | < 5.14.21-150500.55.97.1.150500.6.45.1 | 5.14.21-150500.55.97.1.150500.6.45.1 | Mar 2, 2024 | In the Linux kernel, the following vulnerability has been resolved: cifs: Fix UAF in cifs_demultiplex_thread() There is a UAF when xfstests on cifs: BUG: KASAN: use-after-free in smb2_is_network_name_deleted+0x27/0x160 Read of size 4 at addr ffff88810103fc08 by task cifsd/ | ||
| CVE-2024-26584 | — | < 5.14.21-150500.55.124.1.150500.6.59.1 | 5.14.21-150500.55.124.1.150500.6.59.1 | Feb 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: tls: handle backlogging of crypto requests Since we're setting the CRYPTO_TFM_REQ_MAY_BACKLOG flag on our requests to the crypto API, crypto_aead_{encrypt,decrypt} can return -EBUSY instead of -EINPROGRES | ||
| CVE-2024-26583 | — | < 5.14.21-150500.55.124.1.150500.6.59.1 | 5.14.21-150500.55.124.1.150500.6.59.1 | Feb 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: tls: fix race between async notify and socket close The submitting thread (one which called recvmsg/sendmsg) may exit as soon as the async crypto handler calls complete() so any code past that point risks touch | ||
| CVE-2024-26581 | — | < 5.14.21-150500.55.136.1.150500.6.67.1 | 5.14.21-150500.55.136.1.150500.6.67.1 | Feb 20, 2024 | In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_rbtree: skip end interval element from gc rbtree lazy gc on insert might collect an end interval element that has been just added in this transactions, skip end interval elements that are not | ||
| CVE-2023-52433 | — | < 5.14.21-150500.55.136.1.150500.6.67.1 | 5.14.21-150500.55.136.1.150500.6.67.1 | Feb 20, 2024 | In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction New elements in this transaction might expired before such transaction ends. Skip sync GC for such elements otherwise commit path mig | ||
| CVE-2024-24860 | — | < 5.14.21-150500.55.91.1.150500.6.41.1 | 5.14.21-150500.55.91.1.150500.6.41.1 | Feb 5, 2024 | A race condition was found in the Linux kernel's bluetooth device driver in {min,max}_key_size_set() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue. | ||
| CVE-2023-39197 | — | < 5.14.21-150500.55.124.1.150500.6.59.1 | 5.14.21-150500.55.124.1.150500.6.59.1 | Jan 23, 2024 | An out-of-bounds read vulnerability was found in Netfilter Connection Tracking (conntrack) in the Linux kernel. This flaw allows a remote user to disclose sensitive information via the DCCP protocol. | ||
| CVE-2022-2602 | — | < 5.14.21-150500.55.124.1.150500.6.59.1 | 5.14.21-150500.55.124.1.150500.6.59.1 | Jan 8, 2024 | io_uring UAF, Unix SCM garbage collection | ||
| CVE-2022-2586 | — | KEV | < 5.14.21-150500.55.113.1.150500.6.53.1 | 5.14.21-150500.55.113.1.150500.6.53.1 | Jan 8, 2024 | It was discovered that a nft object or expression could reference a nft set on a different nft table, leading to a use-after-free once that table was deleted. | |
| CVE-2022-2585 | — | < 5.14.21-150500.55.113.1.150500.6.53.1 | 5.14.21-150500.55.113.1.150500.6.53.1 | Jan 8, 2024 | It was discovered that when exec'ing from a non-leader thread, armed POSIX CPU timers would be left on a list but freed, leading to a use-after-free. | ||
| CVE-2023-1192 | — | < 5.14.21-150500.55.97.1.150500.6.45.1 | 5.14.21-150500.55.97.1.150500.6.45.1 | Nov 1, 2023 | A use-after-free flaw was found in smb2_is_status_io_timeout() in CIFS in the Linux Kernel. After CIFS transfers response data to a system call, there are still local variable points to the memory region, and if the system call frees it faster than CIFS uses it, CIFS will access | ||
| CVE-2023-42753 | — | < 5.14.21-150500.55.124.1.150500.6.59.1 | 5.14.21-150500.55.124.1.150500.6.59.1 | Sep 25, 2023 | An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the `h->nets` array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer out-of-bound. This iss | ||
| CVE-2023-3772 | — | < 5.14.21-150500.55.124.1.150500.6.59.1 | 5.14.21-150500.55.124.1.150500.6.59.1 | Jul 25, 2023 | A flaw was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer in xfrm_update_ae_params(), leading to a possible kernel crash and denial of s |
- CVE-2021-47202Apr 10, 2024affected < 5.14.21-150500.55.91.1.150500.6.41.1fixed 5.14.21-150500.55.91.1.150500.6.41.1
In the Linux kernel, the following vulnerability has been resolved: thermal: Fix NULL pointer dereferences in of_thermal_ functions of_parse_thermal_zones() parses the thermal-zones node and registers a thermal_zone device for each subnode. However, if a thermal zone is consumi
- CVE-2024-26808Apr 4, 2024affected < 5.14.21-150500.55.113.1.150500.6.53.1fixed 5.14.21-150500.55.113.1.150500.6.53.1
In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechain Remove netdevice from inet/ingress basechain in case NETDEV_UNREGISTER event is reported, otherwise a stale reference to netdevic
- CVE-2024-26804Apr 4, 2024affected < 5.14.21-150500.55.110.1.150500.6.51.3fixed 5.14.21-150500.55.110.1.150500.6.51.3
In the Linux kernel, the following vulnerability has been resolved: net: ip_tunnel: prevent perpetual headroom growth syzkaller triggered following kasan splat: BUG: KASAN: use-after-free in __skb_flow_dissect+0x19d1/0x7a50 net/core/flow_dissector.c:1170 Read of size 1 at addr
- CVE-2024-26758Apr 3, 2024affected < 5.14.21-150500.55.94.1.150500.6.43.1fixed 5.14.21-150500.55.94.1.150500.6.43.1
In the Linux kernel, the following vulnerability has been resolved: md: Don't ignore suspended array in md_check_recovery() mddev_suspend() never stop sync_thread, hence it doesn't make sense to ignore suspended array in md_check_recovery(), which might cause sync_thread can't
- CVE-2024-26661Apr 2, 2024affected < 5.14.21-150500.55.136.1.150500.6.67.1fixed 5.14.21-150500.55.136.1.150500.6.67.1
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add NULL test for 'timing generator' in 'dcn21_set_pipe()' In "u32 otg_inst = pipe_ctx->stream_res.tg->inst;" pipe_ctx->stream_res.tg could be NULL, it is relying on the caller to ensure the tg
- affected < 5.14.21-150500.55.116.1.150500.6.55.1fixed 5.14.21-150500.55.116.1.150500.6.55.1
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout While the rhashtable set gc runs asynchronously, a race allows it to collect elements from anonymous sets with timeouts while it
- CVE-2024-26634Mar 18, 2024affected < 5.14.21-150500.55.100.1.150500.6.47.1fixed 5.14.21-150500.55.100.1.150500.6.47.1
In the Linux kernel, the following vulnerability has been resolved: net: fix removing a namespace with conflicting altnames Mark reports a BUG() when a net namespace is removed. kernel BUG at net/core/dev.c:11520! Physical interfaces moved outside of init_net get "refunde
- CVE-2023-52572Mar 2, 2024affected < 5.14.21-150500.55.97.1.150500.6.45.1fixed 5.14.21-150500.55.97.1.150500.6.45.1
In the Linux kernel, the following vulnerability has been resolved: cifs: Fix UAF in cifs_demultiplex_thread() There is a UAF when xfstests on cifs: BUG: KASAN: use-after-free in smb2_is_network_name_deleted+0x27/0x160 Read of size 4 at addr ffff88810103fc08 by task cifsd/
- CVE-2024-26584Feb 21, 2024affected < 5.14.21-150500.55.124.1.150500.6.59.1fixed 5.14.21-150500.55.124.1.150500.6.59.1
In the Linux kernel, the following vulnerability has been resolved: net: tls: handle backlogging of crypto requests Since we're setting the CRYPTO_TFM_REQ_MAY_BACKLOG flag on our requests to the crypto API, crypto_aead_{encrypt,decrypt} can return -EBUSY instead of -EINPROGRES
- CVE-2024-26583Feb 21, 2024affected < 5.14.21-150500.55.124.1.150500.6.59.1fixed 5.14.21-150500.55.124.1.150500.6.59.1
In the Linux kernel, the following vulnerability has been resolved: tls: fix race between async notify and socket close The submitting thread (one which called recvmsg/sendmsg) may exit as soon as the async crypto handler calls complete() so any code past that point risks touch
- CVE-2024-26581Feb 20, 2024affected < 5.14.21-150500.55.136.1.150500.6.67.1fixed 5.14.21-150500.55.136.1.150500.6.67.1
In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_rbtree: skip end interval element from gc rbtree lazy gc on insert might collect an end interval element that has been just added in this transactions, skip end interval elements that are not
- CVE-2023-52433Feb 20, 2024affected < 5.14.21-150500.55.136.1.150500.6.67.1fixed 5.14.21-150500.55.136.1.150500.6.67.1
In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction New elements in this transaction might expired before such transaction ends. Skip sync GC for such elements otherwise commit path mig
- CVE-2024-24860Feb 5, 2024affected < 5.14.21-150500.55.91.1.150500.6.41.1fixed 5.14.21-150500.55.91.1.150500.6.41.1
A race condition was found in the Linux kernel's bluetooth device driver in {min,max}_key_size_set() function. This can result in a null pointer dereference issue, possibly leading to a kernel panic or denial of service issue.
- CVE-2023-39197Jan 23, 2024affected < 5.14.21-150500.55.124.1.150500.6.59.1fixed 5.14.21-150500.55.124.1.150500.6.59.1
An out-of-bounds read vulnerability was found in Netfilter Connection Tracking (conntrack) in the Linux kernel. This flaw allows a remote user to disclose sensitive information via the DCCP protocol.
- CVE-2022-2602Jan 8, 2024affected < 5.14.21-150500.55.124.1.150500.6.59.1fixed 5.14.21-150500.55.124.1.150500.6.59.1
io_uring UAF, Unix SCM garbage collection
- affected < 5.14.21-150500.55.113.1.150500.6.53.1fixed 5.14.21-150500.55.113.1.150500.6.53.1
It was discovered that a nft object or expression could reference a nft set on a different nft table, leading to a use-after-free once that table was deleted.
- CVE-2022-2585Jan 8, 2024affected < 5.14.21-150500.55.113.1.150500.6.53.1fixed 5.14.21-150500.55.113.1.150500.6.53.1
It was discovered that when exec'ing from a non-leader thread, armed POSIX CPU timers would be left on a list but freed, leading to a use-after-free.
- CVE-2023-1192Nov 1, 2023affected < 5.14.21-150500.55.97.1.150500.6.45.1fixed 5.14.21-150500.55.97.1.150500.6.45.1
A use-after-free flaw was found in smb2_is_status_io_timeout() in CIFS in the Linux Kernel. After CIFS transfers response data to a system call, there are still local variable points to the memory region, and if the system call frees it faster than CIFS uses it, CIFS will access
- CVE-2023-42753Sep 25, 2023affected < 5.14.21-150500.55.124.1.150500.6.59.1fixed 5.14.21-150500.55.124.1.150500.6.59.1
An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the `h->nets` array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer out-of-bound. This iss
- CVE-2023-3772Jul 25, 2023affected < 5.14.21-150500.55.124.1.150500.6.59.1fixed 5.14.21-150500.55.124.1.150500.6.59.1
A flaw was found in the Linux kernel’s IP framework for transforming packets (XFRM subsystem). This issue may allow a malicious user with CAP_NET_ADMIN privileges to directly dereference a NULL pointer in xfrm_update_ae_params(), leading to a possible kernel crash and denial of s
Page 114 of 116