rpm package
suse/kernel-default-base&distro=SUSE Manager Proxy 4.3
pkg:rpm/suse/kernel-default-base&distro=SUSE%20Manager%20Proxy%204.3
Vulnerabilities (1,907)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-53066 | — | < 5.14.21-150400.24.167.1.150400.24.84.1 | 5.14.21-150400.24.167.1.150400.24.84.1 | May 2, 2025 | In the Linux kernel, the following vulnerability has been resolved: qed/qed_sriov: guard against NULL derefs from qed_iov_get_vf_info We have to make sure that the info returned by the helper is valid before using it. Found by Linux Verification Center (linuxtesting.org) with | ||
| CVE-2023-53065 | — | < 5.14.21-150400.24.167.1.150400.24.84.1 | 5.14.21-150400.24.167.1.150400.24.84.1 | May 2, 2025 | In the Linux kernel, the following vulnerability has been resolved: perf/core: Fix perf_output_begin parameter is incorrectly invoked in perf_event_bpf_output syzkaller reportes a KASAN issue with stack-out-of-bounds. The call trace is as follows: dump_stack+0x9c/0xd3 print | ||
| CVE-2023-53064 | — | < 5.14.21-150400.24.167.1.150400.24.84.1 | 5.14.21-150400.24.167.1.150400.24.84.1 | May 2, 2025 | In the Linux kernel, the following vulnerability has been resolved: iavf: fix hang on reboot with ice When a system with E810 with existing VFs gets rebooted the following hang may be observed. Pid 1 is hung in iavf_remove(), part of a network driver: PID: 1 TASK: fff | ||
| CVE-2023-53062 | — | < 5.14.21-150400.24.167.1.150400.24.84.1 | 5.14.21-150400.24.167.1.150400.24.84.1 | May 2, 2025 | In the Linux kernel, the following vulnerability has been resolved: net: usb: smsc95xx: Limit packet length to skb->len Packet length retrieved from descriptor may be larger than the actual socket buffer length. In such case the cloned skb passed up the network stack will leak | ||
| CVE-2023-53060 | — | < 5.14.21-150400.24.167.1.150400.24.84.1 | 5.14.21-150400.24.167.1.150400.24.84.1 | May 2, 2025 | In the Linux kernel, the following vulnerability has been resolved: igb: revert rtnl_lock() that causes deadlock The commit 6faee3d4ee8b ("igb: Add lock to avoid data race") adds rtnl_lock to eliminate a false data race shown below (FREE from device detaching) | (USE f | ||
| CVE-2023-53059 | — | < 5.14.21-150400.24.167.1.150400.24.84.1 | 5.14.21-150400.24.167.1.150400.24.84.1 | May 2, 2025 | In the Linux kernel, the following vulnerability has been resolved: platform/chrome: cros_ec_chardev: fix kernel data leak from ioctl It is possible to peep kernel page's data by providing larger `insize` in struct cros_ec_command[1] when invoking EC host commands. Fix it by u | ||
| CVE-2023-53058 | — | < 5.14.21-150400.24.167.1.150400.24.84.1 | 5.14.21-150400.24.167.1.150400.24.84.1 | May 2, 2025 | In the Linux kernel, the following vulnerability has been resolved: net/mlx5: E-Switch, Fix an Oops in error handling code The error handling dereferences "vport". There is nothing we can do if it is an error pointer except returning the error code. | ||
| CVE-2023-53056 | — | < 5.14.21-150400.24.167.1.150400.24.84.1 | 5.14.21-150400.24.167.1.150400.24.84.1 | May 2, 2025 | In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Synchronize the IOCB count to be in order A system hang was observed with the following call trace: BUG: kernel NULL pointer dereference, address: 0000000000000000 PGD 0 P4D 0 Oops: 0000 [#1] PR | ||
| CVE-2023-53054 | — | < 5.14.21-150400.24.167.1.150400.24.84.1 | 5.14.21-150400.24.167.1.150400.24.84.1 | May 2, 2025 | In the Linux kernel, the following vulnerability has been resolved: usb: dwc2: fix a devres leak in hw_enable upon suspend resume Each time the platform goes to low power, PM suspend / resume routines call: __dwc2_lowlevel_hw_enable -> devm_add_action_or_reset(). This adds a ne | ||
| CVE-2023-53052 | — | < 5.14.21-150400.24.167.1.150400.24.84.1 | 5.14.21-150400.24.167.1.150400.24.84.1 | May 2, 2025 | In the Linux kernel, the following vulnerability has been resolved: cifs: fix use-after-free bug in refresh_cache_worker() The UAF bug occurred because we were putting DFS root sessions in cifs_umount() while DFS cache refresher was being executed. Make DFS root sessions have | ||
| CVE-2023-53051 | — | < 5.14.21-150400.24.167.1.150400.24.84.1 | 5.14.21-150400.24.167.1.150400.24.84.1 | May 2, 2025 | In the Linux kernel, the following vulnerability has been resolved: dm crypt: add cond_resched() to dmcrypt_write() The loop in dmcrypt_write may be running for unbounded amount of time, thus we need cond_resched() in it. This commit fixes the following warning: [ 3391.153255 | ||
| CVE-2023-53049 | — | < 5.14.21-150400.24.167.1.150400.24.84.1 | 5.14.21-150400.24.167.1.150400.24.84.1 | May 2, 2025 | In the Linux kernel, the following vulnerability has been resolved: usb: ucsi: Fix NULL pointer deref in ucsi_connector_change() When ucsi_init() fails, ucsi->connector is NULL, yet in case of ucsi_acpi we may still get events which cause the ucs_acpi code to call ucsi_connecto | ||
| CVE-2023-53048 | — | < 5.14.21-150400.24.170.2.150400.24.86.2 | 5.14.21-150400.24.170.2.150400.24.86.2 | May 2, 2025 | In the Linux kernel, the following vulnerability has been resolved: usb: typec: tcpm: fix warning when handle discover_identity message Since both source and sink device can send discover_identity message in PD3, kernel may dump below warning: ------------[ cut here ]--------- | ||
| CVE-2023-53045 | — | < 5.14.21-150400.24.167.1.150400.24.84.1 | 5.14.21-150400.24.167.1.150400.24.84.1 | May 2, 2025 | In the Linux kernel, the following vulnerability has been resolved: usb: gadget: u_audio: don't let userspace block driver unbind In the unbind callback for f_uac1 and f_uac2, a call to snd_card_free() via g_audio_cleanup() will disconnect the card and then wait for all resourc | ||
| CVE-2023-53044 | — | < 5.14.21-150400.24.167.1.150400.24.84.1 | 5.14.21-150400.24.167.1.150400.24.84.1 | May 2, 2025 | In the Linux kernel, the following vulnerability has been resolved: dm stats: check for and propagate alloc_percpu failure Check alloc_precpu()'s return value and return an error from dm_stats_init() if it fails. Update alloc_dev() to fail if dm_stats_init() does. Otherwise, a | ||
| CVE-2023-53041 | — | < 5.14.21-150400.24.167.1.150400.24.84.1 | 5.14.21-150400.24.167.1.150400.24.84.1 | May 2, 2025 | In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Perform lockless command completion in abort path While adding and removing the controller, the following call trace was observed: WARNING: CPU: 3 PID: 623596 at kernel/dma/mapping.c:532 dma_fre | ||
| CVE-2023-53040 | — | < 5.14.21-150400.24.167.1.150400.24.84.1 | 5.14.21-150400.24.167.1.150400.24.84.1 | May 2, 2025 | In the Linux kernel, the following vulnerability has been resolved: ca8210: fix mac_len negative array access This patch fixes a buffer overflow access of skb->data if ieee802154_hdr_peek_addrs() fails. | ||
| CVE-2023-53039 | — | < 5.14.21-150400.24.167.1.150400.24.84.1 | 5.14.21-150400.24.167.1.150400.24.84.1 | May 2, 2025 | In the Linux kernel, the following vulnerability has been resolved: HID: intel-ish-hid: ipc: Fix potential use-after-free in work function When a reset notify IPC message is received, the ISR schedules a work function and passes the ISHTP device to it via a global pointer ishtp | ||
| CVE-2023-53038 | — | < 5.14.21-150400.24.167.1.150400.24.84.1 | 5.14.21-150400.24.167.1.150400.24.84.1 | May 2, 2025 | In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Check kzalloc() in lpfc_sli4_cgn_params_read() If kzalloc() fails in lpfc_sli4_cgn_params_read(), then we rely on lpfc_read_object()'s routine to NULL check pdata. Currently, an early return error | ||
| CVE-2023-53035 | — | < 5.14.21-150400.24.167.1.150400.24.84.1 | 5.14.21-150400.24.167.1.150400.24.84.1 | May 2, 2025 | In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix kernel-infoleak in nilfs_ioctl_wrap_copy() The ioctl helper function nilfs_ioctl_wrap_copy(), which exchanges a metadata array to/from user space, may copy uninitialized buffer regions to user space |
- CVE-2023-53066May 2, 2025affected < 5.14.21-150400.24.167.1.150400.24.84.1fixed 5.14.21-150400.24.167.1.150400.24.84.1
In the Linux kernel, the following vulnerability has been resolved: qed/qed_sriov: guard against NULL derefs from qed_iov_get_vf_info We have to make sure that the info returned by the helper is valid before using it. Found by Linux Verification Center (linuxtesting.org) with
- CVE-2023-53065May 2, 2025affected < 5.14.21-150400.24.167.1.150400.24.84.1fixed 5.14.21-150400.24.167.1.150400.24.84.1
In the Linux kernel, the following vulnerability has been resolved: perf/core: Fix perf_output_begin parameter is incorrectly invoked in perf_event_bpf_output syzkaller reportes a KASAN issue with stack-out-of-bounds. The call trace is as follows: dump_stack+0x9c/0xd3 print
- CVE-2023-53064May 2, 2025affected < 5.14.21-150400.24.167.1.150400.24.84.1fixed 5.14.21-150400.24.167.1.150400.24.84.1
In the Linux kernel, the following vulnerability has been resolved: iavf: fix hang on reboot with ice When a system with E810 with existing VFs gets rebooted the following hang may be observed. Pid 1 is hung in iavf_remove(), part of a network driver: PID: 1 TASK: fff
- CVE-2023-53062May 2, 2025affected < 5.14.21-150400.24.167.1.150400.24.84.1fixed 5.14.21-150400.24.167.1.150400.24.84.1
In the Linux kernel, the following vulnerability has been resolved: net: usb: smsc95xx: Limit packet length to skb->len Packet length retrieved from descriptor may be larger than the actual socket buffer length. In such case the cloned skb passed up the network stack will leak
- CVE-2023-53060May 2, 2025affected < 5.14.21-150400.24.167.1.150400.24.84.1fixed 5.14.21-150400.24.167.1.150400.24.84.1
In the Linux kernel, the following vulnerability has been resolved: igb: revert rtnl_lock() that causes deadlock The commit 6faee3d4ee8b ("igb: Add lock to avoid data race") adds rtnl_lock to eliminate a false data race shown below (FREE from device detaching) | (USE f
- CVE-2023-53059May 2, 2025affected < 5.14.21-150400.24.167.1.150400.24.84.1fixed 5.14.21-150400.24.167.1.150400.24.84.1
In the Linux kernel, the following vulnerability has been resolved: platform/chrome: cros_ec_chardev: fix kernel data leak from ioctl It is possible to peep kernel page's data by providing larger `insize` in struct cros_ec_command[1] when invoking EC host commands. Fix it by u
- CVE-2023-53058May 2, 2025affected < 5.14.21-150400.24.167.1.150400.24.84.1fixed 5.14.21-150400.24.167.1.150400.24.84.1
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: E-Switch, Fix an Oops in error handling code The error handling dereferences "vport". There is nothing we can do if it is an error pointer except returning the error code.
- CVE-2023-53056May 2, 2025affected < 5.14.21-150400.24.167.1.150400.24.84.1fixed 5.14.21-150400.24.167.1.150400.24.84.1
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Synchronize the IOCB count to be in order A system hang was observed with the following call trace: BUG: kernel NULL pointer dereference, address: 0000000000000000 PGD 0 P4D 0 Oops: 0000 [#1] PR
- CVE-2023-53054May 2, 2025affected < 5.14.21-150400.24.167.1.150400.24.84.1fixed 5.14.21-150400.24.167.1.150400.24.84.1
In the Linux kernel, the following vulnerability has been resolved: usb: dwc2: fix a devres leak in hw_enable upon suspend resume Each time the platform goes to low power, PM suspend / resume routines call: __dwc2_lowlevel_hw_enable -> devm_add_action_or_reset(). This adds a ne
- CVE-2023-53052May 2, 2025affected < 5.14.21-150400.24.167.1.150400.24.84.1fixed 5.14.21-150400.24.167.1.150400.24.84.1
In the Linux kernel, the following vulnerability has been resolved: cifs: fix use-after-free bug in refresh_cache_worker() The UAF bug occurred because we were putting DFS root sessions in cifs_umount() while DFS cache refresher was being executed. Make DFS root sessions have
- CVE-2023-53051May 2, 2025affected < 5.14.21-150400.24.167.1.150400.24.84.1fixed 5.14.21-150400.24.167.1.150400.24.84.1
In the Linux kernel, the following vulnerability has been resolved: dm crypt: add cond_resched() to dmcrypt_write() The loop in dmcrypt_write may be running for unbounded amount of time, thus we need cond_resched() in it. This commit fixes the following warning: [ 3391.153255
- CVE-2023-53049May 2, 2025affected < 5.14.21-150400.24.167.1.150400.24.84.1fixed 5.14.21-150400.24.167.1.150400.24.84.1
In the Linux kernel, the following vulnerability has been resolved: usb: ucsi: Fix NULL pointer deref in ucsi_connector_change() When ucsi_init() fails, ucsi->connector is NULL, yet in case of ucsi_acpi we may still get events which cause the ucs_acpi code to call ucsi_connecto
- CVE-2023-53048May 2, 2025affected < 5.14.21-150400.24.170.2.150400.24.86.2fixed 5.14.21-150400.24.170.2.150400.24.86.2
In the Linux kernel, the following vulnerability has been resolved: usb: typec: tcpm: fix warning when handle discover_identity message Since both source and sink device can send discover_identity message in PD3, kernel may dump below warning: ------------[ cut here ]---------
- CVE-2023-53045May 2, 2025affected < 5.14.21-150400.24.167.1.150400.24.84.1fixed 5.14.21-150400.24.167.1.150400.24.84.1
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: u_audio: don't let userspace block driver unbind In the unbind callback for f_uac1 and f_uac2, a call to snd_card_free() via g_audio_cleanup() will disconnect the card and then wait for all resourc
- CVE-2023-53044May 2, 2025affected < 5.14.21-150400.24.167.1.150400.24.84.1fixed 5.14.21-150400.24.167.1.150400.24.84.1
In the Linux kernel, the following vulnerability has been resolved: dm stats: check for and propagate alloc_percpu failure Check alloc_precpu()'s return value and return an error from dm_stats_init() if it fails. Update alloc_dev() to fail if dm_stats_init() does. Otherwise, a
- CVE-2023-53041May 2, 2025affected < 5.14.21-150400.24.167.1.150400.24.84.1fixed 5.14.21-150400.24.167.1.150400.24.84.1
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Perform lockless command completion in abort path While adding and removing the controller, the following call trace was observed: WARNING: CPU: 3 PID: 623596 at kernel/dma/mapping.c:532 dma_fre
- CVE-2023-53040May 2, 2025affected < 5.14.21-150400.24.167.1.150400.24.84.1fixed 5.14.21-150400.24.167.1.150400.24.84.1
In the Linux kernel, the following vulnerability has been resolved: ca8210: fix mac_len negative array access This patch fixes a buffer overflow access of skb->data if ieee802154_hdr_peek_addrs() fails.
- CVE-2023-53039May 2, 2025affected < 5.14.21-150400.24.167.1.150400.24.84.1fixed 5.14.21-150400.24.167.1.150400.24.84.1
In the Linux kernel, the following vulnerability has been resolved: HID: intel-ish-hid: ipc: Fix potential use-after-free in work function When a reset notify IPC message is received, the ISR schedules a work function and passes the ISHTP device to it via a global pointer ishtp
- CVE-2023-53038May 2, 2025affected < 5.14.21-150400.24.167.1.150400.24.84.1fixed 5.14.21-150400.24.167.1.150400.24.84.1
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Check kzalloc() in lpfc_sli4_cgn_params_read() If kzalloc() fails in lpfc_sli4_cgn_params_read(), then we rely on lpfc_read_object()'s routine to NULL check pdata. Currently, an early return error
- CVE-2023-53035May 2, 2025affected < 5.14.21-150400.24.167.1.150400.24.84.1fixed 5.14.21-150400.24.167.1.150400.24.84.1
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix kernel-infoleak in nilfs_ioctl_wrap_copy() The ioctl helper function nilfs_ioctl_wrap_copy(), which exchanges a metadata array to/from user space, may copy uninitialized buffer regions to user space
Page 12 of 96