rpm package
suse/kernel-docs&distro=SUSE Linux Enterprise Server 15 SP3-LTSS
pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSS
Vulnerabilities (1,483)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-49398 | — | < 5.3.18-150300.59.201.1 | 5.3.18-150300.59.201.1 | Feb 26, 2025 | In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: gadget: Replace list_for_each_entry_safe() if using giveback The list_for_each_entry_safe() macro saves the current item (n) and the item after (n+1), so that n can be safely removed without corrupti | ||
| CVE-2022-49397 | — | < 5.3.18-150300.59.201.1 | 5.3.18-150300.59.201.1 | Feb 26, 2025 | In the Linux kernel, the following vulnerability has been resolved: phy: qcom-qmp: fix struct clk leak on probe errors Make sure to release the pipe clock reference in case of a late probe error (e.g. probe deferral). | ||
| CVE-2022-49396 | — | < 5.3.18-150300.59.201.1 | 5.3.18-150300.59.201.1 | Feb 26, 2025 | In the Linux kernel, the following vulnerability has been resolved: phy: qcom-qmp: fix reset-controller leak on probe errors Make sure to release the lane reset controller in case of a late probe error (e.g. probe deferral). Note that due to the reset controller being defined | ||
| CVE-2022-49394 | — | < 5.3.18-150300.59.201.1 | 5.3.18-150300.59.201.1 | Feb 26, 2025 | In the Linux kernel, the following vulnerability has been resolved: blk-iolatency: Fix inflight count imbalances and IO hangs on offline iolatency needs to track the number of inflight IOs per cgroup. As this tracking can be expensive, it is disabled when no cgroup has iolatenc | ||
| CVE-2022-49389 | — | < 5.3.18-150300.59.201.1 | 5.3.18-150300.59.201.1 | Feb 26, 2025 | In the Linux kernel, the following vulnerability has been resolved: usb: usbip: fix a refcount leak in stub_probe() usb_get_dev() is called in stub_device_alloc(). When stub_probe() fails after that, usb_put_dev() needs to be called to release the reference. Fix this by moving | ||
| CVE-2022-49385 | — | < 5.3.18-150300.59.201.1 | 5.3.18-150300.59.201.1 | Feb 26, 2025 | In the Linux kernel, the following vulnerability has been resolved: driver: base: fix UAF when driver_attach failed When driver_attach(drv); failed, the driver_private will be freed. But it has been added to the bus, which caused a UAF. To fix it, we need to delete it from the | ||
| CVE-2022-49382 | — | < 5.3.18-150300.59.201.1 | 5.3.18-150300.59.201.1 | Feb 26, 2025 | In the Linux kernel, the following vulnerability has been resolved: soc: rockchip: Fix refcount leak in rockchip_grf_init of_find_matching_node_and_match returns a node pointer with refcount incremented, we should use of_node_put() on it when done. Add missing of_node_put() to | ||
| CVE-2022-49376 | — | < 5.3.18-150300.59.201.1 | 5.3.18-150300.59.201.1 | Feb 26, 2025 | In the Linux kernel, the following vulnerability has been resolved: scsi: sd: Fix potential NULL pointer dereference If sd_probe() sees an early error before sdkp->device is initialized, sd_zbc_release_disk() is called. This causes a NULL pointer dereference when sd_is_zoned() | ||
| CVE-2022-49375 | — | < 5.3.18-150300.59.201.1 | 5.3.18-150300.59.201.1 | Feb 26, 2025 | In the Linux kernel, the following vulnerability has been resolved: rtc: mt6397: check return value after calling platform_get_resource() It will cause null-ptr-deref if platform_get_resource() returns NULL, we need check the return value. | ||
| CVE-2022-49373 | — | < 5.3.18-150300.59.201.1 | 5.3.18-150300.59.201.1 | Feb 26, 2025 | In the Linux kernel, the following vulnerability has been resolved: watchdog: ts4800_wdt: Fix refcount leak in ts4800_wdt_probe of_parse_phandle() returns a node pointer with refcount incremented, we should use of_node_put() on it when done. Add missing of_node_put() in some e | ||
| CVE-2022-49371 | — | < 5.3.18-150300.59.201.1 | 5.3.18-150300.59.201.1 | Feb 26, 2025 | In the Linux kernel, the following vulnerability has been resolved: driver core: fix deadlock in __device_attach In __device_attach function, The lock holding logic is as follows: ... __device_attach device_lock(dev) // get lock dev async_schedule_dev(__device_attach_asy | ||
| CVE-2022-49370 | — | < 5.3.18-150300.59.201.1 | 5.3.18-150300.59.201.1 | Feb 26, 2025 | In the Linux kernel, the following vulnerability has been resolved: firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle kobject_init_and_add() takes reference even when it fails. According to the doc of kobject_init_and_add() If this function returns an error, | ||
| CVE-2022-49357 | — | < 5.3.18-150300.59.201.1 | 5.3.18-150300.59.201.1 | Feb 26, 2025 | In the Linux kernel, the following vulnerability has been resolved: efi: Do not import certificates from UEFI Secure Boot for T2 Macs On Apple T2 Macs, when Linux attempts to read the db and dbx efi variables at early boot to load UEFI Secure Boot certificates, a page fault occ | ||
| CVE-2022-49352 | — | < 5.3.18-150300.59.201.1 | 5.3.18-150300.59.201.1 | Feb 26, 2025 | In the Linux kernel, the following vulnerability has been resolved: ext4: fix warning in ext4_handle_inode_extension We got issue as follows: EXT4-fs error (device loop0) in ext4_reserve_inode_write:5741: Out of memory EXT4-fs error (device loop0): ext4_setattr:5462: inode #13: | ||
| CVE-2022-49349 | — | < 5.3.18-150300.59.201.1 | 5.3.18-150300.59.201.1 | Feb 26, 2025 | In the Linux kernel, the following vulnerability has been resolved: ext4: fix use-after-free in ext4_rename_dir_prepare We got issue as follows: EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue ext4_get_first_dir_block: bh->b_data=0xffff88810bee6000 l | ||
| CVE-2022-49347 | — | < 5.3.18-150300.59.201.1 | 5.3.18-150300.59.201.1 | Feb 26, 2025 | In the Linux kernel, the following vulnerability has been resolved: ext4: fix bug_on in ext4_writepages we got issue as follows: EXT4-fs error (device loop0): ext4_mb_generate_buddy:1141: group 0, block bitmap and bg descriptor inconsistent: 25 vs 31513 free cls ------------[ c | ||
| CVE-2022-49343 | — | < 5.3.18-150300.59.201.1 | 5.3.18-150300.59.201.1 | Feb 26, 2025 | In the Linux kernel, the following vulnerability has been resolved: ext4: avoid cycles in directory h-tree A maliciously corrupted filesystem can contain cycles in the h-tree stored inside a directory. That can easily lead to the kernel corrupting tree nodes that were already v | ||
| CVE-2022-49335 | — | < 5.3.18-150300.59.201.1 | 5.3.18-150300.59.201.1 | Feb 26, 2025 | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/cs: make commands with 0 chunks illegal behaviour. Submitting a cs with 0 chunks, causes an oops later, found trying to execute the wrong userspace driver. MESA_LOADER_DRIVER_OVERRIDE=v3d glxinfo [ | ||
| CVE-2022-49332 | — | < 5.3.18-150300.59.201.1 | 5.3.18-150300.59.201.1 | Feb 26, 2025 | In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Address NULL pointer dereference after starget_to_rport() Calls to starget_to_rport() may return NULL. Add check for NULL rport before dereference. | ||
| CVE-2022-49331 | — | < 5.3.18-150300.59.201.1 | 5.3.18-150300.59.201.1 | Feb 26, 2025 | In the Linux kernel, the following vulnerability has been resolved: nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling Error paths do not free previously allocated memory. Add devm_kfree() to those failure paths. |
- CVE-2022-49398Feb 26, 2025affected < 5.3.18-150300.59.201.1fixed 5.3.18-150300.59.201.1
In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: gadget: Replace list_for_each_entry_safe() if using giveback The list_for_each_entry_safe() macro saves the current item (n) and the item after (n+1), so that n can be safely removed without corrupti
- CVE-2022-49397Feb 26, 2025affected < 5.3.18-150300.59.201.1fixed 5.3.18-150300.59.201.1
In the Linux kernel, the following vulnerability has been resolved: phy: qcom-qmp: fix struct clk leak on probe errors Make sure to release the pipe clock reference in case of a late probe error (e.g. probe deferral).
- CVE-2022-49396Feb 26, 2025affected < 5.3.18-150300.59.201.1fixed 5.3.18-150300.59.201.1
In the Linux kernel, the following vulnerability has been resolved: phy: qcom-qmp: fix reset-controller leak on probe errors Make sure to release the lane reset controller in case of a late probe error (e.g. probe deferral). Note that due to the reset controller being defined
- CVE-2022-49394Feb 26, 2025affected < 5.3.18-150300.59.201.1fixed 5.3.18-150300.59.201.1
In the Linux kernel, the following vulnerability has been resolved: blk-iolatency: Fix inflight count imbalances and IO hangs on offline iolatency needs to track the number of inflight IOs per cgroup. As this tracking can be expensive, it is disabled when no cgroup has iolatenc
- CVE-2022-49389Feb 26, 2025affected < 5.3.18-150300.59.201.1fixed 5.3.18-150300.59.201.1
In the Linux kernel, the following vulnerability has been resolved: usb: usbip: fix a refcount leak in stub_probe() usb_get_dev() is called in stub_device_alloc(). When stub_probe() fails after that, usb_put_dev() needs to be called to release the reference. Fix this by moving
- CVE-2022-49385Feb 26, 2025affected < 5.3.18-150300.59.201.1fixed 5.3.18-150300.59.201.1
In the Linux kernel, the following vulnerability has been resolved: driver: base: fix UAF when driver_attach failed When driver_attach(drv); failed, the driver_private will be freed. But it has been added to the bus, which caused a UAF. To fix it, we need to delete it from the
- CVE-2022-49382Feb 26, 2025affected < 5.3.18-150300.59.201.1fixed 5.3.18-150300.59.201.1
In the Linux kernel, the following vulnerability has been resolved: soc: rockchip: Fix refcount leak in rockchip_grf_init of_find_matching_node_and_match returns a node pointer with refcount incremented, we should use of_node_put() on it when done. Add missing of_node_put() to
- CVE-2022-49376Feb 26, 2025affected < 5.3.18-150300.59.201.1fixed 5.3.18-150300.59.201.1
In the Linux kernel, the following vulnerability has been resolved: scsi: sd: Fix potential NULL pointer dereference If sd_probe() sees an early error before sdkp->device is initialized, sd_zbc_release_disk() is called. This causes a NULL pointer dereference when sd_is_zoned()
- CVE-2022-49375Feb 26, 2025affected < 5.3.18-150300.59.201.1fixed 5.3.18-150300.59.201.1
In the Linux kernel, the following vulnerability has been resolved: rtc: mt6397: check return value after calling platform_get_resource() It will cause null-ptr-deref if platform_get_resource() returns NULL, we need check the return value.
- CVE-2022-49373Feb 26, 2025affected < 5.3.18-150300.59.201.1fixed 5.3.18-150300.59.201.1
In the Linux kernel, the following vulnerability has been resolved: watchdog: ts4800_wdt: Fix refcount leak in ts4800_wdt_probe of_parse_phandle() returns a node pointer with refcount incremented, we should use of_node_put() on it when done. Add missing of_node_put() in some e
- CVE-2022-49371Feb 26, 2025affected < 5.3.18-150300.59.201.1fixed 5.3.18-150300.59.201.1
In the Linux kernel, the following vulnerability has been resolved: driver core: fix deadlock in __device_attach In __device_attach function, The lock holding logic is as follows: ... __device_attach device_lock(dev) // get lock dev async_schedule_dev(__device_attach_asy
- CVE-2022-49370Feb 26, 2025affected < 5.3.18-150300.59.201.1fixed 5.3.18-150300.59.201.1
In the Linux kernel, the following vulnerability has been resolved: firmware: dmi-sysfs: Fix memory leak in dmi_sysfs_register_handle kobject_init_and_add() takes reference even when it fails. According to the doc of kobject_init_and_add() If this function returns an error,
- CVE-2022-49357Feb 26, 2025affected < 5.3.18-150300.59.201.1fixed 5.3.18-150300.59.201.1
In the Linux kernel, the following vulnerability has been resolved: efi: Do not import certificates from UEFI Secure Boot for T2 Macs On Apple T2 Macs, when Linux attempts to read the db and dbx efi variables at early boot to load UEFI Secure Boot certificates, a page fault occ
- CVE-2022-49352Feb 26, 2025affected < 5.3.18-150300.59.201.1fixed 5.3.18-150300.59.201.1
In the Linux kernel, the following vulnerability has been resolved: ext4: fix warning in ext4_handle_inode_extension We got issue as follows: EXT4-fs error (device loop0) in ext4_reserve_inode_write:5741: Out of memory EXT4-fs error (device loop0): ext4_setattr:5462: inode #13:
- CVE-2022-49349Feb 26, 2025affected < 5.3.18-150300.59.201.1fixed 5.3.18-150300.59.201.1
In the Linux kernel, the following vulnerability has been resolved: ext4: fix use-after-free in ext4_rename_dir_prepare We got issue as follows: EXT4-fs (loop0): mounted filesystem without journal. Opts: ,errors=continue ext4_get_first_dir_block: bh->b_data=0xffff88810bee6000 l
- CVE-2022-49347Feb 26, 2025affected < 5.3.18-150300.59.201.1fixed 5.3.18-150300.59.201.1
In the Linux kernel, the following vulnerability has been resolved: ext4: fix bug_on in ext4_writepages we got issue as follows: EXT4-fs error (device loop0): ext4_mb_generate_buddy:1141: group 0, block bitmap and bg descriptor inconsistent: 25 vs 31513 free cls ------------[ c
- CVE-2022-49343Feb 26, 2025affected < 5.3.18-150300.59.201.1fixed 5.3.18-150300.59.201.1
In the Linux kernel, the following vulnerability has been resolved: ext4: avoid cycles in directory h-tree A maliciously corrupted filesystem can contain cycles in the h-tree stored inside a directory. That can easily lead to the kernel corrupting tree nodes that were already v
- CVE-2022-49335Feb 26, 2025affected < 5.3.18-150300.59.201.1fixed 5.3.18-150300.59.201.1
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/cs: make commands with 0 chunks illegal behaviour. Submitting a cs with 0 chunks, causes an oops later, found trying to execute the wrong userspace driver. MESA_LOADER_DRIVER_OVERRIDE=v3d glxinfo [
- CVE-2022-49332Feb 26, 2025affected < 5.3.18-150300.59.201.1fixed 5.3.18-150300.59.201.1
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Address NULL pointer dereference after starget_to_rport() Calls to starget_to_rport() may return NULL. Add check for NULL rport before dereference.
- CVE-2022-49331Feb 26, 2025affected < 5.3.18-150300.59.201.1fixed 5.3.18-150300.59.201.1
In the Linux kernel, the following vulnerability has been resolved: nfc: st21nfca: fix memory leaks in EVT_TRANSACTION handling Error paths do not free previously allocated memory. Add devm_kfree() to those failure paths.
Page 23 of 75