VYPR

rpm package

suse/kernel-docs&distro=SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS

pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP3-LTSS

Vulnerabilities (1,350)

  • CVE-2024-41090Jul 29, 2024
    affected < 5.3.18-150300.59.170.2fixed 5.3.18-150300.59.170.2

    In the Linux kernel, the following vulnerability has been resolved: tap: add missing verification for short frame The cited commit missed to check against the validity of the frame length in the tap_get_user_xdp() path, which could cause a corrupted skb to be sent downstack. Ev

  • CVE-2024-41011Jul 18, 2024
    affected < 5.3.18-150300.59.170.2fixed 5.3.18-150300.59.170.2

    In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: don't allow mapping the MMIO HDP page with large pages We don't get the right offset in that case. The GPU has an unused 4K area of the register BAR space into which you can remap registers. We re

  • CVE-2024-41009Jul 17, 2024
    affected < 5.3.18-150300.59.174.1fixed 5.3.18-150300.59.174.1

    In the Linux kernel, the following vulnerability has been resolved: bpf: Fix overrunning reservations in ringbuf The BPF ring buffer internally is implemented as a power-of-2 sized circular buffer, with two logical and ever-increasing counters: consumer_pos is the consumer coun

  • CVE-2022-48858Jul 16, 2024
    affected < 5.3.18-150300.59.174.1fixed 5.3.18-150300.59.174.1

    In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix a race on command flush flow Fix a refcount use after free warning due to a race on command entry. Such race occurs when one of the commands releases its last refcount and frees its index and entr

  • CVE-2022-48857Jul 16, 2024
    affected < 5.3.18-150300.59.174.1fixed 5.3.18-150300.59.174.1

    In the Linux kernel, the following vulnerability has been resolved: NFC: port100: fix use-after-free in port100_send_complete Syzbot reported UAF in port100_send_complete(). The root case is in missing usb_kill_urb() calls on error handling path of ->probe function. port100_se

  • CVE-2022-48856Jul 16, 2024
    affected < 5.3.18-150300.59.174.1fixed 5.3.18-150300.59.174.1

    In the Linux kernel, the following vulnerability has been resolved: gianfar: ethtool: Fix refcount leak in gfar_get_ts_info The of_find_compatible_node() function returns a node pointer with refcount incremented, We should use of_node_put() on it when done Add the missing of_no

  • CVE-2022-48853Jul 16, 2024
    affected < 5.3.18-150300.59.174.1fixed 5.3.18-150300.59.174.1

    In the Linux kernel, the following vulnerability has been resolved: swiotlb: fix info leak with DMA_FROM_DEVICE The problem I'm addressing was discovered by the LTP test covering cve-2018-1000204. A short description of what happens follows: 1) The test case issues a command c

  • CVE-2022-48851Jul 16, 2024
    affected < 5.3.18-150300.59.174.1fixed 5.3.18-150300.59.174.1

    In the Linux kernel, the following vulnerability has been resolved: staging: gdm724x: fix use after free in gdm_lte_rx() The netif_rx_ni() function frees the skb so we can't dereference it to save the skb->len.

  • CVE-2022-48839Jul 16, 2024
    affected < 5.3.18-150300.59.174.1fixed 5.3.18-150300.59.174.1

    In the Linux kernel, the following vulnerability has been resolved: net/packet: fix slab-out-of-bounds access in packet_recvmsg() syzbot found that when an AF_PACKET socket is using PACKET_COPY_THRESH and mmap operations, tpacket_rcv() is queueing skbs with garbage in skb->cb[]

  • CVE-2022-48838Jul 16, 2024
    affected < 5.3.18-150300.59.174.1fixed 5.3.18-150300.59.174.1

    In the Linux kernel, the following vulnerability has been resolved: usb: gadget: Fix use-after-free bug by not setting udc->dev.driver The syzbot fuzzer found a use-after-free bug: BUG: KASAN: use-after-free in dev_uevent+0x712/0x780 drivers/base/core.c:2320 Read of size 8 at

  • CVE-2022-48837Jul 16, 2024
    affected < 5.3.18-150300.59.174.1fixed 5.3.18-150300.59.174.1

    In the Linux kernel, the following vulnerability has been resolved: usb: gadget: rndis: prevent integer overflow in rndis_set_response() If "BufOffset" is very large the "BufOffset + 8" operation can have an integer overflow.

  • CVE-2022-48836Jul 16, 2024
    affected < 5.3.18-150300.59.174.1fixed 5.3.18-150300.59.174.1

    In the Linux kernel, the following vulnerability has been resolved: Input: aiptek - properly check endpoint type Syzbot reported warning in usb_submit_urb() which is caused by wrong endpoint type. There was a check for the number of endpoints, but not for the type of endpoint.

  • CVE-2022-48835Jul 16, 2024
    affected < 5.3.18-150300.59.174.1fixed 5.3.18-150300.59.174.1

    In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Page fault in reply q processing A page fault was encountered in mpt3sas on a LUN reset error path: [ 145.763216] mpt3sas_cm1: Task abort tm failed: handle(0x0002),timeout(30) tr_method(0x0) sm

  • CVE-2022-48834Jul 16, 2024
    affected < 5.3.18-150300.59.174.1fixed 5.3.18-150300.59.174.1

    In the Linux kernel, the following vulnerability has been resolved: usb: usbtmc: Fix bug in pipe direction for control transfers The syzbot fuzzer reported a minor bug in the usbtmc driver: usb 5-1: BOGUS control dir, pipe 80001e80 doesn't match bRequestType 0 WARNING: CPU: 0

  • CVE-2022-48827HigJul 16, 2024
    affected < 5.3.18-150300.59.174.1fixed 5.3.18-150300.59.174.1

    In the Linux kernel, the following vulnerability has been resolved: NFSD: Fix the behavior of READ near OFFSET_MAX Dan Aloni reports: > Due to commit 8cfb9015280d ("NFS: Always provide aligned buffers to > the RPC read layers") on the client, a read of 0xfff is aligned up > to

  • CVE-2022-48824Jul 16, 2024
    affected < 5.3.18-150300.59.174.1fixed 5.3.18-150300.59.174.1

    In the Linux kernel, the following vulnerability has been resolved: scsi: myrs: Fix crash in error case In myrs_detect(), cs->disable_intr is NULL when privdata->hw_init() fails with non-zero. In this case, myrs_cleanup(cs) will call a NULL ptr and crash the kernel. [ 1.105

  • CVE-2022-48823Jul 16, 2024
    affected < 5.3.18-150300.59.174.1fixed 5.3.18-150300.59.174.1

    In the Linux kernel, the following vulnerability has been resolved: scsi: qedf: Fix refcount issue when LOGO is received during TMF Hung task call trace was seen during LOGO processing. [ 974.309060] [0000:00:00.0]:[qedf_eh_device_reset:868]: 1:0:2:0: LUN RESET Issued... [ 9

  • CVE-2022-48822Jul 16, 2024
    affected < 5.3.18-150300.59.170.2fixed 5.3.18-150300.59.170.2

    In the Linux kernel, the following vulnerability has been resolved: usb: f_fs: Fix use-after-free for epfile Consider a case where ffs_func_eps_disable is called from ffs_func_disable as part of composition switch and at the same time ffs_epfile_release get called from userspac

  • CVE-2022-48821Jul 16, 2024
    affected < 5.3.18-150300.59.170.2fixed 5.3.18-150300.59.170.2

    In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: avoid double fput() on failed usercopy If the copy back to userland fails for the FASTRPC_IOCTL_ALLOC_DMA_BUFF ioctl(), we shouldn't assume that 'buf->dmabuf' is still valid. In fact, dma_buf_fd(

  • CVE-2022-48811Jul 16, 2024
    affected < 5.3.18-150300.59.174.1fixed 5.3.18-150300.59.174.1

    In the Linux kernel, the following vulnerability has been resolved: ibmvnic: don't release napi in __ibmvnic_open() If __ibmvnic_open() encounters an error such as when setting link state, it calls release_resources() which frees the napi structures needlessly. Instead, have __

Page 30 of 68