suse/kernel-default-base&distro=SUSE Linux Enterprise Micro 5.2

Vulnerabilities (1,696)

• CVE-2022-49978Jun 18, 2025
  affected < 5.3.18-150300.59.211.1.150300.18.126.1fixed 5.3.18-150300.59.211.1.150300.18.126.1

  In the Linux kernel, the following vulnerability has been resolved: fbdev: fb_pm2fb: Avoid potential divide by zero error In `do_fb_ioctl()` of fbmem.c, if cmd is FBIOPUT_VSCREENINFO, var will be copied from user, then go through `fb_set_var()` and `info->fbops->fb_check_var()`

• CVE-2022-49977Jun 18, 2025
  affected < 5.3.18-150300.59.211.1.150300.18.126.1fixed 5.3.18-150300.59.211.1.150300.18.126.1

  In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead ftrace_startup does not remove ops from ftrace_ops_list when ftrace_startup_enable fails: register_ftrace_function ftrace_star

• CVE-2022-49968Jun 18, 2025
  affected < 5.3.18-150300.59.211.1.150300.18.126.1fixed 5.3.18-150300.59.211.1.150300.18.126.1

  In the Linux kernel, the following vulnerability has been resolved: ieee802154/adf7242: defer destroy_workqueue call There is a possible race condition (use-after-free) like below (FREE) | (USE) adf7242_remove | adf7242_channel cancel_d

• CVE-2022-49956Jun 18, 2025
  affected < 5.3.18-150300.59.211.1.150300.18.126.1fixed 5.3.18-150300.59.211.1.150300.18.126.1

  In the Linux kernel, the following vulnerability has been resolved: staging: rtl8712: fix use after free bugs _Read/Write_MACREG callbacks are NULL so the read/write_macreg_hdl() functions don't do anything except free the "pcmd" pointer. It results in a use after free. Delet

• CVE-2022-49954Jun 18, 2025
  affected < 5.3.18-150300.59.211.1.150300.18.126.1fixed 5.3.18-150300.59.211.1.150300.18.126.1

  In the Linux kernel, the following vulnerability has been resolved: Input: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag syzbot is reporting hung task at __input_unregister_device() [1], for iforce_close() waiting at wait_event_interruptible() with dev->mutex held is

• CVE-2022-49952Jun 18, 2025
  affected < 5.3.18-150300.59.211.1.150300.18.126.1fixed 5.3.18-150300.59.211.1.150300.18.126.1

  In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: fix memory corruption on probe Add the missing sanity check on the probed-session count to avoid corrupting memory beyond the fixed-size slab-allocated session array when there are more than FAST

• CVE-2022-49950Jun 18, 2025
  affected < 5.3.18-150300.59.211.1.150300.18.126.1fixed 5.3.18-150300.59.211.1.150300.18.126.1

  In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: fix memory corruption on open The probe session-duplication overflow check incremented the session count also when there were no more available sessions so that memory beyond the fixed-size slab-

• CVE-2022-49948Jun 18, 2025
  affected < 5.3.18-150300.59.211.1.150300.18.126.1fixed 5.3.18-150300.59.211.1.150300.18.126.1

  In the Linux kernel, the following vulnerability has been resolved: vt: Clear selection before changing the font When changing the console font with ioctl(KDFONTOP) the new font size can be bigger than the previous font. A previous selection may thus now be outside of the new s

• CVE-2022-49945Jun 18, 2025
  affected < 5.3.18-150300.59.211.1.150300.18.126.1fixed 5.3.18-150300.59.211.1.150300.18.126.1

  In the Linux kernel, the following vulnerability has been resolved: hwmon: (gpio-fan) Fix array out of bounds access The driver does not check if the cooling state passed to gpio_fan_set_cur_state() exceeds the maximum cooling state as stored in fan_data->num_speeds. Since the

• CVE-2022-49943Jun 18, 2025
  affected < 5.3.18-150300.59.235.1.150300.18.140.1fixed 5.3.18-150300.59.235.1.150300.18.140.1

  In the Linux kernel, the following vulnerability has been resolved: USB: gadget: Fix obscure lockdep violation for udc_mutex A recent commit expanding the scope of the udc_lock mutex in the gadget core managed to cause an obscure and slightly bizarre lockdep violation. In abbr

• CVE-2022-49942Jun 18, 2025
  affected < 5.3.18-150300.59.211.1.150300.18.126.1fixed 5.3.18-150300.59.211.1.150300.18.126.1

  In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: Don't finalize CSA in IBSS mode if state is disconnected When we are not connected to a channel, sending channel "switch" announcement doesn't make any sense. The BSS list is empty in that case

• CVE-2022-49937Jun 18, 2025
  affected < 5.3.18-150300.59.211.1.150300.18.126.1fixed 5.3.18-150300.59.211.1.150300.18.126.1

  In the Linux kernel, the following vulnerability has been resolved: media: mceusb: Use new usb_control_msg_*() routines Automatic kernel fuzzing led to a WARN about invalid pipe direction in the mceusb driver: ------------[ cut here ]------------ usb 6-1: BOGUS control dir, pi

• CVE-2022-49936Jun 18, 2025
  affected < 5.3.18-150300.59.211.1.150300.18.126.1fixed 5.3.18-150300.59.211.1.150300.18.126.1

  In the Linux kernel, the following vulnerability has been resolved: USB: core: Prevent nested device-reset calls Automatic kernel fuzzing revealed a recursive locking violation in usb-storage: ============================================ WARNING: possible recursive locking det

• CVE-2022-49934Jun 18, 2025
  affected < 5.3.18-150300.59.211.1.150300.18.126.1fixed 5.3.18-150300.59.211.1.150300.18.126.1

  In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: Fix UAF in ieee80211_scan_rx() ieee80211_scan_rx() tries to access scan_req->flags after a null check, but a UAF is observed when the scan is completed and __ieee80211_scan_completed() executes,

• CVE-2025-38079HigJun 18, 2025
  affected < 5.3.18-150300.59.215.1.150300.18.128.1fixed 5.3.18-150300.59.215.1.150300.18.128.1

  In the Linux kernel, the following vulnerability has been resolved: crypto: algif_hash - fix double free in hash_accept If accept(2) is called on socket type algif_hash with MSG_MORE flag set and crypto_ahash_import fails, sk2 is freed. However, it is also freed in af_alg_relea

• CVE-2025-38068Jun 18, 2025
  affected < 5.3.18-150300.59.232.1.150300.18.138.1fixed 5.3.18-150300.59.232.1.150300.18.138.1

  In the Linux kernel, the following vulnerability has been resolved: crypto: lzo - Fix compression buffer overrun Unlike the decompression code, the compression code in LZO never checked for output overruns. It instead assumes that the caller always provides enough buffer space

• CVE-2025-38011Jun 18, 2025
  affected < 5.3.18-150300.59.221.1.150300.18.132.1fixed 5.3.18-150300.59.221.1.150300.18.132.1

  In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: csa unmap use uninterruptible lock After process exit to unmap csa and free GPU vm, if signal is accepted and then waiting to take vm lock is interrupted and return, it causes memory leaking and bel

• CVE-2025-38001Jun 6, 2025
  affected < 5.3.18-150300.59.211.1.150300.18.126.1fixed 5.3.18-150300.59.211.1.150300.18.126.1

  In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice Savino says: "We are writing to report that this recent patch (141d34391abbb315d68556b7c67ad97885407547) [1] can be bypassed,

• CVE-2025-38000Jun 6, 2025
  affected < 5.3.18-150300.59.211.1.150300.18.126.1fixed 5.3.18-150300.59.211.1.150300.18.126.1

  In the Linux kernel, the following vulnerability has been resolved: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() When enqueuing the first packet to an HFSC class, hfsc_enqueue() calls the child qdisc's peek() operation before incrementing sch->q.qlen and

• CVE-2025-37997May 29, 2025
  affected < 5.3.18-150300.59.211.1.150300.18.126.1fixed 5.3.18-150300.59.211.1.150300.18.126.1

  In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: fix region locking in hash types Region locking introduced in v5.6-rc4 contained three macros to handle the region locks: ahash_bucket_start(), ahash_bucket_end() which gave back the start and