rpm package
suse/kernel-docs&distro=SUSE Linux Enterprise Module for Development Tools 15 SP5
pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP5
Vulnerabilities (2,437)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-52693 | Med | 5.5 | < 5.14.21-150500.55.68.1 | 5.14.21-150500.55.68.1 | May 17, 2024 | In the Linux kernel, the following vulnerability has been resolved: ACPI: video: check for error while searching for backlight device parent If acpi_get_parent() called in acpi_video_dev_register_backlight() fails, for example, because acpi_ut_acquire_mutex() fails inside acpi_ | |
| CVE-2023-52692 | Med | 5.5 | < 5.14.21-150500.55.68.1 | 5.14.21-150500.55.68.1 | May 17, 2024 | In the Linux kernel, the following vulnerability has been resolved: ALSA: scarlett2: Add missing error check to scarlett2_usb_set_config() scarlett2_usb_set_config() calls scarlett2_usb_get() but was not checking the result. Return the error if it fails rather than continuing w | |
| CVE-2023-52691 | Hig | 7.8 | < 5.14.21-150500.55.68.1 | 5.14.21-150500.55.68.1 | May 17, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: fix a double-free in si_dpm_init When the allocation of adev->pm.dpm.dyn_state.vddc_dependency_on_dispclk.entries fails, amdgpu_free_extended_power_table is called to free some fields of adev. Howev | |
| CVE-2023-52690 | Med | 5.5 | < 5.14.21-150500.55.68.1 | 5.14.21-150500.55.68.1 | May 17, 2024 | In the Linux kernel, the following vulnerability has been resolved: powerpc/powernv: Add a null pointer check to scom_debug_init_one() kasprintf() returns a pointer to dynamically allocated memory which can be NULL upon failure. Add a null pointer check, and release 'ent' to av | |
| CVE-2023-52686 | Med | 5.5 | < 5.14.21-150500.55.68.1 | 5.14.21-150500.55.68.1 | May 17, 2024 | In the Linux kernel, the following vulnerability has been resolved: powerpc/powernv: Add a null pointer check in opal_event_init() kasprintf() returns a pointer to dynamically allocated memory which can be NULL upon failure. | |
| CVE-2023-52683 | Med | 5.5 | < 5.14.21-150500.55.68.1 | 5.14.21-150500.55.68.1 | May 17, 2024 | In the Linux kernel, the following vulnerability has been resolved: ACPI: LPIT: Avoid u32 multiplication overflow In lpit_update_residency() there is a possibility of overflow in multiplication, if tsc_khz is large enough (> UINT_MAX/1000). Change multiplication to mul_u32_u32 | |
| CVE-2023-52680 | Med | 5.5 | < 5.14.21-150500.55.68.1 | 5.14.21-150500.55.68.1 | May 17, 2024 | In the Linux kernel, the following vulnerability has been resolved: ALSA: scarlett2: Add missing error checks to *_ctl_get() The *_ctl_get() functions which call scarlett2_update_*() were not checking the return value. Fix to check the return value and pass to the caller. | |
| CVE-2023-52679 | Hig | 7.8 | < 5.14.21-150500.55.68.1 | 5.14.21-150500.55.68.1 | May 17, 2024 | In the Linux kernel, the following vulnerability has been resolved: of: Fix double free in of_parse_phandle_with_args_map In of_parse_phandle_with_args_map() the inner loop that iterates through the map entries calls of_node_put(new) to free the reference acquired by the previo | |
| CVE-2023-52678 | Med | 5.5 | < 5.14.21-150500.55.68.1 | 5.14.21-150500.55.68.1 | May 17, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Confirm list is non-empty before utilizing list_first_entry in kfd_topology.c Before using list_first_entry, make sure to check that list is not empty, if list is empty return -ENODATA. Fixes the b | |
| CVE-2023-52676 | Med | 5.5 | < 5.14.21-150500.55.68.1 | 5.14.21-150500.55.68.1 | May 17, 2024 | In the Linux kernel, the following vulnerability has been resolved: bpf: Guard stack limits against 32bit overflow This patch promotes the arithmetic around checking stack bounds to be done in the 64-bit domain, instead of the current 32bit. The arithmetic implies adding togeth | |
| CVE-2023-52675 | Med | 5.5 | < 5.14.21-150500.55.73.2 | 5.14.21-150500.55.73.2 | May 17, 2024 | In the Linux kernel, the following vulnerability has been resolved: powerpc/imc-pmu: Add a null pointer check in update_events_in_group() kasprintf() returns a pointer to dynamically allocated memory which can be NULL upon failure. | |
| CVE-2023-52674 | Med | 5.5 | < 5.14.21-150500.55.68.1 | 5.14.21-150500.55.68.1 | May 17, 2024 | In the Linux kernel, the following vulnerability has been resolved: ALSA: scarlett2: Add clamp() in scarlett2_mixer_ctl_put() Ensure the value passed to scarlett2_mixer_ctl_put() is between 0 and SCARLETT2_MIXER_MAX_VALUE so we don't attempt to access outside scarlett2_mixer_va | |
| CVE-2024-35837 | Med | 5.5 | < 5.14.21-150500.55.73.2 | 5.14.21-150500.55.73.2 | May 17, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: mvpp2: clear BM pool before initialization Register value persist after booting the kernel using kexec which results in kernel panic. Thus clear the BM pool registers before initialisation to fix the issue | |
| CVE-2024-35835 | Med | 5.3 | < 5.14.21-150500.55.73.2 | 5.14.21-150500.55.73.2 | May 17, 2024 | In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: fix a double-free in arfs_create_groups When `in` allocated by kvzalloc fails, arfs_create_groups will free ft->g and return an error. However, arfs_create_table, the only caller of arfs_create_group | |
| CVE-2024-35833 | Med | 5.5 | < 5.14.21-150500.55.68.1 | 5.14.21-150500.55.68.1 | May 17, 2024 | In the Linux kernel, the following vulnerability has been resolved: dmaengine: fsl-qdma: Fix a memory leak related to the queue command DMA This dma_alloc_coherent() is undone neither in the remove function, nor in the error handling path of fsl_qdma_probe(). Switch to the man | |
| CVE-2024-35830 | Med | 5.5 | < 5.14.21-150500.55.68.1 | 5.14.21-150500.55.68.1 | May 17, 2024 | In the Linux kernel, the following vulnerability has been resolved: media: tc358743: register v4l2 async device only after successful setup Ensure the device has been setup correctly before registering the v4l2 async device, thus allowing userspace to access. | |
| CVE-2024-35829 | Med | 5.5 | < 5.14.21-150500.55.68.1 | 5.14.21-150500.55.68.1 | May 17, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/lima: fix a memleak in lima_heap_alloc When lima_vm_map_bo fails, the resources need to be deallocated, or there will be memleaks. | |
| CVE-2024-35828 | Med | 5.5 | < 5.14.21-150500.55.68.1 | 5.14.21-150500.55.68.1 | May 17, 2024 | In the Linux kernel, the following vulnerability has been resolved: wifi: libertas: fix some memleaks in lbs_allocate_cmd_buffer() In the for statement of lbs_allocate_cmd_buffer(), if the allocation of cmdarray[i].cmdbuf fails, both cmdarray and cmdarray[i].cmdbuf needs to be | |
| CVE-2024-35825 | Med | 5.5 | < 5.14.21-150500.55.68.1 | 5.14.21-150500.55.68.1 | May 17, 2024 | In the Linux kernel, the following vulnerability has been resolved: usb: gadget: ncm: Fix handling of zero block length packets While connecting to a Linux host with CDC_NCM_NTB_DEF_SIZE_TX set to 65536, it has been observed that we receive short packets, which come at interval | |
| CVE-2024-35823 | Med | 5.3 | < 5.14.21-150500.55.68.1 | 5.14.21-150500.55.68.1 | May 17, 2024 | In the Linux kernel, the following vulnerability has been resolved: vt: fix unicode buffer corruption when deleting characters This is the same issue that was fixed for the VGA text buffer in commit 39cdb68c64d8 ("vt: fix memory overlapping when deleting chars in the buffer"). |
- affected < 5.14.21-150500.55.68.1fixed 5.14.21-150500.55.68.1
In the Linux kernel, the following vulnerability has been resolved: ACPI: video: check for error while searching for backlight device parent If acpi_get_parent() called in acpi_video_dev_register_backlight() fails, for example, because acpi_ut_acquire_mutex() fails inside acpi_
- affected < 5.14.21-150500.55.68.1fixed 5.14.21-150500.55.68.1
In the Linux kernel, the following vulnerability has been resolved: ALSA: scarlett2: Add missing error check to scarlett2_usb_set_config() scarlett2_usb_set_config() calls scarlett2_usb_get() but was not checking the result. Return the error if it fails rather than continuing w
- affected < 5.14.21-150500.55.68.1fixed 5.14.21-150500.55.68.1
In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: fix a double-free in si_dpm_init When the allocation of adev->pm.dpm.dyn_state.vddc_dependency_on_dispclk.entries fails, amdgpu_free_extended_power_table is called to free some fields of adev. Howev
- affected < 5.14.21-150500.55.68.1fixed 5.14.21-150500.55.68.1
In the Linux kernel, the following vulnerability has been resolved: powerpc/powernv: Add a null pointer check to scom_debug_init_one() kasprintf() returns a pointer to dynamically allocated memory which can be NULL upon failure. Add a null pointer check, and release 'ent' to av
- affected < 5.14.21-150500.55.68.1fixed 5.14.21-150500.55.68.1
In the Linux kernel, the following vulnerability has been resolved: powerpc/powernv: Add a null pointer check in opal_event_init() kasprintf() returns a pointer to dynamically allocated memory which can be NULL upon failure.
- affected < 5.14.21-150500.55.68.1fixed 5.14.21-150500.55.68.1
In the Linux kernel, the following vulnerability has been resolved: ACPI: LPIT: Avoid u32 multiplication overflow In lpit_update_residency() there is a possibility of overflow in multiplication, if tsc_khz is large enough (> UINT_MAX/1000). Change multiplication to mul_u32_u32
- affected < 5.14.21-150500.55.68.1fixed 5.14.21-150500.55.68.1
In the Linux kernel, the following vulnerability has been resolved: ALSA: scarlett2: Add missing error checks to *_ctl_get() The *_ctl_get() functions which call scarlett2_update_*() were not checking the return value. Fix to check the return value and pass to the caller.
- affected < 5.14.21-150500.55.68.1fixed 5.14.21-150500.55.68.1
In the Linux kernel, the following vulnerability has been resolved: of: Fix double free in of_parse_phandle_with_args_map In of_parse_phandle_with_args_map() the inner loop that iterates through the map entries calls of_node_put(new) to free the reference acquired by the previo
- affected < 5.14.21-150500.55.68.1fixed 5.14.21-150500.55.68.1
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Confirm list is non-empty before utilizing list_first_entry in kfd_topology.c Before using list_first_entry, make sure to check that list is not empty, if list is empty return -ENODATA. Fixes the b
- affected < 5.14.21-150500.55.68.1fixed 5.14.21-150500.55.68.1
In the Linux kernel, the following vulnerability has been resolved: bpf: Guard stack limits against 32bit overflow This patch promotes the arithmetic around checking stack bounds to be done in the 64-bit domain, instead of the current 32bit. The arithmetic implies adding togeth
- affected < 5.14.21-150500.55.73.2fixed 5.14.21-150500.55.73.2
In the Linux kernel, the following vulnerability has been resolved: powerpc/imc-pmu: Add a null pointer check in update_events_in_group() kasprintf() returns a pointer to dynamically allocated memory which can be NULL upon failure.
- affected < 5.14.21-150500.55.68.1fixed 5.14.21-150500.55.68.1
In the Linux kernel, the following vulnerability has been resolved: ALSA: scarlett2: Add clamp() in scarlett2_mixer_ctl_put() Ensure the value passed to scarlett2_mixer_ctl_put() is between 0 and SCARLETT2_MIXER_MAX_VALUE so we don't attempt to access outside scarlett2_mixer_va
- affected < 5.14.21-150500.55.73.2fixed 5.14.21-150500.55.73.2
In the Linux kernel, the following vulnerability has been resolved: net: mvpp2: clear BM pool before initialization Register value persist after booting the kernel using kexec which results in kernel panic. Thus clear the BM pool registers before initialisation to fix the issue
- affected < 5.14.21-150500.55.73.2fixed 5.14.21-150500.55.73.2
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: fix a double-free in arfs_create_groups When `in` allocated by kvzalloc fails, arfs_create_groups will free ft->g and return an error. However, arfs_create_table, the only caller of arfs_create_group
- affected < 5.14.21-150500.55.68.1fixed 5.14.21-150500.55.68.1
In the Linux kernel, the following vulnerability has been resolved: dmaengine: fsl-qdma: Fix a memory leak related to the queue command DMA This dma_alloc_coherent() is undone neither in the remove function, nor in the error handling path of fsl_qdma_probe(). Switch to the man
- affected < 5.14.21-150500.55.68.1fixed 5.14.21-150500.55.68.1
In the Linux kernel, the following vulnerability has been resolved: media: tc358743: register v4l2 async device only after successful setup Ensure the device has been setup correctly before registering the v4l2 async device, thus allowing userspace to access.
- affected < 5.14.21-150500.55.68.1fixed 5.14.21-150500.55.68.1
In the Linux kernel, the following vulnerability has been resolved: drm/lima: fix a memleak in lima_heap_alloc When lima_vm_map_bo fails, the resources need to be deallocated, or there will be memleaks.
- affected < 5.14.21-150500.55.68.1fixed 5.14.21-150500.55.68.1
In the Linux kernel, the following vulnerability has been resolved: wifi: libertas: fix some memleaks in lbs_allocate_cmd_buffer() In the for statement of lbs_allocate_cmd_buffer(), if the allocation of cmdarray[i].cmdbuf fails, both cmdarray and cmdarray[i].cmdbuf needs to be
- affected < 5.14.21-150500.55.68.1fixed 5.14.21-150500.55.68.1
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: ncm: Fix handling of zero block length packets While connecting to a Linux host with CDC_NCM_NTB_DEF_SIZE_TX set to 65536, it has been observed that we receive short packets, which come at interval
- affected < 5.14.21-150500.55.68.1fixed 5.14.21-150500.55.68.1
In the Linux kernel, the following vulnerability has been resolved: vt: fix unicode buffer corruption when deleting characters This is the same issue that was fixed for the VGA text buffer in commit 39cdb68c64d8 ("vt: fix memory overlapping when deleting chars in the buffer").
Page 82 of 122