rpm package
suse/kernel-default-base&distro=SUSE Linux Enterprise Micro 5.2
pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Micro%205.2
Vulnerabilities (1,696)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-52508 | — | < 5.3.18-150300.59.158.1.150300.18.92.5 | 5.3.18-150300.59.158.1.150300.18.92.5 | Mar 2, 2024 | In the Linux kernel, the following vulnerability has been resolved: nvme-fc: Prevent null pointer dereference in nvme_fc_io_getuuid() The nvme_fc_fcp_op structure describing an AEN operation is initialized with a null request structure pointer. An FC LLDD may make a call to nvm | ||
| CVE-2023-52502 | — | < 5.3.18-150300.59.153.2.150300.18.90.2 | 5.3.18-150300.59.153.2.150300.18.90.2 | Mar 2, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: nfc: fix races in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn() Sili Luo reported a race in nfc_llcp_sock_get(), leading to UAF. Getting a reference on the socket found in a lookup while holding a lock s | ||
| CVE-2023-52500 | — | < 5.3.18-150300.59.158.1.150300.18.92.5 | 5.3.18-150300.59.158.1.150300.18.92.5 | Mar 2, 2024 | In the Linux kernel, the following vulnerability has been resolved: scsi: pm80xx: Avoid leaking tags when processing OPC_INB_SET_CONTROLLER_CONFIG command Tags allocated for OPC_INB_SET_CONTROLLER_CONFIG command need to be freed when we receive the response. | ||
| CVE-2022-48627 | — | < 5.3.18-150300.59.153.2.150300.18.90.2 | 5.3.18-150300.59.153.2.150300.18.90.2 | Mar 2, 2024 | In the Linux kernel, the following vulnerability has been resolved: vt: fix memory overlapping when deleting chars in the buffer A memory overlapping copy occurs when deleting a long line. This memory overlapping copy can cause data corruption when scr_memcpyw is optimized to m | ||
| CVE-2021-47078 | — | < 5.3.18-150300.59.153.2.150300.18.90.2 | 5.3.18-150300.59.153.2.150300.18.90.2 | Mar 1, 2024 | In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Clear all QP fields if creation failed rxe_qp_do_cleanup() relies on valid pointer values in QP for the properly created ones, but in case rxe_qp_from_init() failed it was filled with garbage and caus | ||
| CVE-2021-47077 | — | < 5.3.18-150300.59.158.1.150300.18.92.5 | 5.3.18-150300.59.158.1.150300.18.92.5 | Mar 1, 2024 | In the Linux kernel, the following vulnerability has been resolved: scsi: qedf: Add pointer checks in qedf_update_link_speed() The following trace was observed: [ 14.042059] Call Trace: [ 14.042061] [ 14.042068] qedf_link_update+0x144/0x1f0 [qedf] [ 14.0421 | ||
| CVE-2021-47076 | — | < 5.3.18-150300.59.153.2.150300.18.90.2 | 5.3.18-150300.59.153.2.150300.18.90.2 | Mar 1, 2024 | In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Return CQE error if invalid lkey was supplied RXE is missing update of WQE status in LOCAL_WRITE failures. This caused the following kernel panic if someone sent an atomic operation with an explicitl | ||
| CVE-2021-47074 | — | < 5.3.18-150300.59.161.1.150300.18.94.1 | 5.3.18-150300.59.161.1.150300.18.94.1 | Mar 1, 2024 | In the Linux kernel, the following vulnerability has been resolved: nvme-loop: fix memory leak in nvme_loop_create_ctrl() When creating loop ctrl in nvme_loop_create_ctrl(), if nvme_init_ctrl() fails, the loop ctrl should be freed before jumping to the "out" label. | ||
| CVE-2021-47073 | — | < 5.3.18-150300.59.158.1.150300.18.92.5 | 5.3.18-150300.59.158.1.150300.18.92.5 | Mar 1, 2024 | In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-smbios-wmi: Fix oops on rmmod dell_smbios init_dell_smbios_wmi() only registers the dell_smbios_wmi_driver on systems where the Dell WMI interface is supported. While exit_dell_smbios_wmi() u | ||
| CVE-2021-47071 | — | < 5.3.18-150300.59.158.1.150300.18.92.5 | 5.3.18-150300.59.158.1.150300.18.92.5 | Mar 1, 2024 | In the Linux kernel, the following vulnerability has been resolved: uio_hv_generic: Fix a memory leak in error handling paths If 'vmbus_establish_gpadl()' fails, the (recv|send)_gpadl will not be updated and 'hv_uio_cleanup()' in the error handling path will not be able to free | ||
| CVE-2021-47070 | — | < 5.3.18-150300.59.158.1.150300.18.92.5 | 5.3.18-150300.59.158.1.150300.18.92.5 | Mar 1, 2024 | In the Linux kernel, the following vulnerability has been resolved: uio_hv_generic: Fix another memory leak in error handling paths Memory allocated by 'vmbus_alloc_ring()' at the beginning of the probe function is never freed in the error handling path. Add the missing 'vmbus | ||
| CVE-2021-47069 | — | < 5.3.18-150300.59.153.2.150300.18.90.2 | 5.3.18-150300.59.153.2.150300.18.90.2 | Mar 1, 2024 | In the Linux kernel, the following vulnerability has been resolved: ipc/mqueue, msg, sem: avoid relying on a stack reference past its expiry do_mq_timedreceive calls wq_sleep with a stack local address. The sender (do_mq_timedsend) uses this address to later call pipelined_sen | ||
| CVE-2021-47068 | — | < 5.3.18-150300.59.158.1.150300.18.92.5 | 5.3.18-150300.59.158.1.150300.18.92.5 | Feb 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: net/nfc: fix use-after-free llcp_sock_bind/connect Commits 8a4cd82d ("nfc: fix refcount leak in llcp_sock_connect()") and c33b1cc62 ("nfc: fix refcount leak in llcp_sock_bind()") fixed a refcount leak bug in bi | ||
| CVE-2021-47065 | — | < 5.3.18-150300.59.158.1.150300.18.92.5 | 5.3.18-150300.59.158.1.150300.18.92.5 | Feb 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: rtw88: Fix array overrun in rtw_get_tx_power_params() Using a kernel with the Undefined Behaviour Sanity Checker (UBSAN) enabled, the following array overrun is logged: ======================================== | ||
| CVE-2021-47063 | — | < 5.3.18-150300.59.158.1.150300.18.92.5 | 5.3.18-150300.59.158.1.150300.18.92.5 | Feb 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm: bridge/panel: Cleanup connector on bridge detach If we don't call drm_connector_cleanup() manually in panel_bridge_detach(), the connector will be cleaned up with the other DRM objects in the call to drm_m | ||
| CVE-2021-47061 | — | < 5.3.18-150300.59.153.2.150300.18.90.2 | 5.3.18-150300.59.153.2.150300.18.90.2 | Feb 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: KVM: Destroy I/O bus devices on unregister failure _after_ sync'ing SRCU If allocating a new instance of an I/O bus fails when unregistering a device, wait to destroy the device until after all readers are guar | ||
| CVE-2021-47060 | — | < 5.3.18-150300.59.153.2.150300.18.90.2 | 5.3.18-150300.59.153.2.150300.18.90.2 | Feb 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: KVM: Stop looking for coalesced MMIO zones if the bus is destroyed Abort the walk of coalesced MMIO zones if kvm_io_bus_unregister_dev() fails to allocate memory for the new instance of the bus. If it can't in | ||
| CVE-2021-47058 | — | < 5.3.18-150300.59.158.1.150300.18.92.5 | 5.3.18-150300.59.158.1.150300.18.92.5 | Feb 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: regmap: set debugfs_name to NULL after it is freed There is a upstream commit cffa4b2122f5("regmap:debugfs: Fix a memory leak when calling regmap_attach_dev") that adds a if condition when create name for debug | ||
| CVE-2021-47056 | — | < 5.3.18-150300.59.158.1.150300.18.92.5 | 5.3.18-150300.59.158.1.150300.18.92.5 | Feb 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: crypto: qat - ADF_STATUS_PF_RUNNING should be set after adf_dev_init ADF_STATUS_PF_RUNNING is (only) used and checked by adf_vf2pf_shutdown() before calling adf_iov_putmsg()->mutex_lock(vf2pf_lock), however the | ||
| CVE-2021-47055 | — | < 5.3.18-150300.59.158.1.150300.18.92.5 | 5.3.18-150300.59.158.1.150300.18.92.5 | Feb 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: mtd: require write permissions for locking and badblock ioctls MEMLOCK, MEMUNLOCK and OTPLOCK modify protection bits. Thus require write permission. Depending on the hardware MEMLOCK might even be write-once, e |
- CVE-2023-52508Mar 2, 2024affected < 5.3.18-150300.59.158.1.150300.18.92.5fixed 5.3.18-150300.59.158.1.150300.18.92.5
In the Linux kernel, the following vulnerability has been resolved: nvme-fc: Prevent null pointer dereference in nvme_fc_io_getuuid() The nvme_fc_fcp_op structure describing an AEN operation is initialized with a null request structure pointer. An FC LLDD may make a call to nvm
- CVE-2023-52502Mar 2, 2024affected < 5.3.18-150300.59.153.2.150300.18.90.2fixed 5.3.18-150300.59.153.2.150300.18.90.2
In the Linux kernel, the following vulnerability has been resolved: net: nfc: fix races in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn() Sili Luo reported a race in nfc_llcp_sock_get(), leading to UAF. Getting a reference on the socket found in a lookup while holding a lock s
- CVE-2023-52500Mar 2, 2024affected < 5.3.18-150300.59.158.1.150300.18.92.5fixed 5.3.18-150300.59.158.1.150300.18.92.5
In the Linux kernel, the following vulnerability has been resolved: scsi: pm80xx: Avoid leaking tags when processing OPC_INB_SET_CONTROLLER_CONFIG command Tags allocated for OPC_INB_SET_CONTROLLER_CONFIG command need to be freed when we receive the response.
- CVE-2022-48627Mar 2, 2024affected < 5.3.18-150300.59.153.2.150300.18.90.2fixed 5.3.18-150300.59.153.2.150300.18.90.2
In the Linux kernel, the following vulnerability has been resolved: vt: fix memory overlapping when deleting chars in the buffer A memory overlapping copy occurs when deleting a long line. This memory overlapping copy can cause data corruption when scr_memcpyw is optimized to m
- CVE-2021-47078Mar 1, 2024affected < 5.3.18-150300.59.153.2.150300.18.90.2fixed 5.3.18-150300.59.153.2.150300.18.90.2
In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Clear all QP fields if creation failed rxe_qp_do_cleanup() relies on valid pointer values in QP for the properly created ones, but in case rxe_qp_from_init() failed it was filled with garbage and caus
- CVE-2021-47077Mar 1, 2024affected < 5.3.18-150300.59.158.1.150300.18.92.5fixed 5.3.18-150300.59.158.1.150300.18.92.5
In the Linux kernel, the following vulnerability has been resolved: scsi: qedf: Add pointer checks in qedf_update_link_speed() The following trace was observed: [ 14.042059] Call Trace: [ 14.042061] [ 14.042068] qedf_link_update+0x144/0x1f0 [qedf] [ 14.0421
- CVE-2021-47076Mar 1, 2024affected < 5.3.18-150300.59.153.2.150300.18.90.2fixed 5.3.18-150300.59.153.2.150300.18.90.2
In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Return CQE error if invalid lkey was supplied RXE is missing update of WQE status in LOCAL_WRITE failures. This caused the following kernel panic if someone sent an atomic operation with an explicitl
- CVE-2021-47074Mar 1, 2024affected < 5.3.18-150300.59.161.1.150300.18.94.1fixed 5.3.18-150300.59.161.1.150300.18.94.1
In the Linux kernel, the following vulnerability has been resolved: nvme-loop: fix memory leak in nvme_loop_create_ctrl() When creating loop ctrl in nvme_loop_create_ctrl(), if nvme_init_ctrl() fails, the loop ctrl should be freed before jumping to the "out" label.
- CVE-2021-47073Mar 1, 2024affected < 5.3.18-150300.59.158.1.150300.18.92.5fixed 5.3.18-150300.59.158.1.150300.18.92.5
In the Linux kernel, the following vulnerability has been resolved: platform/x86: dell-smbios-wmi: Fix oops on rmmod dell_smbios init_dell_smbios_wmi() only registers the dell_smbios_wmi_driver on systems where the Dell WMI interface is supported. While exit_dell_smbios_wmi() u
- CVE-2021-47071Mar 1, 2024affected < 5.3.18-150300.59.158.1.150300.18.92.5fixed 5.3.18-150300.59.158.1.150300.18.92.5
In the Linux kernel, the following vulnerability has been resolved: uio_hv_generic: Fix a memory leak in error handling paths If 'vmbus_establish_gpadl()' fails, the (recv|send)_gpadl will not be updated and 'hv_uio_cleanup()' in the error handling path will not be able to free
- CVE-2021-47070Mar 1, 2024affected < 5.3.18-150300.59.158.1.150300.18.92.5fixed 5.3.18-150300.59.158.1.150300.18.92.5
In the Linux kernel, the following vulnerability has been resolved: uio_hv_generic: Fix another memory leak in error handling paths Memory allocated by 'vmbus_alloc_ring()' at the beginning of the probe function is never freed in the error handling path. Add the missing 'vmbus
- CVE-2021-47069Mar 1, 2024affected < 5.3.18-150300.59.153.2.150300.18.90.2fixed 5.3.18-150300.59.153.2.150300.18.90.2
In the Linux kernel, the following vulnerability has been resolved: ipc/mqueue, msg, sem: avoid relying on a stack reference past its expiry do_mq_timedreceive calls wq_sleep with a stack local address. The sender (do_mq_timedsend) uses this address to later call pipelined_sen
- CVE-2021-47068Feb 29, 2024affected < 5.3.18-150300.59.158.1.150300.18.92.5fixed 5.3.18-150300.59.158.1.150300.18.92.5
In the Linux kernel, the following vulnerability has been resolved: net/nfc: fix use-after-free llcp_sock_bind/connect Commits 8a4cd82d ("nfc: fix refcount leak in llcp_sock_connect()") and c33b1cc62 ("nfc: fix refcount leak in llcp_sock_bind()") fixed a refcount leak bug in bi
- CVE-2021-47065Feb 29, 2024affected < 5.3.18-150300.59.158.1.150300.18.92.5fixed 5.3.18-150300.59.158.1.150300.18.92.5
In the Linux kernel, the following vulnerability has been resolved: rtw88: Fix array overrun in rtw_get_tx_power_params() Using a kernel with the Undefined Behaviour Sanity Checker (UBSAN) enabled, the following array overrun is logged: ========================================
- CVE-2021-47063Feb 29, 2024affected < 5.3.18-150300.59.158.1.150300.18.92.5fixed 5.3.18-150300.59.158.1.150300.18.92.5
In the Linux kernel, the following vulnerability has been resolved: drm: bridge/panel: Cleanup connector on bridge detach If we don't call drm_connector_cleanup() manually in panel_bridge_detach(), the connector will be cleaned up with the other DRM objects in the call to drm_m
- CVE-2021-47061Feb 29, 2024affected < 5.3.18-150300.59.153.2.150300.18.90.2fixed 5.3.18-150300.59.153.2.150300.18.90.2
In the Linux kernel, the following vulnerability has been resolved: KVM: Destroy I/O bus devices on unregister failure _after_ sync'ing SRCU If allocating a new instance of an I/O bus fails when unregistering a device, wait to destroy the device until after all readers are guar
- CVE-2021-47060Feb 29, 2024affected < 5.3.18-150300.59.153.2.150300.18.90.2fixed 5.3.18-150300.59.153.2.150300.18.90.2
In the Linux kernel, the following vulnerability has been resolved: KVM: Stop looking for coalesced MMIO zones if the bus is destroyed Abort the walk of coalesced MMIO zones if kvm_io_bus_unregister_dev() fails to allocate memory for the new instance of the bus. If it can't in
- CVE-2021-47058Feb 29, 2024affected < 5.3.18-150300.59.158.1.150300.18.92.5fixed 5.3.18-150300.59.158.1.150300.18.92.5
In the Linux kernel, the following vulnerability has been resolved: regmap: set debugfs_name to NULL after it is freed There is a upstream commit cffa4b2122f5("regmap:debugfs: Fix a memory leak when calling regmap_attach_dev") that adds a if condition when create name for debug
- CVE-2021-47056Feb 29, 2024affected < 5.3.18-150300.59.158.1.150300.18.92.5fixed 5.3.18-150300.59.158.1.150300.18.92.5
In the Linux kernel, the following vulnerability has been resolved: crypto: qat - ADF_STATUS_PF_RUNNING should be set after adf_dev_init ADF_STATUS_PF_RUNNING is (only) used and checked by adf_vf2pf_shutdown() before calling adf_iov_putmsg()->mutex_lock(vf2pf_lock), however the
- CVE-2021-47055Feb 29, 2024affected < 5.3.18-150300.59.158.1.150300.18.92.5fixed 5.3.18-150300.59.158.1.150300.18.92.5
In the Linux kernel, the following vulnerability has been resolved: mtd: require write permissions for locking and badblock ioctls MEMLOCK, MEMUNLOCK and OTPLOCK modify protection bits. Thus require write permission. Depending on the hardware MEMLOCK might even be write-once, e
Page 61 of 85