rpm package
suse/kernel-default-base&distro=SUSE Linux Enterprise Micro 5.2
pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Micro%205.2
Vulnerabilities (1,696)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-47192 | — | < 5.3.18-150300.59.164.1.150300.18.96.1 | 5.3.18-150300.59.164.1.150300.18.96.1 | Apr 10, 2024 | In the Linux kernel, the following vulnerability has been resolved: scsi: core: sysfs: Fix hang when device state is set via sysfs This fixes a regression added with: commit f0f82e2476f6 ("scsi: core: Fix capacity set to zero after offlinining device") The problem is that aft | ||
| CVE-2021-47189 | — | < 5.3.18-150300.59.158.1.150300.18.92.5 | 5.3.18-150300.59.158.1.150300.18.92.5 | Apr 10, 2024 | In the Linux kernel, the following vulnerability has been resolved: btrfs: fix memory ordering between normal and ordered work functions Ordered work functions aren't guaranteed to be handled by the same thread which executed the normal work functions. The only way execution be | ||
| CVE-2021-47185 | — | < 5.3.18-150300.59.158.1.150300.18.92.5 | 5.3.18-150300.59.158.1.150300.18.92.5 | Apr 10, 2024 | In the Linux kernel, the following vulnerability has been resolved: tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc When running ltp testcase(ltp/testcases/kernel/pty/pty04.c) with arm64, there is a soft lockup, which look like this one: Workqueue: events_unbound | ||
| CVE-2021-47184 | — | < 5.3.18-150300.59.161.1.150300.18.94.1 | 5.3.18-150300.59.161.1.150300.18.94.1 | Apr 10, 2024 | In the Linux kernel, the following vulnerability has been resolved: i40e: Fix NULL ptr dereference on VSI filter sync Remove the reason of null pointer dereference in sync VSI filters. Added new I40E_VSI_RELEASING flag to signalize deleting and releasing of VSI resources to syn | ||
| CVE-2021-47183 | — | < 5.3.18-150300.59.158.1.150300.18.92.5 | 5.3.18-150300.59.158.1.150300.18.92.5 | Apr 10, 2024 | In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix link down processing to address NULL pointer dereference If an FC link down transition while PLOGIs are outstanding to fabric well known addresses, outstanding ABTS requests may result in a NULL | ||
| CVE-2021-47181 | — | < 5.3.18-150300.59.158.1.150300.18.92.5 | 5.3.18-150300.59.158.1.150300.18.92.5 | Apr 10, 2024 | In the Linux kernel, the following vulnerability has been resolved: usb: musb: tusb6010: check return value after calling platform_get_resource() It will cause null-ptr-deref if platform_get_resource() returns NULL, we need check the return value. | ||
| CVE-2024-26816 | Med | 5.5 | < 5.3.18-150300.59.161.1.150300.18.94.1 | 5.3.18-150300.59.161.1.150300.18.94.1 | Apr 10, 2024 | In the Linux kernel, the following vulnerability has been resolved: x86, relocs: Ignore relocations in .notes section When building with CONFIG_XEN_PV=y, .text symbols are emitted into the .notes section so that Xen can find the "startup_xen" entry point. This information is us | |
| CVE-2024-26800 | — | < 5.3.18-150300.59.170.1.150300.18.100.1 | 5.3.18-150300.59.170.1.150300.18.100.1 | Apr 4, 2024 | In the Linux kernel, the following vulnerability has been resolved: tls: fix use-after-free on failed backlog decryption When the decrypt request goes to the backlog and crypto_aead_decrypt returns -EBUSY, tls_do_decryption will wait until all async decryptions have completed. | ||
| CVE-2024-26744 | — | < 5.3.18-150300.59.161.1.150300.18.94.1 | 5.3.18-150300.59.161.1.150300.18.94.1 | Apr 3, 2024 | In the Linux kernel, the following vulnerability has been resolved: RDMA/srpt: Support specifying the srpt_service_guid parameter Make loading ib_srpt with this parameter set work. The current behavior is that setting that parameter while loading the ib_srpt kernel module trigg | ||
| CVE-2024-26739 | — | < 5.3.18-150300.59.161.1.150300.18.94.1 | 5.3.18-150300.59.161.1.150300.18.94.1 | Apr 3, 2024 | In the Linux kernel, the following vulnerability has been resolved: net/sched: act_mirred: don't override retval if we already lost the skb If we're redirecting the skb, and haven't called tcf_mirred_forward(), yet, we need to tell the core to drop the skb by setting the retcod | ||
| CVE-2024-26733 | — | < 5.3.18-150300.59.158.1.150300.18.92.5 | 5.3.18-150300.59.158.1.150300.18.92.5 | Apr 3, 2024 | In the Linux kernel, the following vulnerability has been resolved: arp: Prevent overflow in arp_req_get(). syzkaller reported an overflown write in arp_req_get(). [0] When ioctl(SIOCGARP) is issued, arp_req_get() looks up an neighbour entry and copies neigh->ha to struct arpr | ||
| CVE-2024-26704 | — | < 5.3.18-150300.59.158.1.150300.18.92.5 | 5.3.18-150300.59.158.1.150300.18.92.5 | Apr 3, 2024 | In the Linux kernel, the following vulnerability has been resolved: ext4: fix double-free of blocks due to wrong extents moved_len In ext4_move_extents(), moved_len is only updated when all moves are successfully executed, and only discards orig_inode and donor_inode preallocat | ||
| CVE-2024-26689 | — | < 5.3.18-150300.59.161.1.150300.18.94.1 | 5.3.18-150300.59.161.1.150300.18.94.1 | Apr 3, 2024 | In the Linux kernel, the following vulnerability has been resolved: ceph: prevent use-after-free in encode_cap_msg() In fs/ceph/caps.c, in encode_cap_msg(), "use after free" error was caught by KASAN at this line - 'ceph_buffer_get(arg->xattr_buf);'. This implies before the ref | ||
| CVE-2024-26688 | — | < 5.3.18-150300.59.161.1.150300.18.94.1 | 5.3.18-150300.59.161.1.150300.18.94.1 | Apr 3, 2024 | In the Linux kernel, the following vulnerability has been resolved: fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super When configuring a hugetlb filesystem via the fsconfig() syscall, there is a possible NULL dereference in hugetlbfs_fill_super() caused by assigni | ||
| CVE-2023-52628 | — | < 5.3.18-150300.59.158.1.150300.18.92.5 | 5.3.18-150300.59.158.1.150300.18.92.5 | Mar 28, 2024 | In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: exthdr: fix 4-byte stack OOB write If priv->len is a multiple of 4, then dst[len / 4] can write past the destination array which leads to stack corruption. This construct is necessary to c | ||
| CVE-2021-47180 | — | < 5.3.18-150300.59.158.1.150300.18.92.5 | 5.3.18-150300.59.158.1.150300.18.92.5 | Mar 25, 2024 | In the Linux kernel, the following vulnerability has been resolved: NFC: nci: fix memory leak in nci_allocate_device nfcmrvl_disconnect fails to free the hci_dev field in struct nci_dev. Fix this by freeing hci_dev in nci_free_device. BUG: memory leak unreferenced object 0xfff | ||
| CVE-2021-47179 | — | < 5.3.18-150300.59.158.1.150300.18.92.5 | 5.3.18-150300.59.158.1.150300.18.92.5 | Mar 25, 2024 | In the Linux kernel, the following vulnerability has been resolved: NFSv4: Fix a NULL pointer dereference in pnfs_mark_matching_lsegs_return() Commit de144ff4234f changes _pnfs_return_layout() to call pnfs_mark_matching_lsegs_return() passing NULL as the struct pnfs_layout_rang | ||
| CVE-2021-47177 | — | < 5.3.18-150300.59.158.1.150300.18.92.5 | 5.3.18-150300.59.158.1.150300.18.92.5 | Mar 25, 2024 | In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix sysfs leak in alloc_iommu() iommu_device_sysfs_add() is called before, so is has to be cleaned on subsequent errors. | ||
| CVE-2021-47176 | — | < 5.3.18-150300.59.158.1.150300.18.92.5 | 5.3.18-150300.59.158.1.150300.18.92.5 | Mar 25, 2024 | In the Linux kernel, the following vulnerability has been resolved: s390/dasd: add missing discipline function Fix crash with illegal operation exception in dasd_device_tasklet. Commit b72949328869 ("s390/dasd: Prepare for additional path event handling") renamed the verify_pat | ||
| CVE-2021-47175 | — | < 5.3.18-150300.59.158.1.150300.18.92.5 | 5.3.18-150300.59.158.1.150300.18.92.5 | Mar 25, 2024 | In the Linux kernel, the following vulnerability has been resolved: net/sched: fq_pie: fix OOB access in the traffic path the following script: # tc qdisc add dev eth0 handle 0x1 root fq_pie flows 2 # tc qdisc add dev eth0 clsact # tc filter add dev eth0 egress matchall |
- CVE-2021-47192Apr 10, 2024affected < 5.3.18-150300.59.164.1.150300.18.96.1fixed 5.3.18-150300.59.164.1.150300.18.96.1
In the Linux kernel, the following vulnerability has been resolved: scsi: core: sysfs: Fix hang when device state is set via sysfs This fixes a regression added with: commit f0f82e2476f6 ("scsi: core: Fix capacity set to zero after offlinining device") The problem is that aft
- CVE-2021-47189Apr 10, 2024affected < 5.3.18-150300.59.158.1.150300.18.92.5fixed 5.3.18-150300.59.158.1.150300.18.92.5
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix memory ordering between normal and ordered work functions Ordered work functions aren't guaranteed to be handled by the same thread which executed the normal work functions. The only way execution be
- CVE-2021-47185Apr 10, 2024affected < 5.3.18-150300.59.158.1.150300.18.92.5fixed 5.3.18-150300.59.158.1.150300.18.92.5
In the Linux kernel, the following vulnerability has been resolved: tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc When running ltp testcase(ltp/testcases/kernel/pty/pty04.c) with arm64, there is a soft lockup, which look like this one: Workqueue: events_unbound
- CVE-2021-47184Apr 10, 2024affected < 5.3.18-150300.59.161.1.150300.18.94.1fixed 5.3.18-150300.59.161.1.150300.18.94.1
In the Linux kernel, the following vulnerability has been resolved: i40e: Fix NULL ptr dereference on VSI filter sync Remove the reason of null pointer dereference in sync VSI filters. Added new I40E_VSI_RELEASING flag to signalize deleting and releasing of VSI resources to syn
- CVE-2021-47183Apr 10, 2024affected < 5.3.18-150300.59.158.1.150300.18.92.5fixed 5.3.18-150300.59.158.1.150300.18.92.5
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix link down processing to address NULL pointer dereference If an FC link down transition while PLOGIs are outstanding to fabric well known addresses, outstanding ABTS requests may result in a NULL
- CVE-2021-47181Apr 10, 2024affected < 5.3.18-150300.59.158.1.150300.18.92.5fixed 5.3.18-150300.59.158.1.150300.18.92.5
In the Linux kernel, the following vulnerability has been resolved: usb: musb: tusb6010: check return value after calling platform_get_resource() It will cause null-ptr-deref if platform_get_resource() returns NULL, we need check the return value.
- affected < 5.3.18-150300.59.161.1.150300.18.94.1fixed 5.3.18-150300.59.161.1.150300.18.94.1
In the Linux kernel, the following vulnerability has been resolved: x86, relocs: Ignore relocations in .notes section When building with CONFIG_XEN_PV=y, .text symbols are emitted into the .notes section so that Xen can find the "startup_xen" entry point. This information is us
- CVE-2024-26800Apr 4, 2024affected < 5.3.18-150300.59.170.1.150300.18.100.1fixed 5.3.18-150300.59.170.1.150300.18.100.1
In the Linux kernel, the following vulnerability has been resolved: tls: fix use-after-free on failed backlog decryption When the decrypt request goes to the backlog and crypto_aead_decrypt returns -EBUSY, tls_do_decryption will wait until all async decryptions have completed.
- CVE-2024-26744Apr 3, 2024affected < 5.3.18-150300.59.161.1.150300.18.94.1fixed 5.3.18-150300.59.161.1.150300.18.94.1
In the Linux kernel, the following vulnerability has been resolved: RDMA/srpt: Support specifying the srpt_service_guid parameter Make loading ib_srpt with this parameter set work. The current behavior is that setting that parameter while loading the ib_srpt kernel module trigg
- CVE-2024-26739Apr 3, 2024affected < 5.3.18-150300.59.161.1.150300.18.94.1fixed 5.3.18-150300.59.161.1.150300.18.94.1
In the Linux kernel, the following vulnerability has been resolved: net/sched: act_mirred: don't override retval if we already lost the skb If we're redirecting the skb, and haven't called tcf_mirred_forward(), yet, we need to tell the core to drop the skb by setting the retcod
- CVE-2024-26733Apr 3, 2024affected < 5.3.18-150300.59.158.1.150300.18.92.5fixed 5.3.18-150300.59.158.1.150300.18.92.5
In the Linux kernel, the following vulnerability has been resolved: arp: Prevent overflow in arp_req_get(). syzkaller reported an overflown write in arp_req_get(). [0] When ioctl(SIOCGARP) is issued, arp_req_get() looks up an neighbour entry and copies neigh->ha to struct arpr
- CVE-2024-26704Apr 3, 2024affected < 5.3.18-150300.59.158.1.150300.18.92.5fixed 5.3.18-150300.59.158.1.150300.18.92.5
In the Linux kernel, the following vulnerability has been resolved: ext4: fix double-free of blocks due to wrong extents moved_len In ext4_move_extents(), moved_len is only updated when all moves are successfully executed, and only discards orig_inode and donor_inode preallocat
- CVE-2024-26689Apr 3, 2024affected < 5.3.18-150300.59.161.1.150300.18.94.1fixed 5.3.18-150300.59.161.1.150300.18.94.1
In the Linux kernel, the following vulnerability has been resolved: ceph: prevent use-after-free in encode_cap_msg() In fs/ceph/caps.c, in encode_cap_msg(), "use after free" error was caught by KASAN at this line - 'ceph_buffer_get(arg->xattr_buf);'. This implies before the ref
- CVE-2024-26688Apr 3, 2024affected < 5.3.18-150300.59.161.1.150300.18.94.1fixed 5.3.18-150300.59.161.1.150300.18.94.1
In the Linux kernel, the following vulnerability has been resolved: fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super When configuring a hugetlb filesystem via the fsconfig() syscall, there is a possible NULL dereference in hugetlbfs_fill_super() caused by assigni
- CVE-2023-52628Mar 28, 2024affected < 5.3.18-150300.59.158.1.150300.18.92.5fixed 5.3.18-150300.59.158.1.150300.18.92.5
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: exthdr: fix 4-byte stack OOB write If priv->len is a multiple of 4, then dst[len / 4] can write past the destination array which leads to stack corruption. This construct is necessary to c
- CVE-2021-47180Mar 25, 2024affected < 5.3.18-150300.59.158.1.150300.18.92.5fixed 5.3.18-150300.59.158.1.150300.18.92.5
In the Linux kernel, the following vulnerability has been resolved: NFC: nci: fix memory leak in nci_allocate_device nfcmrvl_disconnect fails to free the hci_dev field in struct nci_dev. Fix this by freeing hci_dev in nci_free_device. BUG: memory leak unreferenced object 0xfff
- CVE-2021-47179Mar 25, 2024affected < 5.3.18-150300.59.158.1.150300.18.92.5fixed 5.3.18-150300.59.158.1.150300.18.92.5
In the Linux kernel, the following vulnerability has been resolved: NFSv4: Fix a NULL pointer dereference in pnfs_mark_matching_lsegs_return() Commit de144ff4234f changes _pnfs_return_layout() to call pnfs_mark_matching_lsegs_return() passing NULL as the struct pnfs_layout_rang
- CVE-2021-47177Mar 25, 2024affected < 5.3.18-150300.59.158.1.150300.18.92.5fixed 5.3.18-150300.59.158.1.150300.18.92.5
In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix sysfs leak in alloc_iommu() iommu_device_sysfs_add() is called before, so is has to be cleaned on subsequent errors.
- CVE-2021-47176Mar 25, 2024affected < 5.3.18-150300.59.158.1.150300.18.92.5fixed 5.3.18-150300.59.158.1.150300.18.92.5
In the Linux kernel, the following vulnerability has been resolved: s390/dasd: add missing discipline function Fix crash with illegal operation exception in dasd_device_tasklet. Commit b72949328869 ("s390/dasd: Prepare for additional path event handling") renamed the verify_pat
- CVE-2021-47175Mar 25, 2024affected < 5.3.18-150300.59.158.1.150300.18.92.5fixed 5.3.18-150300.59.158.1.150300.18.92.5
In the Linux kernel, the following vulnerability has been resolved: net/sched: fq_pie: fix OOB access in the traffic path the following script: # tc qdisc add dev eth0 handle 0x1 root fq_pie flows 2 # tc qdisc add dev eth0 clsact # tc filter add dev eth0 egress matchall
Page 57 of 85