suse/kernel-docs&distro=SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS

Vulnerabilities (1,350)

• CVE-2023-53039May 2, 2025
  affected < 5.3.18-150300.59.207.1fixed 5.3.18-150300.59.207.1

  In the Linux kernel, the following vulnerability has been resolved: HID: intel-ish-hid: ipc: Fix potential use-after-free in work function When a reset notify IPC message is received, the ISR schedules a work function and passes the ISHTP device to it via a global pointer ishtp

• CVE-2022-49927May 1, 2025
  affected < 5.3.18-150300.59.207.1fixed 5.3.18-150300.59.207.1

  In the Linux kernel, the following vulnerability has been resolved: nfs4: Fix kmemleak when allocate slot failed If one of the slot allocate failed, should cleanup all the other allocated slots, otherwise, the allocated slots will leak: unreferenced object 0xffff8881115aa100

• CVE-2022-49922May 1, 2025
  affected < 5.3.18-150300.59.207.1fixed 5.3.18-150300.59.207.1

  In the Linux kernel, the following vulnerability has been resolved: nfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send() nfcmrvl_i2c_nci_send() will be called by nfcmrvl_nci_send(), and skb should be freed in nfcmrvl_i2c_nci_send(). However, nfcmrvl_nci_send() will

• CVE-2022-49915May 1, 2025
  affected < 5.3.18-150300.59.207.1fixed 5.3.18-150300.59.207.1

  In the Linux kernel, the following vulnerability has been resolved: mISDN: fix possible memory leak in mISDN_register_device() Afer commit 1fa5ae857bb1 ("driver core: get rid of struct device's bus_id string array"), the name of device is allocated dynamically, add put_device()

• CVE-2022-49910May 1, 2025
  affected < 5.3.18-150300.59.207.1fixed 5.3.18-150300.59.207.1

  In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu Fix the race condition between the following two flows that run in parallel: 1. l2cap_reassemble_sdu -> chan->ops->recv (l2cap_sock_recv_cb)

• CVE-2022-49906May 1, 2025
  affected < 5.3.18-150300.59.207.1fixed 5.3.18-150300.59.207.1

  In the Linux kernel, the following vulnerability has been resolved: ibmvnic: Free rwi on reset success Free the rwi structure in the event that the last rwi in the list processed successfully. The logic in commit 4f408e1fa6e1 ("ibmvnic: retry reset if there are no other resets"

• CVE-2022-49892May 1, 2025
  affected < 5.3.18-150300.59.207.1fixed 5.3.18-150300.59.207.1

  In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix use-after-free for dynamic ftrace_ops KASAN reported a use-after-free with ftrace ops [1]. It was found from vmcore that perf had registered two ops with the same content successively, both dynamic.

• CVE-2022-49889May 1, 2025
  affected < 5.3.18-150300.59.207.1fixed 5.3.18-150300.59.207.1

  In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Check for NULL cpu_buffer in ring_buffer_wake_waiters() On some machines the number of listed CPUs may be bigger than the actual CPUs that exist. The tracing subsystem allocates a per_cpu directory

• CVE-2022-49887May 1, 2025
  affected < 5.3.18-150300.59.207.1fixed 5.3.18-150300.59.207.1

  In the Linux kernel, the following vulnerability has been resolved: media: meson: vdec: fix possible refcount leak in vdec_probe() v4l2_device_unregister need to be called to put the refcount got by v4l2_device_register when vdec_probe fails or vdec_remove is called.

• CVE-2022-49881May 1, 2025
  affected < 5.3.18-150300.59.207.1fixed 5.3.18-150300.59.207.1

  In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: fix memory leak in query_regdb_file() In the function query_regdb_file() the alpha2 parameter is duplicated using kmemdup() and subsequently freed in regdb_fw_cb(). However, request_firmware_now

• CVE-2022-49880May 1, 2025
  affected < 5.3.18-150300.59.207.1fixed 5.3.18-150300.59.207.1

  In the Linux kernel, the following vulnerability has been resolved: ext4: fix warning in 'ext4_da_release_space' Syzkaller report issue as follows: EXT4-fs (loop0): Free/Dirty block details EXT4-fs (loop0): free_blocks=0 EXT4-fs (loop0): dirty_blocks=0 EXT4-fs (loop0): Block re

• CVE-2022-49879May 1, 2025
  affected < 5.3.18-150300.59.207.1fixed 5.3.18-150300.59.207.1

  In the Linux kernel, the following vulnerability has been resolved: ext4: fix BUG_ON() when directory entry has invalid rec_len The rec_len field in the directory entry has to be a multiple of 4. A corrupted filesystem image can be used to hit a BUG() in ext4_rec_len_to_disk()

• CVE-2022-49870May 1, 2025
  affected < 5.3.18-150300.59.207.1fixed 5.3.18-150300.59.207.1

  In the Linux kernel, the following vulnerability has been resolved: capabilities: fix undefined behavior in bit shift for CAP_TO_MASK Shifting signed 32-bit value by 31 bits is undefined, so changing significant bit to unsigned. The UBSAN warning calltrace like below: UBSAN: s

• CVE-2022-49861May 1, 2025
  affected < 5.3.18-150300.59.207.1fixed 5.3.18-150300.59.207.1

  In the Linux kernel, the following vulnerability has been resolved: dmaengine: mv_xor_v2: Fix a resource leak in mv_xor_v2_remove() A clk_prepare_enable() call in the probe is not balanced by a corresponding clk_disable_unprepare() in the remove function. Add the missing call.

• CVE-2022-49846May 1, 2025
  affected < 5.3.18-150300.59.207.1fixed 5.3.18-150300.59.207.1

  In the Linux kernel, the following vulnerability has been resolved: udf: Fix a slab-out-of-bounds write bug in udf_find_entry() Syzbot reported a slab-out-of-bounds Write bug: loop0: detected capacity change from 0 to 2048 ======================================================

• CVE-2022-49842May 1, 2025
  affected < 5.3.18-150300.59.207.1fixed 5.3.18-150300.59.207.1

  In the Linux kernel, the following vulnerability has been resolved: ASoC: core: Fix use-after-free in snd_soc_exit() KASAN reports a use-after-free: BUG: KASAN: use-after-free in device_del+0xb5b/0xc60 Read of size 8 at addr ffff888008655050 by task rmmod/387 CPU: 2 PID: 387 C

• CVE-2022-49841May 1, 2025
  affected < 5.3.18-150300.59.207.1fixed 5.3.18-150300.59.207.1

  In the Linux kernel, the following vulnerability has been resolved: serial: imx: Add missing .thaw_noirq hook The following warning is seen with non-console UART instance when system hibernates. [ 37.371969] ------------[ cut here ]------------ [ 37.376599] uart3_root_clk

• CVE-2022-49839May 1, 2025
  affected < 5.3.18-150300.59.207.1fixed 5.3.18-150300.59.207.1

  In the Linux kernel, the following vulnerability has been resolved: scsi: scsi_transport_sas: Fix error handling in sas_phy_add() If transport_add_device() fails in sas_phy_add(), the kernel will crash trying to delete the device in transport_remove_device() called from sas_rem

• CVE-2022-49836May 1, 2025
  affected < 5.3.18-150300.59.207.1fixed 5.3.18-150300.59.207.1

  In the Linux kernel, the following vulnerability has been resolved: siox: fix possible memory leak in siox_device_add() If device_register() returns error in siox_device_add(), the name allocated by dev_set_name() need be freed. As comment of device_register() says, it should u

• CVE-2022-49835May 1, 2025
  affected < 5.3.18-150300.59.207.1fixed 5.3.18-150300.59.207.1

  In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: fix potential memleak in 'add_widget_node' As 'kobject_add' may allocated memory for 'kobject->name' when return error. And in this function, if call 'kobject_add' failed didn't free kobject. So call