rpm package
suse/kernel-default-base&distro=SUSE Manager Proxy 4.3
pkg:rpm/suse/kernel-default-base&distro=SUSE%20Manager%20Proxy%204.3
Vulnerabilities (1,907)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-49845 | — | < 5.14.21-150400.24.167.1.150400.24.84.1 | 5.14.21-150400.24.167.1.150400.24.84.1 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: can: j1939: j1939_send_one(): fix missing CAN header initialization The read access to struct canxl_frame::len inside of a j1939 created skbuff revealed a missing initialization of reserved and later filled ele | ||
| CVE-2022-49842 | — | < 5.14.21-150400.24.167.1.150400.24.84.1 | 5.14.21-150400.24.167.1.150400.24.84.1 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: ASoC: core: Fix use-after-free in snd_soc_exit() KASAN reports a use-after-free: BUG: KASAN: use-after-free in device_del+0xb5b/0xc60 Read of size 8 at addr ffff888008655050 by task rmmod/387 CPU: 2 PID: 387 C | ||
| CVE-2022-49841 | — | < 5.14.21-150400.24.167.1.150400.24.84.1 | 5.14.21-150400.24.167.1.150400.24.84.1 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: serial: imx: Add missing .thaw_noirq hook The following warning is seen with non-console UART instance when system hibernates. [ 37.371969] ------------[ cut here ]------------ [ 37.376599] uart3_root_clk | ||
| CVE-2022-49839 | — | < 5.14.21-150400.24.167.1.150400.24.84.1 | 5.14.21-150400.24.167.1.150400.24.84.1 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: scsi: scsi_transport_sas: Fix error handling in sas_phy_add() If transport_add_device() fails in sas_phy_add(), the kernel will crash trying to delete the device in transport_remove_device() called from sas_rem | ||
| CVE-2022-49836 | — | < 5.14.21-150400.24.167.1.150400.24.84.1 | 5.14.21-150400.24.167.1.150400.24.84.1 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: siox: fix possible memory leak in siox_device_add() If device_register() returns error in siox_device_add(), the name allocated by dev_set_name() need be freed. As comment of device_register() says, it should u | ||
| CVE-2022-49835 | — | < 5.14.21-150400.24.167.1.150400.24.84.1 | 5.14.21-150400.24.167.1.150400.24.84.1 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: fix potential memleak in 'add_widget_node' As 'kobject_add' may allocated memory for 'kobject->name' when return error. And in this function, if call 'kobject_add' failed didn't free kobject. So call | ||
| CVE-2022-49834 | — | < 5.14.21-150400.24.167.1.150400.24.84.1 | 5.14.21-150400.24.167.1.150400.24.84.1 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix use-after-free bug of ns_writer on remount If a nilfs2 filesystem is downgraded to read-only due to metadata corruption on disk and is remounted read/write, or if emergency read-only remount is perf | ||
| CVE-2022-49832 | — | < 5.14.21-150400.24.167.1.150400.24.84.1 | 5.14.21-150400.24.167.1.150400.24.84.1 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map Here is the BUG report by KASAN about null pointer dereference: BUG: KASAN: null-ptr-deref in strcmp+0x2e/0x50 Read of size 1 at addr 00 | ||
| CVE-2022-49830 | — | < 5.14.21-150400.24.167.1.150400.24.84.1 | 5.14.21-150400.24.167.1.150400.24.84.1 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: drm/drv: Fix potential memory leak in drm_dev_init() drm_dev_init() will add drm_dev_init_release() as a callback. When drmm_add_action() failed, the release function won't be added. As the result, the ref cnt | ||
| CVE-2022-49827 | — | < 5.14.21-150400.24.167.1.150400.24.84.1 | 5.14.21-150400.24.167.1.150400.24.84.1 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: drm: Fix potential null-ptr-deref in drm_vblank_destroy_worker() drm_vblank_init() call drmm_add_action_or_reset() with drm_vblank_init_release() as action. If __drmm_add_action() failed, will directly call drm | ||
| CVE-2022-49826 | — | < 5.14.21-150400.24.167.1.150400.24.84.1 | 5.14.21-150400.24.167.1.150400.24.84.1 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: ata: libata-transport: fix double ata_host_put() in ata_tport_add() In the error path in ata_tport_add(), when calling put_device(), ata_tport_release() is called, it will put the refcount of 'ap->host'. And t | ||
| CVE-2022-49825 | — | < 5.14.21-150400.24.167.1.150400.24.84.1 | 5.14.21-150400.24.167.1.150400.24.84.1 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: ata: libata-transport: fix error handling in ata_tport_add() In ata_tport_add(), the return value of transport_add_device() is not checked. As a result, it causes null-ptr-deref while removing the module, becau | ||
| CVE-2022-49824 | — | < 5.14.21-150400.24.167.1.150400.24.84.1 | 5.14.21-150400.24.167.1.150400.24.84.1 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: ata: libata-transport: fix error handling in ata_tlink_add() In ata_tlink_add(), the return value of transport_add_device() is not checked. As a result, it causes null-ptr-deref while removing the module, becau | ||
| CVE-2022-49823 | — | < 5.14.21-150400.24.167.1.150400.24.84.1 | 5.14.21-150400.24.167.1.150400.24.84.1 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: ata: libata-transport: fix error handling in ata_tdev_add() In ata_tdev_add(), the return value of transport_add_device() is not checked. As a result, it causes null-ptr-deref while removing the module, because | ||
| CVE-2022-49822 | — | < 5.14.21-150400.24.167.1.150400.24.84.1 | 5.14.21-150400.24.167.1.150400.24.84.1 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: cifs: Fix connections leak when tlink setup failed If the tlink setup failed, lost to put the connections, then the module refcnt leak since the cifsd kthread not exit. Also leak the fscache info, and for next | ||
| CVE-2022-49821 | — | < 5.14.21-150400.24.167.1.150400.24.84.1 | 5.14.21-150400.24.167.1.150400.24.84.1 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: mISDN: fix possible memory leak in mISDN_dsp_element_register() Afer commit 1fa5ae857bb1 ("driver core: get rid of struct device's bus_id string array"), the name of device is allocated dynamically, use put_dev | ||
| CVE-2022-49818 | — | < 5.14.21-150400.24.167.1.150400.24.84.1 | 5.14.21-150400.24.167.1.150400.24.84.1 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: mISDN: fix misuse of put_device() in mISDN_register_device() We should not release reference by put_device() before calling device_initialize(). | ||
| CVE-2022-49813 | — | < 5.14.21-150400.24.167.1.150400.24.84.1 | 5.14.21-150400.24.167.1.150400.24.84.1 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: net: ena: Fix error handling in ena_init() The ena_init() won't destroy workqueue created by create_singlethread_workqueue() when pci_register_driver() failed. Call destroy_workqueue() when pci_register_driver( | ||
| CVE-2022-49812 | — | < 5.14.21-150400.24.167.1.150400.24.84.1 | 5.14.21-150400.24.167.1.150400.24.84.1 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: bridge: switchdev: Fix memory leaks when changing VLAN protocol The bridge driver can offload VLANs to the underlying hardware either via switchdev or the 8021q driver. When the former is used, the VLAN is mark | ||
| CVE-2022-49810 | — | < 5.14.21-150400.24.167.1.150400.24.84.1 | 5.14.21-150400.24.167.1.150400.24.84.1 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: netfs: Fix missing xas_retry() calls in xarray iteration netfslib has a number of places in which it performs iteration of an xarray whilst being under the RCU read lock. It *should* call xas_retry() as the fi |
- CVE-2022-49845May 1, 2025affected < 5.14.21-150400.24.167.1.150400.24.84.1fixed 5.14.21-150400.24.167.1.150400.24.84.1
In the Linux kernel, the following vulnerability has been resolved: can: j1939: j1939_send_one(): fix missing CAN header initialization The read access to struct canxl_frame::len inside of a j1939 created skbuff revealed a missing initialization of reserved and later filled ele
- CVE-2022-49842May 1, 2025affected < 5.14.21-150400.24.167.1.150400.24.84.1fixed 5.14.21-150400.24.167.1.150400.24.84.1
In the Linux kernel, the following vulnerability has been resolved: ASoC: core: Fix use-after-free in snd_soc_exit() KASAN reports a use-after-free: BUG: KASAN: use-after-free in device_del+0xb5b/0xc60 Read of size 8 at addr ffff888008655050 by task rmmod/387 CPU: 2 PID: 387 C
- CVE-2022-49841May 1, 2025affected < 5.14.21-150400.24.167.1.150400.24.84.1fixed 5.14.21-150400.24.167.1.150400.24.84.1
In the Linux kernel, the following vulnerability has been resolved: serial: imx: Add missing .thaw_noirq hook The following warning is seen with non-console UART instance when system hibernates. [ 37.371969] ------------[ cut here ]------------ [ 37.376599] uart3_root_clk
- CVE-2022-49839May 1, 2025affected < 5.14.21-150400.24.167.1.150400.24.84.1fixed 5.14.21-150400.24.167.1.150400.24.84.1
In the Linux kernel, the following vulnerability has been resolved: scsi: scsi_transport_sas: Fix error handling in sas_phy_add() If transport_add_device() fails in sas_phy_add(), the kernel will crash trying to delete the device in transport_remove_device() called from sas_rem
- CVE-2022-49836May 1, 2025affected < 5.14.21-150400.24.167.1.150400.24.84.1fixed 5.14.21-150400.24.167.1.150400.24.84.1
In the Linux kernel, the following vulnerability has been resolved: siox: fix possible memory leak in siox_device_add() If device_register() returns error in siox_device_add(), the name allocated by dev_set_name() need be freed. As comment of device_register() says, it should u
- CVE-2022-49835May 1, 2025affected < 5.14.21-150400.24.167.1.150400.24.84.1fixed 5.14.21-150400.24.167.1.150400.24.84.1
In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: fix potential memleak in 'add_widget_node' As 'kobject_add' may allocated memory for 'kobject->name' when return error. And in this function, if call 'kobject_add' failed didn't free kobject. So call
- CVE-2022-49834May 1, 2025affected < 5.14.21-150400.24.167.1.150400.24.84.1fixed 5.14.21-150400.24.167.1.150400.24.84.1
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix use-after-free bug of ns_writer on remount If a nilfs2 filesystem is downgraded to read-only due to metadata corruption on disk and is remounted read/write, or if emergency read-only remount is perf
- CVE-2022-49832May 1, 2025affected < 5.14.21-150400.24.167.1.150400.24.84.1fixed 5.14.21-150400.24.167.1.150400.24.84.1
In the Linux kernel, the following vulnerability has been resolved: pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map Here is the BUG report by KASAN about null pointer dereference: BUG: KASAN: null-ptr-deref in strcmp+0x2e/0x50 Read of size 1 at addr 00
- CVE-2022-49830May 1, 2025affected < 5.14.21-150400.24.167.1.150400.24.84.1fixed 5.14.21-150400.24.167.1.150400.24.84.1
In the Linux kernel, the following vulnerability has been resolved: drm/drv: Fix potential memory leak in drm_dev_init() drm_dev_init() will add drm_dev_init_release() as a callback. When drmm_add_action() failed, the release function won't be added. As the result, the ref cnt
- CVE-2022-49827May 1, 2025affected < 5.14.21-150400.24.167.1.150400.24.84.1fixed 5.14.21-150400.24.167.1.150400.24.84.1
In the Linux kernel, the following vulnerability has been resolved: drm: Fix potential null-ptr-deref in drm_vblank_destroy_worker() drm_vblank_init() call drmm_add_action_or_reset() with drm_vblank_init_release() as action. If __drmm_add_action() failed, will directly call drm
- CVE-2022-49826May 1, 2025affected < 5.14.21-150400.24.167.1.150400.24.84.1fixed 5.14.21-150400.24.167.1.150400.24.84.1
In the Linux kernel, the following vulnerability has been resolved: ata: libata-transport: fix double ata_host_put() in ata_tport_add() In the error path in ata_tport_add(), when calling put_device(), ata_tport_release() is called, it will put the refcount of 'ap->host'. And t
- CVE-2022-49825May 1, 2025affected < 5.14.21-150400.24.167.1.150400.24.84.1fixed 5.14.21-150400.24.167.1.150400.24.84.1
In the Linux kernel, the following vulnerability has been resolved: ata: libata-transport: fix error handling in ata_tport_add() In ata_tport_add(), the return value of transport_add_device() is not checked. As a result, it causes null-ptr-deref while removing the module, becau
- CVE-2022-49824May 1, 2025affected < 5.14.21-150400.24.167.1.150400.24.84.1fixed 5.14.21-150400.24.167.1.150400.24.84.1
In the Linux kernel, the following vulnerability has been resolved: ata: libata-transport: fix error handling in ata_tlink_add() In ata_tlink_add(), the return value of transport_add_device() is not checked. As a result, it causes null-ptr-deref while removing the module, becau
- CVE-2022-49823May 1, 2025affected < 5.14.21-150400.24.167.1.150400.24.84.1fixed 5.14.21-150400.24.167.1.150400.24.84.1
In the Linux kernel, the following vulnerability has been resolved: ata: libata-transport: fix error handling in ata_tdev_add() In ata_tdev_add(), the return value of transport_add_device() is not checked. As a result, it causes null-ptr-deref while removing the module, because
- CVE-2022-49822May 1, 2025affected < 5.14.21-150400.24.167.1.150400.24.84.1fixed 5.14.21-150400.24.167.1.150400.24.84.1
In the Linux kernel, the following vulnerability has been resolved: cifs: Fix connections leak when tlink setup failed If the tlink setup failed, lost to put the connections, then the module refcnt leak since the cifsd kthread not exit. Also leak the fscache info, and for next
- CVE-2022-49821May 1, 2025affected < 5.14.21-150400.24.167.1.150400.24.84.1fixed 5.14.21-150400.24.167.1.150400.24.84.1
In the Linux kernel, the following vulnerability has been resolved: mISDN: fix possible memory leak in mISDN_dsp_element_register() Afer commit 1fa5ae857bb1 ("driver core: get rid of struct device's bus_id string array"), the name of device is allocated dynamically, use put_dev
- CVE-2022-49818May 1, 2025affected < 5.14.21-150400.24.167.1.150400.24.84.1fixed 5.14.21-150400.24.167.1.150400.24.84.1
In the Linux kernel, the following vulnerability has been resolved: mISDN: fix misuse of put_device() in mISDN_register_device() We should not release reference by put_device() before calling device_initialize().
- CVE-2022-49813May 1, 2025affected < 5.14.21-150400.24.167.1.150400.24.84.1fixed 5.14.21-150400.24.167.1.150400.24.84.1
In the Linux kernel, the following vulnerability has been resolved: net: ena: Fix error handling in ena_init() The ena_init() won't destroy workqueue created by create_singlethread_workqueue() when pci_register_driver() failed. Call destroy_workqueue() when pci_register_driver(
- CVE-2022-49812May 1, 2025affected < 5.14.21-150400.24.167.1.150400.24.84.1fixed 5.14.21-150400.24.167.1.150400.24.84.1
In the Linux kernel, the following vulnerability has been resolved: bridge: switchdev: Fix memory leaks when changing VLAN protocol The bridge driver can offload VLANs to the underlying hardware either via switchdev or the 8021q driver. When the former is used, the VLAN is mark
- CVE-2022-49810May 1, 2025affected < 5.14.21-150400.24.167.1.150400.24.84.1fixed 5.14.21-150400.24.167.1.150400.24.84.1
In the Linux kernel, the following vulnerability has been resolved: netfs: Fix missing xas_retry() calls in xarray iteration netfslib has a number of places in which it performs iteration of an xarray whilst being under the RCU read lock. It *should* call xas_retry() as the fi
Page 15 of 96