rpm package
suse/kernel-default-base&distro=SUSE Linux Enterprise Micro 5.2
pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Micro%205.2
Vulnerabilities (1,696)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-47344 | — | < 5.3.18-150300.59.164.1.150300.18.96.1 | 5.3.18-150300.59.164.1.150300.18.96.1 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: media: zr364xx: fix memory leak in zr364xx_start_readpipe syzbot reported memory leak in zr364xx driver. The problem was in non-freed urb in case of usb_submit_urb() fail. backtrace: [] kma | ||
| CVE-2021-47343 | — | < 5.3.18-150300.59.164.1.150300.18.96.1 | 5.3.18-150300.59.164.1.150300.18.96.1 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: dm btree remove: assign new_root only when removal succeeds remove_raw() in dm_btree_remove() may fail due to IO read error (e.g. read the content of origin block fails during shadowing), and the value of shado | ||
| CVE-2021-47341 | — | < 5.3.18-150300.59.164.1.150300.18.96.1 | 5.3.18-150300.59.164.1.150300.18.96.1 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: KVM: mmio: Fix use-after-free Read in kvm_vm_ioctl_unregister_coalesced_mmio BUG: KASAN: use-after-free in kvm_vm_ioctl_unregister_coalesced_mmio+0x7c/0x1ec arch/arm64/kvm/../../../virt/kvm/coalesced_mmio.c:183 | ||
| CVE-2021-47340 | — | < 5.3.18-150300.59.164.1.150300.18.96.1 | 5.3.18-150300.59.164.1.150300.18.96.1 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: jfs: fix GPF in diFree Avoid passing inode with JFS_SBI(inode->i_sb)->ipimap == NULL to diFree()[1]. GFP will appear: struct inode *ipimap = JFS_SBI(ip->i_sb)->ipimap; struct inomap *imap = JFS_IP(ipimap)->i | ||
| CVE-2021-47338 | — | < 5.3.18-150300.59.164.1.150300.18.96.1 | 5.3.18-150300.59.164.1.150300.18.96.1 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: fbmem: Do not delete the mode that is still in use The execution of fb_delete_videomode() is not based on the result of the previous fbcon_mode_deleted(). As a result, the mode is directly deleted, regardless o | ||
| CVE-2021-47337 | — | < 5.3.18-150300.59.164.1.150300.18.96.1 | 5.3.18-150300.59.164.1.150300.18.96.1 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix bad pointer dereference when ehandler kthread is invalid Commit 66a834d09293 ("scsi: core: Fix error handling of scsi_host_alloc()") changed the allocation logic to call put_device() to perform | ||
| CVE-2021-47334 | — | < 5.3.18-150300.59.164.1.150300.18.96.1 | 5.3.18-150300.59.164.1.150300.18.96.1 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: misc/libmasm/module: Fix two use after free in ibmasm_init_one In ibmasm_init_one, it calls ibmasm_init_remote_input_dev(). Inside ibmasm_init_remote_input_dev, mouse_dev and keybd_dev are allocated by input_al | ||
| CVE-2021-47333 | — | < 5.3.18-150300.59.164.1.150300.18.96.1 | 5.3.18-150300.59.164.1.150300.18.96.1 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: misc: alcor_pci: fix null-ptr-deref when there is no PCI bridge There is an issue with the ASPM(optional) capability checking function. A device might be attached to root complex directly, in this case, bus->se | ||
| CVE-2021-47332 | — | < 5.3.18-150300.59.164.1.150300.18.96.1 | 5.3.18-150300.59.164.1.150300.18.96.1 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: ALSA: usx2y: Don't call free_pages_exact() with NULL address Unlike some other functions, we can't pass NULL pointer to free_pages_exact(). Add a proper NULL check for avoiding possible Oops. | ||
| CVE-2021-47330 | — | < 5.3.18-150300.59.164.1.150300.18.96.1 | 5.3.18-150300.59.164.1.150300.18.96.1 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: tty: serial: 8250: serial_cs: Fix a memory leak in error handling path In the probe function, if the final 'serial_config()' fails, 'info' is leaking. Add a resource handling path to free this memory. | ||
| CVE-2021-47329 | — | < 5.3.18-150300.59.164.1.150300.18.96.1 | 5.3.18-150300.59.164.1.150300.18.96.1 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: scsi: megaraid_sas: Fix resource leak in case of probe failure The driver doesn't clean up all the allocated resources properly when scsi_add_host(), megasas_start_aen() function fails during the PCI device pro | ||
| CVE-2021-47328 | — | < 5.3.18-150300.59.167.1.150300.18.98.1 | 5.3.18-150300.59.167.1.150300.18.98.1 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: scsi: iscsi: Fix conn use after free during resets If we haven't done a unbind target call we can race where iscsi_conn_teardown wakes up the EH thread and then frees the conn while those threads are still acce | ||
| CVE-2021-47324 | — | < 5.3.18-150300.59.164.1.150300.18.96.1 | 5.3.18-150300.59.164.1.150300.18.96.1 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: watchdog: Fix possible use-after-free in wdt_startup() This module's remove path calls del_timer(). However, that function does not wait until the timer handler finishes. This means that the timer handler may s | ||
| CVE-2021-47323 | — | < 5.3.18-150300.59.164.1.150300.18.96.1 | 5.3.18-150300.59.164.1.150300.18.96.1 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: watchdog: sc520_wdt: Fix possible use-after-free in wdt_turnoff() This module's remove path calls del_timer(). However, that function does not wait until the timer handler finishes. This means that the timer ha | ||
| CVE-2021-47321 | — | < 5.3.18-150300.59.164.1.150300.18.96.1 | 5.3.18-150300.59.164.1.150300.18.96.1 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: watchdog: Fix possible use-after-free by calling del_timer_sync() This driver's remove path calls del_timer(). However, that function does not wait until the timer handler finishes. This means that the timer ha | ||
| CVE-2021-47320 | — | < 5.3.18-150300.59.164.1.150300.18.96.1 | 5.3.18-150300.59.164.1.150300.18.96.1 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: nfs: fix acl memory leak of posix_acl_create() When looking into another nfs xfstests report, I found acl and default_acl in nfs3_proc_create() and nfs3_proc_mknod() error paths are possibly leaked. Fix them in | ||
| CVE-2021-47315 | — | < 5.3.18-150300.59.164.1.150300.18.96.1 | 5.3.18-150300.59.164.1.150300.18.96.1 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: memory: fsl_ifc: fix leak of IO mapping on probe failure On probe error the driver should unmap the IO memory. Smatch reports: drivers/memory/fsl_ifc.c:298 fsl_ifc_ctrl_probe() warn: 'fsl_ifc_ctrl_dev->greg | ||
| CVE-2021-47314 | — | < 5.3.18-150300.59.164.1.150300.18.96.1 | 5.3.18-150300.59.164.1.150300.18.96.1 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: memory: fsl_ifc: fix leak of private memory on probe failure On probe error the driver should free the memory allocated for private structure. Fix this by using resource-managed allocation. | ||
| CVE-2021-47311 | — | < 5.3.18-150300.59.167.1.150300.18.98.1 | 5.3.18-150300.59.167.1.150300.18.98.1 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: qcom/emac: fix UAF in emac_remove adpt is netdev private data and it cannot be used after free_netdev() call. Using adpt after free_netdev() can cause UAF bug. Fix it by moving free_netdev() at the end of | ||
| CVE-2021-47308 | — | < 5.3.18-150300.59.164.1.150300.18.96.1 | 5.3.18-150300.59.164.1.150300.18.96.1 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: scsi: libfc: Fix array index out of bound exception Fix array index out of bound exception in fc_rport_prli_resp(). |
- CVE-2021-47344May 21, 2024affected < 5.3.18-150300.59.164.1.150300.18.96.1fixed 5.3.18-150300.59.164.1.150300.18.96.1
In the Linux kernel, the following vulnerability has been resolved: media: zr364xx: fix memory leak in zr364xx_start_readpipe syzbot reported memory leak in zr364xx driver. The problem was in non-freed urb in case of usb_submit_urb() fail. backtrace: [] kma
- CVE-2021-47343May 21, 2024affected < 5.3.18-150300.59.164.1.150300.18.96.1fixed 5.3.18-150300.59.164.1.150300.18.96.1
In the Linux kernel, the following vulnerability has been resolved: dm btree remove: assign new_root only when removal succeeds remove_raw() in dm_btree_remove() may fail due to IO read error (e.g. read the content of origin block fails during shadowing), and the value of shado
- CVE-2021-47341May 21, 2024affected < 5.3.18-150300.59.164.1.150300.18.96.1fixed 5.3.18-150300.59.164.1.150300.18.96.1
In the Linux kernel, the following vulnerability has been resolved: KVM: mmio: Fix use-after-free Read in kvm_vm_ioctl_unregister_coalesced_mmio BUG: KASAN: use-after-free in kvm_vm_ioctl_unregister_coalesced_mmio+0x7c/0x1ec arch/arm64/kvm/../../../virt/kvm/coalesced_mmio.c:183
- CVE-2021-47340May 21, 2024affected < 5.3.18-150300.59.164.1.150300.18.96.1fixed 5.3.18-150300.59.164.1.150300.18.96.1
In the Linux kernel, the following vulnerability has been resolved: jfs: fix GPF in diFree Avoid passing inode with JFS_SBI(inode->i_sb)->ipimap == NULL to diFree()[1]. GFP will appear: struct inode *ipimap = JFS_SBI(ip->i_sb)->ipimap; struct inomap *imap = JFS_IP(ipimap)->i
- CVE-2021-47338May 21, 2024affected < 5.3.18-150300.59.164.1.150300.18.96.1fixed 5.3.18-150300.59.164.1.150300.18.96.1
In the Linux kernel, the following vulnerability has been resolved: fbmem: Do not delete the mode that is still in use The execution of fb_delete_videomode() is not based on the result of the previous fbcon_mode_deleted(). As a result, the mode is directly deleted, regardless o
- CVE-2021-47337May 21, 2024affected < 5.3.18-150300.59.164.1.150300.18.96.1fixed 5.3.18-150300.59.164.1.150300.18.96.1
In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix bad pointer dereference when ehandler kthread is invalid Commit 66a834d09293 ("scsi: core: Fix error handling of scsi_host_alloc()") changed the allocation logic to call put_device() to perform
- CVE-2021-47334May 21, 2024affected < 5.3.18-150300.59.164.1.150300.18.96.1fixed 5.3.18-150300.59.164.1.150300.18.96.1
In the Linux kernel, the following vulnerability has been resolved: misc/libmasm/module: Fix two use after free in ibmasm_init_one In ibmasm_init_one, it calls ibmasm_init_remote_input_dev(). Inside ibmasm_init_remote_input_dev, mouse_dev and keybd_dev are allocated by input_al
- CVE-2021-47333May 21, 2024affected < 5.3.18-150300.59.164.1.150300.18.96.1fixed 5.3.18-150300.59.164.1.150300.18.96.1
In the Linux kernel, the following vulnerability has been resolved: misc: alcor_pci: fix null-ptr-deref when there is no PCI bridge There is an issue with the ASPM(optional) capability checking function. A device might be attached to root complex directly, in this case, bus->se
- CVE-2021-47332May 21, 2024affected < 5.3.18-150300.59.164.1.150300.18.96.1fixed 5.3.18-150300.59.164.1.150300.18.96.1
In the Linux kernel, the following vulnerability has been resolved: ALSA: usx2y: Don't call free_pages_exact() with NULL address Unlike some other functions, we can't pass NULL pointer to free_pages_exact(). Add a proper NULL check for avoiding possible Oops.
- CVE-2021-47330May 21, 2024affected < 5.3.18-150300.59.164.1.150300.18.96.1fixed 5.3.18-150300.59.164.1.150300.18.96.1
In the Linux kernel, the following vulnerability has been resolved: tty: serial: 8250: serial_cs: Fix a memory leak in error handling path In the probe function, if the final 'serial_config()' fails, 'info' is leaking. Add a resource handling path to free this memory.
- CVE-2021-47329May 21, 2024affected < 5.3.18-150300.59.164.1.150300.18.96.1fixed 5.3.18-150300.59.164.1.150300.18.96.1
In the Linux kernel, the following vulnerability has been resolved: scsi: megaraid_sas: Fix resource leak in case of probe failure The driver doesn't clean up all the allocated resources properly when scsi_add_host(), megasas_start_aen() function fails during the PCI device pro
- CVE-2021-47328May 21, 2024affected < 5.3.18-150300.59.167.1.150300.18.98.1fixed 5.3.18-150300.59.167.1.150300.18.98.1
In the Linux kernel, the following vulnerability has been resolved: scsi: iscsi: Fix conn use after free during resets If we haven't done a unbind target call we can race where iscsi_conn_teardown wakes up the EH thread and then frees the conn while those threads are still acce
- CVE-2021-47324May 21, 2024affected < 5.3.18-150300.59.164.1.150300.18.96.1fixed 5.3.18-150300.59.164.1.150300.18.96.1
In the Linux kernel, the following vulnerability has been resolved: watchdog: Fix possible use-after-free in wdt_startup() This module's remove path calls del_timer(). However, that function does not wait until the timer handler finishes. This means that the timer handler may s
- CVE-2021-47323May 21, 2024affected < 5.3.18-150300.59.164.1.150300.18.96.1fixed 5.3.18-150300.59.164.1.150300.18.96.1
In the Linux kernel, the following vulnerability has been resolved: watchdog: sc520_wdt: Fix possible use-after-free in wdt_turnoff() This module's remove path calls del_timer(). However, that function does not wait until the timer handler finishes. This means that the timer ha
- CVE-2021-47321May 21, 2024affected < 5.3.18-150300.59.164.1.150300.18.96.1fixed 5.3.18-150300.59.164.1.150300.18.96.1
In the Linux kernel, the following vulnerability has been resolved: watchdog: Fix possible use-after-free by calling del_timer_sync() This driver's remove path calls del_timer(). However, that function does not wait until the timer handler finishes. This means that the timer ha
- CVE-2021-47320May 21, 2024affected < 5.3.18-150300.59.164.1.150300.18.96.1fixed 5.3.18-150300.59.164.1.150300.18.96.1
In the Linux kernel, the following vulnerability has been resolved: nfs: fix acl memory leak of posix_acl_create() When looking into another nfs xfstests report, I found acl and default_acl in nfs3_proc_create() and nfs3_proc_mknod() error paths are possibly leaked. Fix them in
- CVE-2021-47315May 21, 2024affected < 5.3.18-150300.59.164.1.150300.18.96.1fixed 5.3.18-150300.59.164.1.150300.18.96.1
In the Linux kernel, the following vulnerability has been resolved: memory: fsl_ifc: fix leak of IO mapping on probe failure On probe error the driver should unmap the IO memory. Smatch reports: drivers/memory/fsl_ifc.c:298 fsl_ifc_ctrl_probe() warn: 'fsl_ifc_ctrl_dev->greg
- CVE-2021-47314May 21, 2024affected < 5.3.18-150300.59.164.1.150300.18.96.1fixed 5.3.18-150300.59.164.1.150300.18.96.1
In the Linux kernel, the following vulnerability has been resolved: memory: fsl_ifc: fix leak of private memory on probe failure On probe error the driver should free the memory allocated for private structure. Fix this by using resource-managed allocation.
- CVE-2021-47311May 21, 2024affected < 5.3.18-150300.59.167.1.150300.18.98.1fixed 5.3.18-150300.59.167.1.150300.18.98.1
In the Linux kernel, the following vulnerability has been resolved: net: qcom/emac: fix UAF in emac_remove adpt is netdev private data and it cannot be used after free_netdev() call. Using adpt after free_netdev() can cause UAF bug. Fix it by moving free_netdev() at the end of
- CVE-2021-47308May 21, 2024affected < 5.3.18-150300.59.164.1.150300.18.96.1fixed 5.3.18-150300.59.164.1.150300.18.96.1
In the Linux kernel, the following vulnerability has been resolved: scsi: libfc: Fix array index out of bound exception Fix array index out of bound exception in fc_rport_prli_resp().
Page 51 of 85