rpm package
suse/kernel-docs&distro=SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS
pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSS
Vulnerabilities (1,350)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-49772 | — | < 5.3.18-150300.59.207.1 | 5.3.18-150300.59.207.1 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open() snd_usbmidi_output_open() has a check of the NULL port with snd_BUG_ON(). snd_BUG_ON() was used as this shouldn't have happened, but in reality | ||
| CVE-2022-49771 | — | < 5.3.18-150300.59.207.1 | 5.3.18-150300.59.207.1 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: dm ioctl: fix misbehavior if list_versions races with module loading __list_versions will first estimate the required space using the "dm_target_iterate(list_version_get_needed, &needed)" call and then will fil | ||
| CVE-2022-49770 | — | < 5.3.18-150300.59.207.1 | 5.3.18-150300.59.207.1 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: ceph: avoid putting the realm twice when decoding snaps fails When decoding the snaps fails it maybe leaving the 'first_realm' and 'realm' pointing to the same snaprealm memory. And then it'll put it twice and | ||
| CVE-2022-49769 | — | < 5.3.18-150300.59.207.1 | 5.3.18-150300.59.207.1 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: gfs2: Check sb_bsize_shift after reading superblock Fuzzers like to scribble over sb_bsize_shift but in reality it's very unlikely that this field would be corrupted on its own. Nevertheless it should be checke | ||
| CVE-2022-49767 | — | < 5.3.18-150300.59.207.1 | 5.3.18-150300.59.207.1 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: 9p/trans_fd: always use O_NONBLOCK read/write syzbot is reporting hung task at p9_fd_close() [1], for p9_mux_poll_stop() from p9_conn_destroy() from p9_fd_close() is failing to interrupt already started kernel | ||
| CVE-2020-36790 | — | < 5.3.18-150300.59.207.1 | 5.3.18-150300.59.207.1 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: nvmet: fix a memory leak We forgot to free new_model_number | ||
| CVE-2025-37789 | — | < 5.3.18-150300.59.207.1 | 5.3.18-150300.59.207.1 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix nested key length validation in the set() action It's not safe to access nla_len(ovs_key) if the data is smaller than the netlink header. Check that the attribute is OK first. | ||
| CVE-2025-40364 | — | < 5.3.18-150300.59.207.1 | 5.3.18-150300.59.207.1 | Apr 18, 2025 | In the Linux kernel, the following vulnerability has been resolved: io_uring: fix io_req_prep_async with provided buffers io_req_prep_async() can import provided buffers, commit the ring state by giving up on that before, it'll be reimported later if needed. | ||
| CVE-2021-47670 | — | < 5.3.18-150300.59.204.1 | 5.3.18-150300.59.204.1 | Apr 17, 2025 | In the Linux kernel, the following vulnerability has been resolved: can: peak_usb: fix use after free bugs After calling peak_usb_netif_rx_ni(skb), dereferencing skb is unsafe. Especially, the can_frame cf which aliases skb memory is accessed after the peak_usb_netif_rx_ni(). | ||
| CVE-2021-47669 | — | < 5.3.18-150300.59.204.1 | 5.3.18-150300.59.204.1 | Apr 17, 2025 | In the Linux kernel, the following vulnerability has been resolved: can: vxcan: vxcan_xmit: fix use after free bug After calling netif_rx_ni(skb), dereferencing skb is unsafe. Especially, the canfd_frame cfd which aliases skb memory is accessed after the netif_rx_ni(). | ||
| CVE-2021-47668 | — | < 5.3.18-150300.59.204.1 | 5.3.18-150300.59.204.1 | Apr 17, 2025 | In the Linux kernel, the following vulnerability has been resolved: can: dev: can_restart: fix use after free bug After calling netif_rx_ni(skb), dereferencing skb is unsafe. Especially, the can_frame cf which aliases skb memory is accessed after the netif_rx_ni() in: sta | ||
| CVE-2020-36789 | — | < 5.3.18-150300.59.204.1 | 5.3.18-150300.59.204.1 | Apr 17, 2025 | In the Linux kernel, the following vulnerability has been resolved: can: dev: can_get_echo_skb(): prevent call to kfree_skb() in hard IRQ context If a driver calls can_get_echo_skb() during a hardware IRQ (which is often, but not always, the case), the 'WARN_ON(in_irq)' in net/ | ||
| CVE-2025-22121 | — | < 5.3.18-150300.59.207.1 | 5.3.18-150300.59.207.1 | Apr 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: ext4: fix out-of-bound read in ext4_xattr_inode_dec_ref_all() There's issue as follows: BUG: KASAN: use-after-free in ext4_xattr_inode_dec_ref_all+0x6ff/0x790 Read of size 4 at addr ffff88807b003000 by task syz | ||
| CVE-2025-22055 | — | < 5.3.18-150300.59.204.1 | 5.3.18-150300.59.204.1 | Apr 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: net: fix geneve_opt length integer overflow struct geneve_opt uses 5 bit length for each single option, which means every vary size option should be smaller than 128 bytes. However, all current related Netlink | ||
| CVE-2025-22045 | — | < 5.3.18-150300.59.218.1 | 5.3.18-150300.59.218.1 | Apr 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs On the following path, flush_tlb_range() can be used for zapping normal PMD entries (PMD entries that point to page tables) together with the PTE | ||
| CVE-2025-22028 | — | < 5.3.18-150300.59.207.1 | 5.3.18-150300.59.207.1 | Apr 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: media: vimc: skip .s_stream() for stopped entities Syzbot reported [1] a warning prompted by a check in call_s_stream() that checks whether .s_stream() operation is warranted for unstarted or stopped subdevs. | ||
| CVE-2025-22020 | — | < 5.3.18-150300.59.204.1 | 5.3.18-150300.59.204.1 | Apr 16, 2025 | In the Linux kernel, the following vulnerability has been resolved: memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove This fixes the following crash: ================================================================== BUG: KASAN: slab-use-after-free in rt | ||
| CVE-2025-22004 | — | < 5.3.18-150300.59.204.1 | 5.3.18-150300.59.204.1 | Apr 3, 2025 | In the Linux kernel, the following vulnerability has been resolved: net: atm: fix use after free in lec_send() The ->send() operation frees skb so save the length before calling ->send() to avoid a use after free. | ||
| CVE-2025-21999 | — | < 5.3.18-150300.59.207.1 | 5.3.18-150300.59.207.1 | Apr 3, 2025 | In the Linux kernel, the following vulnerability has been resolved: proc: fix UAF in proc_get_inode() Fix race between rmmod and /proc/XXX's inode instantiation. The bug is that pde->proc_ops don't belong to /proc, it belongs to a module, therefore dereferencing it after /proc | ||
| CVE-2025-21971 | — | < 5.3.18-150300.59.218.1 | 5.3.18-150300.59.218.1 | Apr 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: net_sched: Prevent creation of classes with TC_H_ROOT The function qdisc_tree_reduce_backlog() uses TC_H_ROOT as a termination condition when traversing up the qdisc tree to update parent backlog counters. Howe |
- CVE-2022-49772May 1, 2025affected < 5.3.18-150300.59.207.1fixed 5.3.18-150300.59.207.1
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Drop snd_BUG_ON() from snd_usbmidi_output_open() snd_usbmidi_output_open() has a check of the NULL port with snd_BUG_ON(). snd_BUG_ON() was used as this shouldn't have happened, but in reality
- CVE-2022-49771May 1, 2025affected < 5.3.18-150300.59.207.1fixed 5.3.18-150300.59.207.1
In the Linux kernel, the following vulnerability has been resolved: dm ioctl: fix misbehavior if list_versions races with module loading __list_versions will first estimate the required space using the "dm_target_iterate(list_version_get_needed, &needed)" call and then will fil
- CVE-2022-49770May 1, 2025affected < 5.3.18-150300.59.207.1fixed 5.3.18-150300.59.207.1
In the Linux kernel, the following vulnerability has been resolved: ceph: avoid putting the realm twice when decoding snaps fails When decoding the snaps fails it maybe leaving the 'first_realm' and 'realm' pointing to the same snaprealm memory. And then it'll put it twice and
- CVE-2022-49769May 1, 2025affected < 5.3.18-150300.59.207.1fixed 5.3.18-150300.59.207.1
In the Linux kernel, the following vulnerability has been resolved: gfs2: Check sb_bsize_shift after reading superblock Fuzzers like to scribble over sb_bsize_shift but in reality it's very unlikely that this field would be corrupted on its own. Nevertheless it should be checke
- CVE-2022-49767May 1, 2025affected < 5.3.18-150300.59.207.1fixed 5.3.18-150300.59.207.1
In the Linux kernel, the following vulnerability has been resolved: 9p/trans_fd: always use O_NONBLOCK read/write syzbot is reporting hung task at p9_fd_close() [1], for p9_mux_poll_stop() from p9_conn_destroy() from p9_fd_close() is failing to interrupt already started kernel
- CVE-2020-36790May 1, 2025affected < 5.3.18-150300.59.207.1fixed 5.3.18-150300.59.207.1
In the Linux kernel, the following vulnerability has been resolved: nvmet: fix a memory leak We forgot to free new_model_number
- CVE-2025-37789May 1, 2025affected < 5.3.18-150300.59.207.1fixed 5.3.18-150300.59.207.1
In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix nested key length validation in the set() action It's not safe to access nla_len(ovs_key) if the data is smaller than the netlink header. Check that the attribute is OK first.
- CVE-2025-40364Apr 18, 2025affected < 5.3.18-150300.59.207.1fixed 5.3.18-150300.59.207.1
In the Linux kernel, the following vulnerability has been resolved: io_uring: fix io_req_prep_async with provided buffers io_req_prep_async() can import provided buffers, commit the ring state by giving up on that before, it'll be reimported later if needed.
- CVE-2021-47670Apr 17, 2025affected < 5.3.18-150300.59.204.1fixed 5.3.18-150300.59.204.1
In the Linux kernel, the following vulnerability has been resolved: can: peak_usb: fix use after free bugs After calling peak_usb_netif_rx_ni(skb), dereferencing skb is unsafe. Especially, the can_frame cf which aliases skb memory is accessed after the peak_usb_netif_rx_ni().
- CVE-2021-47669Apr 17, 2025affected < 5.3.18-150300.59.204.1fixed 5.3.18-150300.59.204.1
In the Linux kernel, the following vulnerability has been resolved: can: vxcan: vxcan_xmit: fix use after free bug After calling netif_rx_ni(skb), dereferencing skb is unsafe. Especially, the canfd_frame cfd which aliases skb memory is accessed after the netif_rx_ni().
- CVE-2021-47668Apr 17, 2025affected < 5.3.18-150300.59.204.1fixed 5.3.18-150300.59.204.1
In the Linux kernel, the following vulnerability has been resolved: can: dev: can_restart: fix use after free bug After calling netif_rx_ni(skb), dereferencing skb is unsafe. Especially, the can_frame cf which aliases skb memory is accessed after the netif_rx_ni() in: sta
- CVE-2020-36789Apr 17, 2025affected < 5.3.18-150300.59.204.1fixed 5.3.18-150300.59.204.1
In the Linux kernel, the following vulnerability has been resolved: can: dev: can_get_echo_skb(): prevent call to kfree_skb() in hard IRQ context If a driver calls can_get_echo_skb() during a hardware IRQ (which is often, but not always, the case), the 'WARN_ON(in_irq)' in net/
- CVE-2025-22121Apr 16, 2025affected < 5.3.18-150300.59.207.1fixed 5.3.18-150300.59.207.1
In the Linux kernel, the following vulnerability has been resolved: ext4: fix out-of-bound read in ext4_xattr_inode_dec_ref_all() There's issue as follows: BUG: KASAN: use-after-free in ext4_xattr_inode_dec_ref_all+0x6ff/0x790 Read of size 4 at addr ffff88807b003000 by task syz
- CVE-2025-22055Apr 16, 2025affected < 5.3.18-150300.59.204.1fixed 5.3.18-150300.59.204.1
In the Linux kernel, the following vulnerability has been resolved: net: fix geneve_opt length integer overflow struct geneve_opt uses 5 bit length for each single option, which means every vary size option should be smaller than 128 bytes. However, all current related Netlink
- CVE-2025-22045Apr 16, 2025affected < 5.3.18-150300.59.218.1fixed 5.3.18-150300.59.218.1
In the Linux kernel, the following vulnerability has been resolved: x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs On the following path, flush_tlb_range() can be used for zapping normal PMD entries (PMD entries that point to page tables) together with the PTE
- CVE-2025-22028Apr 16, 2025affected < 5.3.18-150300.59.207.1fixed 5.3.18-150300.59.207.1
In the Linux kernel, the following vulnerability has been resolved: media: vimc: skip .s_stream() for stopped entities Syzbot reported [1] a warning prompted by a check in call_s_stream() that checks whether .s_stream() operation is warranted for unstarted or stopped subdevs.
- CVE-2025-22020Apr 16, 2025affected < 5.3.18-150300.59.204.1fixed 5.3.18-150300.59.204.1
In the Linux kernel, the following vulnerability has been resolved: memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove This fixes the following crash: ================================================================== BUG: KASAN: slab-use-after-free in rt
- CVE-2025-22004Apr 3, 2025affected < 5.3.18-150300.59.204.1fixed 5.3.18-150300.59.204.1
In the Linux kernel, the following vulnerability has been resolved: net: atm: fix use after free in lec_send() The ->send() operation frees skb so save the length before calling ->send() to avoid a use after free.
- CVE-2025-21999Apr 3, 2025affected < 5.3.18-150300.59.207.1fixed 5.3.18-150300.59.207.1
In the Linux kernel, the following vulnerability has been resolved: proc: fix UAF in proc_get_inode() Fix race between rmmod and /proc/XXX's inode instantiation. The bug is that pde->proc_ops don't belong to /proc, it belongs to a module, therefore dereferencing it after /proc
- CVE-2025-21971Apr 1, 2025affected < 5.3.18-150300.59.218.1fixed 5.3.18-150300.59.218.1
In the Linux kernel, the following vulnerability has been resolved: net_sched: Prevent creation of classes with TC_H_ROOT The function qdisc_tree_reduce_backlog() uses TC_H_ROOT as a termination condition when traversing up the qdisc tree to update parent backlog counters. Howe
Page 10 of 68