rpm package
suse/kernel-default-base&distro=SUSE Linux Enterprise Micro 5.3
pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Micro%205.3
Vulnerabilities (3,014)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-52837 | — | < 5.14.21-150400.24.125.1.150400.24.60.1 | 5.14.21-150400.24.125.1.150400.24.60.1 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: nbd: fix uaf in nbd_open Commit 4af5f2e03013 ("nbd: use blk_mq_alloc_disk and blk_cleanup_disk") cleans up disk by blk_cleanup_disk() and it won't set disk->private_data as NULL as before. UAF may be triggered | ||
| CVE-2023-52834 | — | < 5.14.21-150400.24.122.2.150400.24.58.2 | 5.14.21-150400.24.122.2.150400.24.58.2 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: atl1c: Work around the DMA RX overflow issue This is based on alx driver commit 881d0327db37 ("net: alx: Work around the DMA RX overflow issue"). The alx and atl1c drivers had RX overflow error which was why a | ||
| CVE-2023-52833 | — | < 5.14.21-150400.24.122.2.150400.24.58.2 | 5.14.21-150400.24.122.2.150400.24.58.2 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btusb: Add date->evt_skb is NULL check fix crash because of null pointers [ 6104.969662] BUG: kernel NULL pointer dereference, address: 00000000000000c8 [ 6104.969667] #PF: supervisor read access in | ||
| CVE-2023-52832 | — | < 5.14.21-150400.24.122.2.150400.24.58.2 | 5.14.21-150400.24.122.2.150400.24.58.2 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: don't return unset power in ieee80211_get_tx_power() We can get a UBSAN warning if ieee80211_get_tx_power() returns the INT_MIN value mac80211 internally uses for "unset power level". UBSAN: s | ||
| CVE-2023-52826 | — | < 5.14.21-150400.24.122.2.150400.24.58.2 | 5.14.21-150400.24.122.2.150400.24.58.2 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/panel/panel-tpo-tpg110: fix a possible null pointer dereference In tpg110_get_modes(), the return value of drm_mode_duplicate() is assigned to mode, which will lead to a NULL pointer dereference on failure | ||
| CVE-2023-52825 | — | < 5.14.21-150400.24.122.2.150400.24.58.2 | 5.14.21-150400.24.122.2.150400.24.58.2 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix a race condition of vram buffer unref in svm code prange->svm_bo unref can happen in both mmu callback and a callback after migrate to system ram. Both are async call in different tasks. Sync sv | ||
| CVE-2023-52821 | — | < 5.14.21-150400.24.122.2.150400.24.58.2 | 5.14.21-150400.24.122.2.150400.24.58.2 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/panel: fix a possible null pointer dereference In versatile_panel_get_modes(), the return value of drm_mode_duplicate() is assigned to mode, which will lead to a NULL pointer dereference on failure of drm_m | ||
| CVE-2023-52819 | — | < 5.14.21-150400.24.122.2.150400.24.58.2 | 5.14.21-150400.24.122.2.150400.24.58.2 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and Tonga For pptable structs that use flexible array sizes, use flexible arrays. | ||
| CVE-2023-52818 | — | < 5.14.21-150400.24.122.2.150400.24.58.2 | 5.14.21-150400.24.122.2.150400.24.58.2 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/amd: Fix UBSAN array-index-out-of-bounds for SMU7 For pptable structs that use flexible array sizes, use flexible arrays. | ||
| CVE-2023-52817 | — | < 5.14.21-150400.24.122.2.150400.24.58.2 | 5.14.21-150400.24.122.2.150400.24.58.2 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix a null pointer access when the smc_rreg pointer is NULL In certain types of chips, such as VEGA20, reading the amdgpu_regs_smc file could result in an abnormal null pointer access when the smc_r | ||
| CVE-2023-52816 | — | < 5.14.21-150400.24.122.2.150400.24.58.2 | 5.14.21-150400.24.122.2.150400.24.58.2 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix shift out-of-bounds issue [ 567.613292] shift exponent 255 is too large for 64-bit type 'long unsigned int' [ 567.614498] CPU: 5 PID: 238 Comm: kworker/5:1 Tainted: G OE 6.2.0-3 | ||
| CVE-2023-52814 | — | < 5.14.21-150400.24.122.2.150400.24.58.2 | 5.14.21-150400.24.122.2.150400.24.58.2 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix potential null pointer derefernce The amdgpu_ras_get_context may return NULL if device not support ras feature, so add check before using. | ||
| CVE-2023-52811 | — | < 5.14.21-150400.24.122.2.150400.24.58.2 | 5.14.21-150400.24.122.2.150400.24.58.2 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: scsi: ibmvfc: Remove BUG_ON in the case of an empty event pool In practice the driver should never send more commands than are allocated to a queue's event pool. In the unlikely event that this happens, the cod | ||
| CVE-2023-52810 | — | < 5.14.21-150400.24.122.2.150400.24.58.2 | 5.14.21-150400.24.122.2.150400.24.58.2 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: fs/jfs: Add check for negative db_l2nbperpage l2nbperpage is log2(number of blks per page), and the minimum legal value should be 0, not negative. In the case of l2nbperpage being negative, an error will occur | ||
| CVE-2023-52806 | — | < 5.14.21-150400.24.122.2.150400.24.58.2 | 5.14.21-150400.24.122.2.150400.24.58.2 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: Fix possible null-ptr-deref when assigning a stream While AudioDSP drivers assign streams exclusively of HOST or LINK type, nothing blocks a user to attempt to assign a COUPLED stream. As supplied su | ||
| CVE-2023-52805 | — | < 5.14.21-150400.24.122.2.150400.24.58.2 | 5.14.21-150400.24.122.2.150400.24.58.2 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: jfs: fix array-index-out-of-bounds in diAlloc Currently there is not check against the agno of the iag while allocating new inodes to avoid fragmentation problem. Added the check which is required. | ||
| CVE-2023-52804 | — | < 5.14.21-150400.24.122.2.150400.24.58.2 | 5.14.21-150400.24.122.2.150400.24.58.2 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: fs/jfs: Add validity check for db_maxag and db_agpref Both db_maxag and db_agpref are used as the index of the db_agfree array, but there is currently no validity check for db_maxag and db_agpref, which can lea | ||
| CVE-2023-52800 | — | < 5.14.21-150400.24.122.2.150400.24.58.2 | 5.14.21-150400.24.122.2.150400.24.58.2 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix htt pktlog locking The ath11k active pdevs are protected by RCU but the htt pktlog handling code calling ath11k_mac_get_ar_by_pdev_id() was not marked as a read-side critical section. Mark th | ||
| CVE-2023-52799 | — | < 5.14.21-150400.24.122.2.150400.24.58.2 | 5.14.21-150400.24.122.2.150400.24.58.2 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: jfs: fix array-index-out-of-bounds in dbFindLeaf Currently while searching for dmtree_t for sufficient free blocks there is an array out of bounds while getting element in tp->dm_stree. To add the required chec | ||
| CVE-2023-52798 | — | < 5.14.21-150400.24.122.2.150400.24.58.2 | 5.14.21-150400.24.122.2.150400.24.58.2 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix dfs radar event locking The ath11k active pdevs are protected by RCU but the DFS radar event handling code calling ath11k_mac_get_ar_by_pdev_id() was not marked as a read-side critical section |
- CVE-2023-52837May 21, 2024affected < 5.14.21-150400.24.125.1.150400.24.60.1fixed 5.14.21-150400.24.125.1.150400.24.60.1
In the Linux kernel, the following vulnerability has been resolved: nbd: fix uaf in nbd_open Commit 4af5f2e03013 ("nbd: use blk_mq_alloc_disk and blk_cleanup_disk") cleans up disk by blk_cleanup_disk() and it won't set disk->private_data as NULL as before. UAF may be triggered
- CVE-2023-52834May 21, 2024affected < 5.14.21-150400.24.122.2.150400.24.58.2fixed 5.14.21-150400.24.122.2.150400.24.58.2
In the Linux kernel, the following vulnerability has been resolved: atl1c: Work around the DMA RX overflow issue This is based on alx driver commit 881d0327db37 ("net: alx: Work around the DMA RX overflow issue"). The alx and atl1c drivers had RX overflow error which was why a
- CVE-2023-52833May 21, 2024affected < 5.14.21-150400.24.122.2.150400.24.58.2fixed 5.14.21-150400.24.122.2.150400.24.58.2
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btusb: Add date->evt_skb is NULL check fix crash because of null pointers [ 6104.969662] BUG: kernel NULL pointer dereference, address: 00000000000000c8 [ 6104.969667] #PF: supervisor read access in
- CVE-2023-52832May 21, 2024affected < 5.14.21-150400.24.122.2.150400.24.58.2fixed 5.14.21-150400.24.122.2.150400.24.58.2
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: don't return unset power in ieee80211_get_tx_power() We can get a UBSAN warning if ieee80211_get_tx_power() returns the INT_MIN value mac80211 internally uses for "unset power level". UBSAN: s
- CVE-2023-52826May 21, 2024affected < 5.14.21-150400.24.122.2.150400.24.58.2fixed 5.14.21-150400.24.122.2.150400.24.58.2
In the Linux kernel, the following vulnerability has been resolved: drm/panel/panel-tpo-tpg110: fix a possible null pointer dereference In tpg110_get_modes(), the return value of drm_mode_duplicate() is assigned to mode, which will lead to a NULL pointer dereference on failure
- CVE-2023-52825May 21, 2024affected < 5.14.21-150400.24.122.2.150400.24.58.2fixed 5.14.21-150400.24.122.2.150400.24.58.2
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix a race condition of vram buffer unref in svm code prange->svm_bo unref can happen in both mmu callback and a callback after migrate to system ram. Both are async call in different tasks. Sync sv
- CVE-2023-52821May 21, 2024affected < 5.14.21-150400.24.122.2.150400.24.58.2fixed 5.14.21-150400.24.122.2.150400.24.58.2
In the Linux kernel, the following vulnerability has been resolved: drm/panel: fix a possible null pointer dereference In versatile_panel_get_modes(), the return value of drm_mode_duplicate() is assigned to mode, which will lead to a NULL pointer dereference on failure of drm_m
- CVE-2023-52819May 21, 2024affected < 5.14.21-150400.24.122.2.150400.24.58.2fixed 5.14.21-150400.24.122.2.150400.24.58.2
In the Linux kernel, the following vulnerability has been resolved: drm/amd: Fix UBSAN array-index-out-of-bounds for Polaris and Tonga For pptable structs that use flexible array sizes, use flexible arrays.
- CVE-2023-52818May 21, 2024affected < 5.14.21-150400.24.122.2.150400.24.58.2fixed 5.14.21-150400.24.122.2.150400.24.58.2
In the Linux kernel, the following vulnerability has been resolved: drm/amd: Fix UBSAN array-index-out-of-bounds for SMU7 For pptable structs that use flexible array sizes, use flexible arrays.
- CVE-2023-52817May 21, 2024affected < 5.14.21-150400.24.122.2.150400.24.58.2fixed 5.14.21-150400.24.122.2.150400.24.58.2
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix a null pointer access when the smc_rreg pointer is NULL In certain types of chips, such as VEGA20, reading the amdgpu_regs_smc file could result in an abnormal null pointer access when the smc_r
- CVE-2023-52816May 21, 2024affected < 5.14.21-150400.24.122.2.150400.24.58.2fixed 5.14.21-150400.24.122.2.150400.24.58.2
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix shift out-of-bounds issue [ 567.613292] shift exponent 255 is too large for 64-bit type 'long unsigned int' [ 567.614498] CPU: 5 PID: 238 Comm: kworker/5:1 Tainted: G OE 6.2.0-3
- CVE-2023-52814May 21, 2024affected < 5.14.21-150400.24.122.2.150400.24.58.2fixed 5.14.21-150400.24.122.2.150400.24.58.2
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix potential null pointer derefernce The amdgpu_ras_get_context may return NULL if device not support ras feature, so add check before using.
- CVE-2023-52811May 21, 2024affected < 5.14.21-150400.24.122.2.150400.24.58.2fixed 5.14.21-150400.24.122.2.150400.24.58.2
In the Linux kernel, the following vulnerability has been resolved: scsi: ibmvfc: Remove BUG_ON in the case of an empty event pool In practice the driver should never send more commands than are allocated to a queue's event pool. In the unlikely event that this happens, the cod
- CVE-2023-52810May 21, 2024affected < 5.14.21-150400.24.122.2.150400.24.58.2fixed 5.14.21-150400.24.122.2.150400.24.58.2
In the Linux kernel, the following vulnerability has been resolved: fs/jfs: Add check for negative db_l2nbperpage l2nbperpage is log2(number of blks per page), and the minimum legal value should be 0, not negative. In the case of l2nbperpage being negative, an error will occur
- CVE-2023-52806May 21, 2024affected < 5.14.21-150400.24.122.2.150400.24.58.2fixed 5.14.21-150400.24.122.2.150400.24.58.2
In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: Fix possible null-ptr-deref when assigning a stream While AudioDSP drivers assign streams exclusively of HOST or LINK type, nothing blocks a user to attempt to assign a COUPLED stream. As supplied su
- CVE-2023-52805May 21, 2024affected < 5.14.21-150400.24.122.2.150400.24.58.2fixed 5.14.21-150400.24.122.2.150400.24.58.2
In the Linux kernel, the following vulnerability has been resolved: jfs: fix array-index-out-of-bounds in diAlloc Currently there is not check against the agno of the iag while allocating new inodes to avoid fragmentation problem. Added the check which is required.
- CVE-2023-52804May 21, 2024affected < 5.14.21-150400.24.122.2.150400.24.58.2fixed 5.14.21-150400.24.122.2.150400.24.58.2
In the Linux kernel, the following vulnerability has been resolved: fs/jfs: Add validity check for db_maxag and db_agpref Both db_maxag and db_agpref are used as the index of the db_agfree array, but there is currently no validity check for db_maxag and db_agpref, which can lea
- CVE-2023-52800May 21, 2024affected < 5.14.21-150400.24.122.2.150400.24.58.2fixed 5.14.21-150400.24.122.2.150400.24.58.2
In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix htt pktlog locking The ath11k active pdevs are protected by RCU but the htt pktlog handling code calling ath11k_mac_get_ar_by_pdev_id() was not marked as a read-side critical section. Mark th
- CVE-2023-52799May 21, 2024affected < 5.14.21-150400.24.122.2.150400.24.58.2fixed 5.14.21-150400.24.122.2.150400.24.58.2
In the Linux kernel, the following vulnerability has been resolved: jfs: fix array-index-out-of-bounds in dbFindLeaf Currently while searching for dmtree_t for sufficient free blocks there is an array out of bounds while getting element in tp->dm_stree. To add the required chec
- CVE-2023-52798May 21, 2024affected < 5.14.21-150400.24.122.2.150400.24.58.2fixed 5.14.21-150400.24.122.2.150400.24.58.2
In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix dfs radar event locking The ath11k active pdevs are protected by RCU but the DFS radar event handling code calling ath11k_mac_get_ar_by_pdev_id() was not marked as a read-side critical section
Page 118 of 151