rpm package
suse/kernel-default-base&distro=SUSE Linux Enterprise Server 15 SP4-LTSS
pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSS
Vulnerabilities (2,843)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-49536 | — | < 5.14.21-150400.24.158.1.150400.24.78.1 | 5.14.21-150400.24.158.1.150400.24.78.1 | Feb 26, 2025 | In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix SCSI I/O completion and abort handler deadlock During stress I/O tests with 500+ vports, hard LOCKUP call traces are observed. CPU A: native_queued_spin_lock_slowpath+0x192 _raw_spin_lock_irq | ||
| CVE-2022-49535 | — | < 5.14.21-150400.24.158.1.150400.24.78.1 | 5.14.21-150400.24.158.1.150400.24.78.1 | Feb 26, 2025 | In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix null pointer dereference after failing to issue FLOGI and PLOGI If lpfc_issue_els_flogi() fails and returns non-zero status, the node reference count is decremented to trigger the release of the | ||
| CVE-2022-49534 | — | < 5.14.21-150400.24.158.1.150400.24.78.1 | 5.14.21-150400.24.158.1.150400.24.78.1 | Feb 26, 2025 | In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Protect memory leak for NPIV ports sending PLOGI_RJT There is a potential memory leak in lpfc_ignore_els_cmpl() and lpfc_els_rsp_reject() that was allocated from NPIV PLOGI_RJT (lpfc_rcv_plogi()'s l | ||
| CVE-2022-49532 | — | < 5.14.21-150400.24.158.1.150400.24.78.1 | 5.14.21-150400.24.158.1.150400.24.78.1 | Feb 26, 2025 | In the Linux kernel, the following vulnerability has been resolved: drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes drm_cvt_mode may return NULL and we should check it. This bug is found by syzkaller: FAULT_INJECTION stacktrace: [ 168.567394] FAULT_INJE | ||
| CVE-2022-49527 | — | < 5.14.21-150400.24.158.1.150400.24.78.1 | 5.14.21-150400.24.158.1.150400.24.78.1 | Feb 26, 2025 | In the Linux kernel, the following vulnerability has been resolved: media: venus: hfi: avoid null dereference in deinit If venus_probe fails at pm_runtime_put_sync the error handling first calls hfi_destroy and afterwards hfi_core_deinit. As hfi_destroy sets core->ops to NULL, | ||
| CVE-2022-49526 | — | < 5.14.21-150400.24.158.1.150400.24.78.1 | 5.14.21-150400.24.158.1.150400.24.78.1 | Feb 26, 2025 | In the Linux kernel, the following vulnerability has been resolved: md/bitmap: don't set sb values if can't pass sanity check If bitmap area contains invalid data, kernel will crash then mdadm triggers "Segmentation fault". This is cluster-md speical bug. In non-clustered env, | ||
| CVE-2022-49525 | — | < 5.14.21-150400.24.158.1.150400.24.78.1 | 5.14.21-150400.24.158.1.150400.24.78.1 | Feb 26, 2025 | In the Linux kernel, the following vulnerability has been resolved: media: cx25821: Fix the warning when removing the module When removing the module, we will get the following warning: [ 14.746697] remove_proc_entry: removing non-empty directory 'irq/21', leaking at least ' | ||
| CVE-2022-49524 | — | < 5.14.21-150400.24.158.1.150400.24.78.1 | 5.14.21-150400.24.158.1.150400.24.78.1 | Feb 26, 2025 | In the Linux kernel, the following vulnerability has been resolved: media: pci: cx23885: Fix the error handling in cx23885_initdev() When the driver fails to call the dma_set_mask(), the driver will get the following splat: [ 55.853884] BUG: KASAN: use-after-free in __proces | ||
| CVE-2022-49523 | — | < 5.14.21-150400.24.158.1.150400.24.78.1 | 5.14.21-150400.24.158.1.150400.24.78.1 | Feb 26, 2025 | In the Linux kernel, the following vulnerability has been resolved: ath11k: disable spectral scan during spectral deinit When ath11k modules are removed using rmmod with spectral scan enabled, crash is observed. Different crash trace is observed for each crash. Send spectral s | ||
| CVE-2022-49522 | — | < 5.14.21-150400.24.158.1.150400.24.78.1 | 5.14.21-150400.24.158.1.150400.24.78.1 | Feb 26, 2025 | In the Linux kernel, the following vulnerability has been resolved: mmc: jz4740: Apply DMA engine limits to maximum segment size Do what is done in other DMA-enabled MMC host drivers (cf. host/mmci.c) and limit the maximum segment size based on the DMA engine's capabilities. Th | ||
| CVE-2022-49521 | — | < 5.14.21-150400.24.158.1.150400.24.78.1 | 5.14.21-150400.24.158.1.150400.24.78.1 | Feb 26, 2025 | In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix resource leak in lpfc_sli4_send_seq_to_ulp() If no handler is found in lpfc_complete_unsol_iocb() to match the rctl of a received frame, the frame is dropped and resources are leaked. Fix by re | ||
| CVE-2022-49520 | — | < 5.14.21-150400.24.158.1.150400.24.78.1 | 5.14.21-150400.24.158.1.150400.24.78.1 | Feb 26, 2025 | In the Linux kernel, the following vulnerability has been resolved: arm64: compat: Do not treat syscall number as ESR_ELx for a bad syscall If a compat process tries to execute an unknown system call above the __ARM_NR_COMPAT_END number, the kernel sends a SIGILL signal to the | ||
| CVE-2022-49519 | — | < 5.14.21-150400.24.158.1.150400.24.78.1 | 5.14.21-150400.24.158.1.150400.24.78.1 | Feb 26, 2025 | In the Linux kernel, the following vulnerability has been resolved: ath10k: skip ath10k_halt during suspend for driver state RESTARTING Double free crash is observed when FW recovery(caused by wmi timeout/crash) is followed by immediate suspend event. The FW recovery is trigger | ||
| CVE-2022-49517 | — | < 5.14.21-150400.24.158.1.150400.24.78.1 | 5.14.21-150400.24.158.1.150400.24.78.1 | Feb 26, 2025 | In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: Fix missing of_node_put in mt2701_wm8960_machine_probe This node pointer is returned by of_parse_phandle() with refcount incremented in this function. Calling of_node_put() to avoid the refcount | ||
| CVE-2022-49515 | — | < 5.14.21-150400.24.158.1.150400.24.78.1 | 5.14.21-150400.24.158.1.150400.24.78.1 | Feb 26, 2025 | In the Linux kernel, the following vulnerability has been resolved: ASoC: cs35l41: Fix an out-of-bounds access in otp_packed_element_t The CS35L41_NUM_OTP_ELEM is 100, but only 99 entries are defined in the array otp_map_1/2[CS35L41_NUM_OTP_ELEM], this will trigger UBSAN to rep | ||
| CVE-2022-49514 | — | < 5.14.21-150400.24.158.1.150400.24.78.1 | 5.14.21-150400.24.158.1.150400.24.78.1 | Feb 26, 2025 | In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe Call of_node_put(platform_node) to avoid refcount leak in the error path. | ||
| CVE-2022-49512 | — | < 5.14.21-150400.24.158.1.150400.24.78.1 | 5.14.21-150400.24.158.1.150400.24.78.1 | Feb 26, 2025 | In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: denali: Use managed device resources All of the resources used by this driver has managed interfaces, so use them. Otherwise we will get the following splat: [ 4.472703] denali-nand-pci 0000:0 | ||
| CVE-2022-49509 | — | < 5.14.21-150400.24.158.1.150400.24.78.1 | 5.14.21-150400.24.158.1.150400.24.78.1 | Feb 26, 2025 | In the Linux kernel, the following vulnerability has been resolved: media: i2c: max9286: fix kernel oops when removing module When removing the max9286 module we get a kernel oops: Unable to handle kernel paging request at virtual address 000000aa00000094 Mem abort info: ESR | ||
| CVE-2022-49508 | — | < 5.14.21-150400.24.158.1.150400.24.78.1 | 5.14.21-150400.24.158.1.150400.24.78.1 | Feb 26, 2025 | In the Linux kernel, the following vulnerability has been resolved: HID: elan: Fix potential double free in elan_input_configured 'input' is a managed resource allocated with devm_input_allocate_device(), so there is no need to call input_free_device() explicitly or there will | ||
| CVE-2022-49507 | — | < 5.14.21-150400.24.158.1.150400.24.78.1 | 5.14.21-150400.24.158.1.150400.24.78.1 | Feb 26, 2025 | In the Linux kernel, the following vulnerability has been resolved: regulator: da9121: Fix uninit-value in da9121_assign_chip_model() KASAN report slab-out-of-bounds in __regmap_init as follows: BUG: KASAN: slab-out-of-bounds in __regmap_init drivers/base/regmap/regmap.c:841 R |
- CVE-2022-49536Feb 26, 2025affected < 5.14.21-150400.24.158.1.150400.24.78.1fixed 5.14.21-150400.24.158.1.150400.24.78.1
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix SCSI I/O completion and abort handler deadlock During stress I/O tests with 500+ vports, hard LOCKUP call traces are observed. CPU A: native_queued_spin_lock_slowpath+0x192 _raw_spin_lock_irq
- CVE-2022-49535Feb 26, 2025affected < 5.14.21-150400.24.158.1.150400.24.78.1fixed 5.14.21-150400.24.158.1.150400.24.78.1
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix null pointer dereference after failing to issue FLOGI and PLOGI If lpfc_issue_els_flogi() fails and returns non-zero status, the node reference count is decremented to trigger the release of the
- CVE-2022-49534Feb 26, 2025affected < 5.14.21-150400.24.158.1.150400.24.78.1fixed 5.14.21-150400.24.158.1.150400.24.78.1
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Protect memory leak for NPIV ports sending PLOGI_RJT There is a potential memory leak in lpfc_ignore_els_cmpl() and lpfc_els_rsp_reject() that was allocated from NPIV PLOGI_RJT (lpfc_rcv_plogi()'s l
- CVE-2022-49532Feb 26, 2025affected < 5.14.21-150400.24.158.1.150400.24.78.1fixed 5.14.21-150400.24.158.1.150400.24.78.1
In the Linux kernel, the following vulnerability has been resolved: drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes drm_cvt_mode may return NULL and we should check it. This bug is found by syzkaller: FAULT_INJECTION stacktrace: [ 168.567394] FAULT_INJE
- CVE-2022-49527Feb 26, 2025affected < 5.14.21-150400.24.158.1.150400.24.78.1fixed 5.14.21-150400.24.158.1.150400.24.78.1
In the Linux kernel, the following vulnerability has been resolved: media: venus: hfi: avoid null dereference in deinit If venus_probe fails at pm_runtime_put_sync the error handling first calls hfi_destroy and afterwards hfi_core_deinit. As hfi_destroy sets core->ops to NULL,
- CVE-2022-49526Feb 26, 2025affected < 5.14.21-150400.24.158.1.150400.24.78.1fixed 5.14.21-150400.24.158.1.150400.24.78.1
In the Linux kernel, the following vulnerability has been resolved: md/bitmap: don't set sb values if can't pass sanity check If bitmap area contains invalid data, kernel will crash then mdadm triggers "Segmentation fault". This is cluster-md speical bug. In non-clustered env,
- CVE-2022-49525Feb 26, 2025affected < 5.14.21-150400.24.158.1.150400.24.78.1fixed 5.14.21-150400.24.158.1.150400.24.78.1
In the Linux kernel, the following vulnerability has been resolved: media: cx25821: Fix the warning when removing the module When removing the module, we will get the following warning: [ 14.746697] remove_proc_entry: removing non-empty directory 'irq/21', leaking at least '
- CVE-2022-49524Feb 26, 2025affected < 5.14.21-150400.24.158.1.150400.24.78.1fixed 5.14.21-150400.24.158.1.150400.24.78.1
In the Linux kernel, the following vulnerability has been resolved: media: pci: cx23885: Fix the error handling in cx23885_initdev() When the driver fails to call the dma_set_mask(), the driver will get the following splat: [ 55.853884] BUG: KASAN: use-after-free in __proces
- CVE-2022-49523Feb 26, 2025affected < 5.14.21-150400.24.158.1.150400.24.78.1fixed 5.14.21-150400.24.158.1.150400.24.78.1
In the Linux kernel, the following vulnerability has been resolved: ath11k: disable spectral scan during spectral deinit When ath11k modules are removed using rmmod with spectral scan enabled, crash is observed. Different crash trace is observed for each crash. Send spectral s
- CVE-2022-49522Feb 26, 2025affected < 5.14.21-150400.24.158.1.150400.24.78.1fixed 5.14.21-150400.24.158.1.150400.24.78.1
In the Linux kernel, the following vulnerability has been resolved: mmc: jz4740: Apply DMA engine limits to maximum segment size Do what is done in other DMA-enabled MMC host drivers (cf. host/mmci.c) and limit the maximum segment size based on the DMA engine's capabilities. Th
- CVE-2022-49521Feb 26, 2025affected < 5.14.21-150400.24.158.1.150400.24.78.1fixed 5.14.21-150400.24.158.1.150400.24.78.1
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix resource leak in lpfc_sli4_send_seq_to_ulp() If no handler is found in lpfc_complete_unsol_iocb() to match the rctl of a received frame, the frame is dropped and resources are leaked. Fix by re
- CVE-2022-49520Feb 26, 2025affected < 5.14.21-150400.24.158.1.150400.24.78.1fixed 5.14.21-150400.24.158.1.150400.24.78.1
In the Linux kernel, the following vulnerability has been resolved: arm64: compat: Do not treat syscall number as ESR_ELx for a bad syscall If a compat process tries to execute an unknown system call above the __ARM_NR_COMPAT_END number, the kernel sends a SIGILL signal to the
- CVE-2022-49519Feb 26, 2025affected < 5.14.21-150400.24.158.1.150400.24.78.1fixed 5.14.21-150400.24.158.1.150400.24.78.1
In the Linux kernel, the following vulnerability has been resolved: ath10k: skip ath10k_halt during suspend for driver state RESTARTING Double free crash is observed when FW recovery(caused by wmi timeout/crash) is followed by immediate suspend event. The FW recovery is trigger
- CVE-2022-49517Feb 26, 2025affected < 5.14.21-150400.24.158.1.150400.24.78.1fixed 5.14.21-150400.24.158.1.150400.24.78.1
In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: Fix missing of_node_put in mt2701_wm8960_machine_probe This node pointer is returned by of_parse_phandle() with refcount incremented in this function. Calling of_node_put() to avoid the refcount
- CVE-2022-49515Feb 26, 2025affected < 5.14.21-150400.24.158.1.150400.24.78.1fixed 5.14.21-150400.24.158.1.150400.24.78.1
In the Linux kernel, the following vulnerability has been resolved: ASoC: cs35l41: Fix an out-of-bounds access in otp_packed_element_t The CS35L41_NUM_OTP_ELEM is 100, but only 99 entries are defined in the array otp_map_1/2[CS35L41_NUM_OTP_ELEM], this will trigger UBSAN to rep
- CVE-2022-49514Feb 26, 2025affected < 5.14.21-150400.24.158.1.150400.24.78.1fixed 5.14.21-150400.24.158.1.150400.24.78.1
In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe Call of_node_put(platform_node) to avoid refcount leak in the error path.
- CVE-2022-49512Feb 26, 2025affected < 5.14.21-150400.24.158.1.150400.24.78.1fixed 5.14.21-150400.24.158.1.150400.24.78.1
In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: denali: Use managed device resources All of the resources used by this driver has managed interfaces, so use them. Otherwise we will get the following splat: [ 4.472703] denali-nand-pci 0000:0
- CVE-2022-49509Feb 26, 2025affected < 5.14.21-150400.24.158.1.150400.24.78.1fixed 5.14.21-150400.24.158.1.150400.24.78.1
In the Linux kernel, the following vulnerability has been resolved: media: i2c: max9286: fix kernel oops when removing module When removing the max9286 module we get a kernel oops: Unable to handle kernel paging request at virtual address 000000aa00000094 Mem abort info: ESR
- CVE-2022-49508Feb 26, 2025affected < 5.14.21-150400.24.158.1.150400.24.78.1fixed 5.14.21-150400.24.158.1.150400.24.78.1
In the Linux kernel, the following vulnerability has been resolved: HID: elan: Fix potential double free in elan_input_configured 'input' is a managed resource allocated with devm_input_allocate_device(), so there is no need to call input_free_device() explicitly or there will
- CVE-2022-49507Feb 26, 2025affected < 5.14.21-150400.24.158.1.150400.24.78.1fixed 5.14.21-150400.24.158.1.150400.24.78.1
In the Linux kernel, the following vulnerability has been resolved: regulator: da9121: Fix uninit-value in da9121_assign_chip_model() KASAN report slab-out-of-bounds in __regmap_init as follows: BUG: KASAN: slab-out-of-bounds in __regmap_init drivers/base/regmap/regmap.c:841 R
Page 72 of 143