rpm package
suse/kernel-docs&distro=SUSE Linux Enterprise Server 15 SP3-LTSS
pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSS
Vulnerabilities (1,483)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-26862 | — | < 5.3.18-150300.59.161.2 | 5.3.18-150300.59.161.2 | Apr 17, 2024 | In the Linux kernel, the following vulnerability has been resolved: packet: annotate data-races around ignore_outgoing ignore_outgoing is read locklessly from dev_queue_xmit_nit() and packet_getsockopt() Add appropriate READ_ONCE()/WRITE_ONCE() annotations. syzbot reported: | ||
| CVE-2024-26840 | — | < 5.3.18-150300.59.161.2 | 5.3.18-150300.59.161.2 | Apr 17, 2024 | In the Linux kernel, the following vulnerability has been resolved: cachefiles: fix memory leak in cachefiles_add_cache() The following memory leak was reported after unbinding /dev/cachefiles: ================================================================== unreferenced obj | ||
| CVE-2024-26828 | — | < 5.3.18-150300.59.164.1 | 5.3.18-150300.59.164.1 | Apr 17, 2024 | In the Linux kernel, the following vulnerability has been resolved: cifs: fix underflow in parse_server_interfaces() In this loop, we step through the buffer and after each item we check if the size_left is greater than the minimum size we need. However, the problem is that "b | ||
| CVE-2024-26822 | — | < 5.3.18-150300.59.167.1 | 5.3.18-150300.59.167.1 | Apr 17, 2024 | In the Linux kernel, the following vulnerability has been resolved: smb: client: set correct id, uid and cruid for multiuser automounts When uid, gid and cruid are not specified, we need to dynamically set them into the filesystem context used for automounting otherwise they'll | ||
| CVE-2021-47219 | — | < 5.3.18-150300.59.170.2 | 5.3.18-150300.59.170.2 | Apr 10, 2024 | In the Linux kernel, the following vulnerability has been resolved: scsi: scsi_debug: Fix out-of-bound read in resp_report_tgtpgs() The following issue was observed running syzkaller: BUG: KASAN: slab-out-of-bounds in memcpy include/linux/string.h:377 [inline] BUG: KASAN: slab | ||
| CVE-2021-47216 | — | < 5.3.18-150300.59.161.2 | 5.3.18-150300.59.161.2 | Apr 10, 2024 | In the Linux kernel, the following vulnerability has been resolved: scsi: advansys: Fix kernel pointer leak Pointers should be printed with %p or %px rather than cast to 'unsigned long' and printed with %lx. Change %lx to %p to print the hashed pointer. | ||
| CVE-2021-47212 | — | < 5.3.18-150300.59.161.2 | 5.3.18-150300.59.161.2 | Apr 10, 2024 | In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Update error handler for UCTX and UMEM In the fast unload flow, the device state is set to internal error, which indicates that the driver started the destroy process. In this case, when a destroy com | ||
| CVE-2021-47207 | — | < 5.3.18-150300.59.161.2 | 5.3.18-150300.59.161.2 | Apr 10, 2024 | In the Linux kernel, the following vulnerability has been resolved: ALSA: gus: fix null pointer dereference on pointer block The pointer block return from snd_gf1_dma_next_block could be null, so there is a potential null pointer dereference issue. Fix this by adding a null che | ||
| CVE-2021-47206 | — | < 5.3.18-150300.59.161.2 | 5.3.18-150300.59.161.2 | Apr 10, 2024 | In the Linux kernel, the following vulnerability has been resolved: usb: host: ohci-tmio: check return value after calling platform_get_resource() It will cause null-ptr-deref if platform_get_resource() returns NULL, we need check the return value. | ||
| CVE-2021-47203 | — | < 5.3.18-150300.59.161.2 | 5.3.18-150300.59.161.2 | Apr 10, 2024 | In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq() When parsing the txq list in lpfc_drain_txq(), the driver attempts to pass the requests to the adapter. If such an attempt fails, a local "fail_msg" str | ||
| CVE-2021-47202 | — | < 5.3.18-150300.59.161.2 | 5.3.18-150300.59.161.2 | Apr 10, 2024 | In the Linux kernel, the following vulnerability has been resolved: thermal: Fix NULL pointer dereferences in of_thermal_ functions of_parse_thermal_zones() parses the thermal-zones node and registers a thermal_zone device for each subnode. However, if a thermal zone is consumi | ||
| CVE-2021-47201 | — | < 5.3.18-150300.59.161.2 | 5.3.18-150300.59.161.2 | Apr 10, 2024 | In the Linux kernel, the following vulnerability has been resolved: iavf: free q_vectors before queues in iavf_disable_vf iavf_free_queues() clears adapter->num_active_queues, which iavf_free_q_vectors() relies on, so swap the order of these two function calls in iavf_disable_v | ||
| CVE-2021-47200 | — | < 5.3.18-150300.59.164.1 | 5.3.18-150300.59.164.1 | Apr 10, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/prime: Fix use after free in mmap with drm_gem_ttm_mmap drm_gem_ttm_mmap() drops a reference to the gem object on success. If the gem object's refcount == 1 on entry to drm_gem_prime_mmap(), that drop will | ||
| CVE-2021-47198 | — | < 5.3.18-150300.59.161.2 | 5.3.18-150300.59.161.2 | Apr 10, 2024 | In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix use-after-free in lpfc_unreg_rpi() routine An error is detected with the following report when unloading the driver: "KASAN: use-after-free in lpfc_unreg_rpi+0x1b1b" The NLP_REG_LOGIN_SEND nl | ||
| CVE-2021-47194 | — | < 5.3.18-150300.59.161.2 | 5.3.18-150300.59.161.2 | Apr 10, 2024 | In the Linux kernel, the following vulnerability has been resolved: cfg80211: call cfg80211_stop_ap when switch from P2P_GO type If the userspace tools switch from NL80211_IFTYPE_P2P_GO to NL80211_IFTYPE_ADHOC via send_msg(NL80211_CMD_SET_INTERFACE), it does not call the cleanu | ||
| CVE-2021-47192 | — | < 5.3.18-150300.59.164.1 | 5.3.18-150300.59.164.1 | Apr 10, 2024 | In the Linux kernel, the following vulnerability has been resolved: scsi: core: sysfs: Fix hang when device state is set via sysfs This fixes a regression added with: commit f0f82e2476f6 ("scsi: core: Fix capacity set to zero after offlinining device") The problem is that aft | ||
| CVE-2021-47189 | — | < 5.3.18-150300.59.158.1 | 5.3.18-150300.59.158.1 | Apr 10, 2024 | In the Linux kernel, the following vulnerability has been resolved: btrfs: fix memory ordering between normal and ordered work functions Ordered work functions aren't guaranteed to be handled by the same thread which executed the normal work functions. The only way execution be | ||
| CVE-2021-47185 | — | < 5.3.18-150300.59.158.1 | 5.3.18-150300.59.158.1 | Apr 10, 2024 | In the Linux kernel, the following vulnerability has been resolved: tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc When running ltp testcase(ltp/testcases/kernel/pty/pty04.c) with arm64, there is a soft lockup, which look like this one: Workqueue: events_unbound | ||
| CVE-2021-47184 | — | < 5.3.18-150300.59.161.2 | 5.3.18-150300.59.161.2 | Apr 10, 2024 | In the Linux kernel, the following vulnerability has been resolved: i40e: Fix NULL ptr dereference on VSI filter sync Remove the reason of null pointer dereference in sync VSI filters. Added new I40E_VSI_RELEASING flag to signalize deleting and releasing of VSI resources to syn | ||
| CVE-2021-47183 | — | < 5.3.18-150300.59.158.1 | 5.3.18-150300.59.158.1 | Apr 10, 2024 | In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix link down processing to address NULL pointer dereference If an FC link down transition while PLOGIs are outstanding to fabric well known addresses, outstanding ABTS requests may result in a NULL |
- CVE-2024-26862Apr 17, 2024affected < 5.3.18-150300.59.161.2fixed 5.3.18-150300.59.161.2
In the Linux kernel, the following vulnerability has been resolved: packet: annotate data-races around ignore_outgoing ignore_outgoing is read locklessly from dev_queue_xmit_nit() and packet_getsockopt() Add appropriate READ_ONCE()/WRITE_ONCE() annotations. syzbot reported:
- CVE-2024-26840Apr 17, 2024affected < 5.3.18-150300.59.161.2fixed 5.3.18-150300.59.161.2
In the Linux kernel, the following vulnerability has been resolved: cachefiles: fix memory leak in cachefiles_add_cache() The following memory leak was reported after unbinding /dev/cachefiles: ================================================================== unreferenced obj
- CVE-2024-26828Apr 17, 2024affected < 5.3.18-150300.59.164.1fixed 5.3.18-150300.59.164.1
In the Linux kernel, the following vulnerability has been resolved: cifs: fix underflow in parse_server_interfaces() In this loop, we step through the buffer and after each item we check if the size_left is greater than the minimum size we need. However, the problem is that "b
- CVE-2024-26822Apr 17, 2024affected < 5.3.18-150300.59.167.1fixed 5.3.18-150300.59.167.1
In the Linux kernel, the following vulnerability has been resolved: smb: client: set correct id, uid and cruid for multiuser automounts When uid, gid and cruid are not specified, we need to dynamically set them into the filesystem context used for automounting otherwise they'll
- CVE-2021-47219Apr 10, 2024affected < 5.3.18-150300.59.170.2fixed 5.3.18-150300.59.170.2
In the Linux kernel, the following vulnerability has been resolved: scsi: scsi_debug: Fix out-of-bound read in resp_report_tgtpgs() The following issue was observed running syzkaller: BUG: KASAN: slab-out-of-bounds in memcpy include/linux/string.h:377 [inline] BUG: KASAN: slab
- CVE-2021-47216Apr 10, 2024affected < 5.3.18-150300.59.161.2fixed 5.3.18-150300.59.161.2
In the Linux kernel, the following vulnerability has been resolved: scsi: advansys: Fix kernel pointer leak Pointers should be printed with %p or %px rather than cast to 'unsigned long' and printed with %lx. Change %lx to %p to print the hashed pointer.
- CVE-2021-47212Apr 10, 2024affected < 5.3.18-150300.59.161.2fixed 5.3.18-150300.59.161.2
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Update error handler for UCTX and UMEM In the fast unload flow, the device state is set to internal error, which indicates that the driver started the destroy process. In this case, when a destroy com
- CVE-2021-47207Apr 10, 2024affected < 5.3.18-150300.59.161.2fixed 5.3.18-150300.59.161.2
In the Linux kernel, the following vulnerability has been resolved: ALSA: gus: fix null pointer dereference on pointer block The pointer block return from snd_gf1_dma_next_block could be null, so there is a potential null pointer dereference issue. Fix this by adding a null che
- CVE-2021-47206Apr 10, 2024affected < 5.3.18-150300.59.161.2fixed 5.3.18-150300.59.161.2
In the Linux kernel, the following vulnerability has been resolved: usb: host: ohci-tmio: check return value after calling platform_get_resource() It will cause null-ptr-deref if platform_get_resource() returns NULL, we need check the return value.
- CVE-2021-47203Apr 10, 2024affected < 5.3.18-150300.59.161.2fixed 5.3.18-150300.59.161.2
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq() When parsing the txq list in lpfc_drain_txq(), the driver attempts to pass the requests to the adapter. If such an attempt fails, a local "fail_msg" str
- CVE-2021-47202Apr 10, 2024affected < 5.3.18-150300.59.161.2fixed 5.3.18-150300.59.161.2
In the Linux kernel, the following vulnerability has been resolved: thermal: Fix NULL pointer dereferences in of_thermal_ functions of_parse_thermal_zones() parses the thermal-zones node and registers a thermal_zone device for each subnode. However, if a thermal zone is consumi
- CVE-2021-47201Apr 10, 2024affected < 5.3.18-150300.59.161.2fixed 5.3.18-150300.59.161.2
In the Linux kernel, the following vulnerability has been resolved: iavf: free q_vectors before queues in iavf_disable_vf iavf_free_queues() clears adapter->num_active_queues, which iavf_free_q_vectors() relies on, so swap the order of these two function calls in iavf_disable_v
- CVE-2021-47200Apr 10, 2024affected < 5.3.18-150300.59.164.1fixed 5.3.18-150300.59.164.1
In the Linux kernel, the following vulnerability has been resolved: drm/prime: Fix use after free in mmap with drm_gem_ttm_mmap drm_gem_ttm_mmap() drops a reference to the gem object on success. If the gem object's refcount == 1 on entry to drm_gem_prime_mmap(), that drop will
- CVE-2021-47198Apr 10, 2024affected < 5.3.18-150300.59.161.2fixed 5.3.18-150300.59.161.2
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix use-after-free in lpfc_unreg_rpi() routine An error is detected with the following report when unloading the driver: "KASAN: use-after-free in lpfc_unreg_rpi+0x1b1b" The NLP_REG_LOGIN_SEND nl
- CVE-2021-47194Apr 10, 2024affected < 5.3.18-150300.59.161.2fixed 5.3.18-150300.59.161.2
In the Linux kernel, the following vulnerability has been resolved: cfg80211: call cfg80211_stop_ap when switch from P2P_GO type If the userspace tools switch from NL80211_IFTYPE_P2P_GO to NL80211_IFTYPE_ADHOC via send_msg(NL80211_CMD_SET_INTERFACE), it does not call the cleanu
- CVE-2021-47192Apr 10, 2024affected < 5.3.18-150300.59.164.1fixed 5.3.18-150300.59.164.1
In the Linux kernel, the following vulnerability has been resolved: scsi: core: sysfs: Fix hang when device state is set via sysfs This fixes a regression added with: commit f0f82e2476f6 ("scsi: core: Fix capacity set to zero after offlinining device") The problem is that aft
- CVE-2021-47189Apr 10, 2024affected < 5.3.18-150300.59.158.1fixed 5.3.18-150300.59.158.1
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix memory ordering between normal and ordered work functions Ordered work functions aren't guaranteed to be handled by the same thread which executed the normal work functions. The only way execution be
- CVE-2021-47185Apr 10, 2024affected < 5.3.18-150300.59.158.1fixed 5.3.18-150300.59.158.1
In the Linux kernel, the following vulnerability has been resolved: tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc When running ltp testcase(ltp/testcases/kernel/pty/pty04.c) with arm64, there is a soft lockup, which look like this one: Workqueue: events_unbound
- CVE-2021-47184Apr 10, 2024affected < 5.3.18-150300.59.161.2fixed 5.3.18-150300.59.161.2
In the Linux kernel, the following vulnerability has been resolved: i40e: Fix NULL ptr dereference on VSI filter sync Remove the reason of null pointer dereference in sync VSI filters. Added new I40E_VSI_RELEASING flag to signalize deleting and releasing of VSI resources to syn
- CVE-2021-47183Apr 10, 2024affected < 5.3.18-150300.59.158.1fixed 5.3.18-150300.59.158.1
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix link down processing to address NULL pointer dereference If an FC link down transition while PLOGIs are outstanding to fabric well known addresses, outstanding ABTS requests may result in a NULL
Page 51 of 75