suse/kernel-docs&distro=SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS

Vulnerabilities (2,318)

• CVE-2023-54132Dec 24, 2025
  affected < 5.14.21-150500.55.133.1fixed 5.14.21-150500.55.133.1

  In the Linux kernel, the following vulnerability has been resolved: erofs: stop parsing non-compact HEAD index if clusterofs is invalid Syzbot generated a crafted image [1] with a non-compact HEAD index of clusterofs 33024 while valid numbers should be 0 ~ lclustersize-1, which

• CVE-2023-54131Dec 24, 2025
  affected < 5.14.21-150500.55.133.1fixed 5.14.21-150500.55.133.1

  In the Linux kernel, the following vulnerability has been resolved: wifi: rt2x00: Fix memory leak when handling surveys When removing a rt2x00 device, its associated channel surveys are not freed, causing a memory leak observable with kmemleak: unreferenced object 0xffff9620f0

• CVE-2023-54130Dec 24, 2025
  affected < 5.14.21-150500.55.133.1fixed 5.14.21-150500.55.133.1

  In the Linux kernel, the following vulnerability has been resolved: hfs/hfsplus: avoid WARN_ON() for sanity check, use proper error handling Commit 55d1cbbbb29e ("hfs/hfsplus: use WARN_ON for sanity check") fixed a build warning by turning a comment into a WARN_ON(), but it tur

• CVE-2023-54128Dec 24, 2025
  affected < 5.14.21-150500.55.133.1fixed 5.14.21-150500.55.133.1

  In the Linux kernel, the following vulnerability has been resolved: fs: drop peer group ids under namespace lock When cleaning up peer group ids in the failure path we need to make sure to hold on to the namespace lock. Otherwise another thread might just turn the mount from a

• CVE-2023-54127Dec 24, 2025
  affected < 5.14.21-150500.55.133.1fixed 5.14.21-150500.55.133.1

  In the Linux kernel, the following vulnerability has been resolved: fs/jfs: prevent double-free in dbUnmount() after failed jfs_remount() Syzkaller reported the following issue: ================================================================== BUG: KASAN: double-free in slab_f

• CVE-2023-54126Dec 24, 2025
  affected < 5.14.21-150500.55.133.1fixed 5.14.21-150500.55.133.1

  In the Linux kernel, the following vulnerability has been resolved: crypto: safexcel - Cleanup ring IRQ workqueues on load failure A failure loading the safexcel driver results in the following warning on boot, because the IRQ affinity has not been correctly cleaned up. Ensure

• CVE-2023-54123Dec 24, 2025
  affected < 5.14.21-150500.55.133.1fixed 5.14.21-150500.55.133.1

  In the Linux kernel, the following vulnerability has been resolved: md/raid10: fix memleak for 'conf->bio_split' In the error path of raid10_run(), 'conf' need be freed, however, 'conf->bio_split' is missed and memory will be leaked. Since there are 3 places to free 'conf', fa

• CVE-2023-54122Dec 24, 2025
  affected < 5.14.21-150500.55.133.1fixed 5.14.21-150500.55.133.1

  In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: Add check for cstate As kzalloc may fail and return NULL pointer, it should be better to check cstate in order to avoid the NULL pointer dereference in __drm_atomic_helper_crtc_reset. Patchwork: h

• CVE-2023-54120Dec 24, 2025
  affected < 5.14.21-150500.55.133.1fixed 5.14.21-150500.55.133.1

  In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix race condition in hidp_session_thread There is a potential race condition in hidp_session_thread that may lead to use-after-free. For instance, the timer is active while hidp_del_timer is called

• CVE-2023-54119Dec 24, 2025
  affected < 5.14.21-150500.55.133.1fixed 5.14.21-150500.55.133.1

  In the Linux kernel, the following vulnerability has been resolved: inotify: Avoid reporting event with invalid wd When inotify_freeing_mark() races with inotify_handle_inode_event() it can happen that inotify_handle_inode_event() sees that i_mark->wd got already reset to -1 an

• CVE-2023-54118Dec 24, 2025
  affected < 5.14.21-150500.55.133.1fixed 5.14.21-150500.55.133.1

  In the Linux kernel, the following vulnerability has been resolved: serial: sc16is7xx: setup GPIO controller later in probe The GPIO controller component of the sc16is7xx driver is setup too early, which can result in a race condition where another device tries to utilise the G

• CVE-2023-54116Dec 24, 2025
  affected < 5.14.21-150500.55.133.1fixed 5.14.21-150500.55.133.1

  In the Linux kernel, the following vulnerability has been resolved: drm/fbdev-generic: prohibit potential out-of-bounds access The fbdev test of IGT may write after EOF, which lead to out-of-bound access for drm drivers with fbdev-generic. For example, run fbdev test on a x86+a

• CVE-2023-54115Dec 24, 2025
  affected < 5.14.21-150500.55.133.1fixed 5.14.21-150500.55.133.1

  In the Linux kernel, the following vulnerability has been resolved: pcmcia: rsrc_nonstatic: Fix memory leak in nonstatic_release_resource_db() When nonstatic_release_resource_db() frees all resources associated with an PCMCIA socket, it forgets to free socket_data too, causing

• CVE-2023-54114Dec 24, 2025
  affected < 5.14.21-150500.55.133.1fixed 5.14.21-150500.55.133.1

  In the Linux kernel, the following vulnerability has been resolved: net: nsh: Use correct mac_offset to unwind gso skb in nsh_gso_segment() As the call trace shows, skb_panic was caused by wrong skb->mac_header in nsh_gso_segment(): invalid opcode: 0000 [#1] PREEMPT SMP KASAN

• CVE-2023-54111Dec 24, 2025
  affected < 5.14.21-150500.55.133.1fixed 5.14.21-150500.55.133.1

  In the Linux kernel, the following vulnerability has been resolved: pinctrl: rockchip: Fix refcount leak in rockchip_pinctrl_parse_groups of_find_node_by_phandle() returns a node pointer with refcount incremented, We should use of_node_put() on it when not needed anymore. Add m

• CVE-2023-54110Dec 24, 2025
  affected < 5.14.21-150500.55.133.1fixed 5.14.21-150500.55.133.1

  In the Linux kernel, the following vulnerability has been resolved: usb: rndis_host: Secure rndis_query check against int overflow Variables off and len typed as uint32 in rndis_query function are controlled by incoming RNDIS response message thus their value may be manipulated

• CVE-2023-54108Dec 24, 2025
  affected < 5.14.21-150500.55.133.1fixed 5.14.21-150500.55.133.1

  In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix DMA-API call trace on NVMe LS requests The following message and call trace was seen with debug kernels: DMA-API: qla2xxx 0000:41:00.0: device driver failed to check map error [device addres

• CVE-2023-54107Dec 24, 2025
  affected < 5.14.21-150500.55.133.1fixed 5.14.21-150500.55.133.1

  In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: dropping parent refcount after pd_free_fn() is done Some cgroup policies will access parent pd through child pd even after pd_offline_fn() is done. If pd_free_fn() for parent is called before child,

• CVE-2023-54106Dec 24, 2025
  affected < 5.14.21-150500.55.133.1fixed 5.14.21-150500.55.133.1

  In the Linux kernel, the following vulnerability has been resolved: net/mlx5: fix potential memory leak in mlx5e_init_rep_rx The memory pointed to by the priv->rx_res pointer is not freed in the error path of mlx5e_init_rep_rx, which can lead to a memory leak. Fix by freeing th

• CVE-2023-54104Dec 24, 2025
  affected < 5.14.21-150500.55.133.1fixed 5.14.21-150500.55.133.1

  In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: fsl_upm: Fix an off-by one test in fun_exec_op() 'op-cs' is copied in 'fun->mchip_number' which is used to access the 'mchip_offsets' and the 'rnb_gpio' arrays. These arrays have NAND_MAX_CHIPS el