VYPR

rpm package

suse/kernel-default-base&distro=SUSE Linux Enterprise Micro 5.5

pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Micro%205.5

Vulnerabilities (4,617)

  • CVE-2022-48687May 3, 2024
    affected < 5.14.21-150500.55.62.2.150500.6.27.2fixed 5.14.21-150500.55.62.2.150500.6.27.2

    In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: fix out-of-bounds read when setting HMAC data. The SRv6 layer allows defining HMAC data that can later be used to sign IPv6 Segment Routing Headers. This configuration is realised via netlink through

  • CVE-2022-48686May 3, 2024
    affected < 5.14.21-150500.55.62.2.150500.6.27.2fixed 5.14.21-150500.55.62.2.150500.6.27.2

    In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: fix UAF when detecting digest errors We should also bail from the io_work loop when we set rd_enabled to true, so we don't attempt to read data from the socket when the TCP stream is already out-of-sy

  • CVE-2022-48675May 3, 2024
    affected < 5.14.21-150500.55.62.2.150500.6.27.2fixed 5.14.21-150500.55.62.2.150500.6.27.2

    In the Linux kernel, the following vulnerability has been resolved: IB/core: Fix a nested dead lock as part of ODP flow Fix a nested dead lock as part of ODP flow by using mmput_async(). From the below call trace [1] can see that calling mmput() once we have the umem_odp->umem

  • CVE-2022-48674May 3, 2024
    affected < 5.14.21-150500.55.88.1.150500.6.39.4fixed 5.14.21-150500.55.88.1.150500.6.39.4

    In the Linux kernel, the following vulnerability has been resolved: erofs: fix pcluster use-after-free on UP platforms During stress testing with CONFIG_SMP disabled, KASAN reports as below: ================================================================== BUG: KASAN: use-aft

  • CVE-2022-48673May 3, 2024
    affected < 5.14.21-150500.55.62.2.150500.6.27.2fixed 5.14.21-150500.55.62.2.150500.6.27.2

    In the Linux kernel, the following vulnerability has been resolved: net/smc: Fix possible access to freed memory in link clear After modifying the QP to the Error state, all RX WR would be completed with WC in IB_WC_WR_FLUSH_ERR status. Current implementation does not wait for

  • CVE-2022-48672May 3, 2024
    affected < 5.14.21-150500.55.62.2.150500.6.27.2fixed 5.14.21-150500.55.62.2.150500.6.27.2

    In the Linux kernel, the following vulnerability has been resolved: of: fdt: fix off-by-one error in unflatten_dt_nodes() Commit 78c44d910d3e ("drivers/of: Fix depth when unflattening devicetree") forgot to fix up the depth check in the loop body in unflatten_dt_nodes() which m

  • CVE-2022-48671May 3, 2024
    affected < 5.14.21-150500.55.62.2.150500.6.27.2fixed 5.14.21-150500.55.62.2.150500.6.27.2

    In the Linux kernel, the following vulnerability has been resolved: cgroup: Add missing cpus_read_lock() to cgroup_attach_task_all() syzbot is hitting percpu_rwsem_assert_held(&cpu_hotplug_lock) warning at cpuset_attach() [1], for commit 4f7e7236435ca0ab ("cgroup: Fix threadgro

  • CVE-2024-27078MedMay 1, 2024
    affected < 5.14.21-150500.55.68.1.150500.6.31.1fixed 5.14.21-150500.55.68.1.150500.6.31.1

    In the Linux kernel, the following vulnerability has been resolved: media: v4l2-tpg: fix some memleaks in tpg_alloc In tpg_alloc, resources should be deallocated in each and every error-handling paths, since they are allocated in for statements. Otherwise there would be memleak

  • CVE-2024-27077MedMay 1, 2024
    affected < 5.14.21-150500.55.68.1.150500.6.31.1fixed 5.14.21-150500.55.68.1.150500.6.31.1

    In the Linux kernel, the following vulnerability has been resolved: media: v4l2-mem2mem: fix a memleak in v4l2_m2m_register_entity The entity->name (i.e. name) is allocated in v4l2_m2m_register_entity but isn't freed in its following error-handling paths. This patch adds such d

  • CVE-2024-27076MedMay 1, 2024
    affected < 5.14.21-150500.55.68.1.150500.6.31.1fixed 5.14.21-150500.55.68.1.150500.6.31.1

    In the Linux kernel, the following vulnerability has been resolved: media: imx: csc/scaler: fix v4l2_ctrl_handler memory leak Free the memory allocated in v4l2_ctrl_handler_init on release.

  • CVE-2024-27072MedMay 1, 2024
    affected < 5.14.21-150500.55.68.1.150500.6.31.1fixed 5.14.21-150500.55.68.1.150500.6.31.1

    In the Linux kernel, the following vulnerability has been resolved: media: usbtv: Remove useless locks in usbtv_video_free() Remove locks calls in usbtv_video_free() because are useless and may led to a deadlock as reported here: https://syzkaller.appspot.com/x/bisect.txt?x=166

  • CVE-2024-27065HigMay 1, 2024
    affected < 5.14.21-150500.55.73.1.150500.6.33.8fixed 5.14.21-150500.55.73.1.150500.6.33.8

    In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: do not compare internal table flags on updates Restore skipping transaction if table update does not modify flags.

  • CVE-2024-27059MedMay 1, 2024
    affected < 5.14.21-150500.55.68.1.150500.6.31.1fixed 5.14.21-150500.55.68.1.150500.6.31.1

    In the Linux kernel, the following vulnerability has been resolved: USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command The isd200 sub-driver in usb-storage uses the HEADS and SECTORS values in the ATA ID information to calculate cylinder and head values when crea

  • CVE-2024-27053CriMay 1, 2024
    affected < 5.14.21-150500.55.68.1.150500.6.31.1fixed 5.14.21-150500.55.68.1.150500.6.31.1

    In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: fix RCU usage in connect path With lockdep enabled, calls to the connect function from cfg802.11 layer lead to the following warning: ============================= WARNING: suspicious RCU usage

  • CVE-2024-27052HigMay 1, 2024
    affected < 5.14.21-150500.55.68.1.150500.6.31.1fixed 5.14.21-150500.55.68.1.150500.6.31.1

    In the Linux kernel, the following vulnerability has been resolved: wifi: rtl8xxxu: add cancel_work_sync() for c2hcmd_work The workqueue might still be running, when the driver is stopped. To avoid a use-after-free, call cancel_work_sync() in rtl8xxxu_stop().

  • CVE-2024-27047MedMay 1, 2024
    affected < 5.14.21-150500.55.68.1.150500.6.31.1fixed 5.14.21-150500.55.68.1.150500.6.31.1

    In the Linux kernel, the following vulnerability has been resolved: net: phy: fix phy_get_internal_delay accessing an empty array The phy_get_internal_delay function could try to access to an empty array in the case that the driver is calling phy_get_internal_delay without defi

  • CVE-2024-27038MedMay 1, 2024
    affected < 5.14.21-150500.55.62.2.150500.6.27.2fixed 5.14.21-150500.55.62.2.150500.6.27.2

    In the Linux kernel, the following vulnerability has been resolved: clk: Fix clk_core_get NULL dereference It is possible for clk_core_get to dereference a NULL in the following sequence: clk_core_get() of_clk_get_hw_from_clkspec() __of_clk_get_hw_from_provider()

  • CVE-2024-27025MedMay 1, 2024
    affected < 5.14.21-150500.55.73.1.150500.6.33.8fixed 5.14.21-150500.55.73.1.150500.6.33.8

    In the Linux kernel, the following vulnerability has been resolved: nbd: null check for nla_nest_start nla_nest_start() may fail and return NULL. Insert a check and set errno based on other call sites within the same source code.

  • CVE-2024-27024HigMay 1, 2024
    affected < 5.14.21-150500.55.80.2.150500.6.35.6fixed 5.14.21-150500.55.80.2.150500.6.35.6

    In the Linux kernel, the following vulnerability has been resolved: net/rds: fix WARNING in rds_conn_connect_if_down If connection isn't established yet, get_mr() will fail, trigger connection after get_mr().

  • CVE-2024-27389May 1, 2024
    affected < 5.14.21-150500.55.62.2.150500.6.27.2fixed 5.14.21-150500.55.62.2.150500.6.27.2

    In the Linux kernel, the following vulnerability has been resolved: pstore: inode: Only d_invalidate() is needed Unloading a modular pstore backend with records in pstorefs would trigger the dput() double-drop warning: WARNING: CPU: 0 PID: 2569 at fs/dcache.c:762 dput.part.0

Page 198 of 231