rpm package
suse/kernel-docs&distro=SUSE Linux Enterprise Server 15 SP4-LTSS
pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP4-LTSS
Vulnerabilities (2,830)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-48797 | — | < 5.14.21-150400.24.128.1 | 5.14.21-150400.24.128.1 | Jul 16, 2024 | In the Linux kernel, the following vulnerability has been resolved: mm: don't try to NUMA-migrate COW pages that have other uses Oded Gabbay reports that enabling NUMA balancing causes corruption with his Gaudi accelerator test load: "All the details are in the bug, but the b | ||
| CVE-2022-48796 | — | < 5.14.21-150400.24.128.1 | 5.14.21-150400.24.128.1 | Jul 16, 2024 | In the Linux kernel, the following vulnerability has been resolved: iommu: Fix potential use-after-free during probe Kasan has reported the following use after free on dev->iommu. when a device probe fails and it is in process of freeing dev->iommu in dev_iommu_free function, a | ||
| CVE-2022-48794 | — | < 5.14.21-150400.24.128.1 | 5.14.21-150400.24.128.1 | Jul 16, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: ieee802154: at86rf230: Stop leaking skb's Upon error the ieee802154_xmit_complete() helper is not called. Only ieee802154_wake_queue() is called manually. In the Tx case we then leak the skb structure. Fr | ||
| CVE-2022-48793 | — | < 5.14.21-150400.24.128.1 | 5.14.21-150400.24.128.1 | Jul 16, 2024 | In the Linux kernel, the following vulnerability has been resolved: KVM: x86: nSVM: fix potential NULL derefernce on nested migration Turns out that due to review feedback and/or rebases I accidentally moved the call to nested_svm_load_cr3 to be too early, before the NPT is ena | ||
| CVE-2022-48792 | — | < 5.14.21-150400.24.128.1 | 5.14.21-150400.24.128.1 | Jul 16, 2024 | In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fix use-after-free for aborted SSP/STP sas_task Currently a use-after-free may occur if a sas_task is aborted by the upper layer before we handle the I/O completion in mpi_ssp_completion() or mpi_ | ||
| CVE-2022-48791 | — | < 5.14.21-150400.24.128.1 | 5.14.21-150400.24.128.1 | Jul 16, 2024 | In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fix use-after-free for aborted TMF sas_task Currently a use-after-free may occur if a TMF sas_task is aborted before we handle the IO completion in mpi_ssp_completion(). The abort occurs due to ti | ||
| CVE-2022-48790 | — | < 5.14.21-150400.24.128.1 | 5.14.21-150400.24.128.1 | Jul 16, 2024 | In the Linux kernel, the following vulnerability has been resolved: nvme: fix a possible use-after-free in controller reset during load Unlike .queue_rq, in .submit_async_event drivers may not check the ctrl readiness for AER submission. This may lead to a use-after-free condit | ||
| CVE-2022-48789 | — | < 5.14.21-150400.24.128.1 | 5.14.21-150400.24.128.1 | Jul 16, 2024 | In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: fix possible use-after-free in transport error_recovery work While nvme_tcp_submit_async_event_work is checking the ctrl and queue state before preparing the AER command and scheduling io_work, in ord | ||
| CVE-2022-48788 | — | < 5.14.21-150400.24.128.1 | 5.14.21-150400.24.128.1 | Jul 16, 2024 | In the Linux kernel, the following vulnerability has been resolved: nvme-rdma: fix possible use-after-free in transport error_recovery work While nvme_rdma_submit_async_event_work is checking the ctrl and queue state before preparing the AER command and scheduling io_work, in o | ||
| CVE-2022-48787 | — | < 5.14.21-150400.24.128.1 | 5.14.21-150400.24.128.1 | Jul 16, 2024 | In the Linux kernel, the following vulnerability has been resolved: iwlwifi: fix use-after-free If no firmware was present at all (or, presumably, all of the firmware files failed to parse), we end up unbinding by calling device_release_driver(), which calls remove(), which the | ||
| CVE-2022-48786 | — | < 5.14.21-150400.24.128.1 | 5.14.21-150400.24.128.1 | Jul 16, 2024 | In the Linux kernel, the following vulnerability has been resolved: vsock: remove vsock from connected table when connect is interrupted by a signal vsock_connect() expects that the socket could already be in the TCP_ESTABLISHED state when the connecting task wakes up with a si | ||
| CVE-2021-47624 | — | < 5.14.21-150400.24.128.1 | 5.14.21-150400.24.128.1 | Jul 16, 2024 | In the Linux kernel, the following vulnerability has been resolved: net/sunrpc: fix reference count leaks in rpc_sysfs_xprt_state_change The refcount leak issues take place in an error handling path. When the 3rd argument buf doesn't match with "offline", "online" or "remove", | ||
| CVE-2021-47622 | — | < 5.14.21-150400.24.128.1 | 5.14.21-150400.24.128.1 | Jul 16, 2024 | In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: Fix a deadlock in the error handler The following deadlock has been observed on a test setup: - All tags allocated - The SCSI error handler calls ufshcd_eh_host_reset_handler() - ufshcd_eh_host | ||
| CVE-2022-48784 | — | < 5.14.21-150400.24.128.1 | 5.14.21-150400.24.128.1 | Jul 16, 2024 | In the Linux kernel, the following vulnerability has been resolved: cfg80211: fix race in netlink owner interface destruction My previous fix here to fix the deadlock left a race where the exact same deadlock (see the original commit referenced below) can still happen if cfg802 | ||
| CVE-2022-48783 | — | < 5.14.21-150400.24.128.1 | 5.14.21-150400.24.128.1 | Jul 16, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: dsa: lantiq_gswip: fix use after free in gswip_remove() of_node_put(priv->ds->slave_mii_bus->dev.of_node) should be done before mdiobus_free(priv->ds->slave_mii_bus). | ||
| CVE-2022-48780 | — | < 5.14.21-150400.24.128.1 | 5.14.21-150400.24.128.1 | Jul 16, 2024 | In the Linux kernel, the following vulnerability has been resolved: net/smc: Avoid overwriting the copies of clcsock callback functions The callback functions of clcsock will be saved and replaced during the fallback. But if the fallback happens more than once, then the copies | ||
| CVE-2022-48778 | — | < 5.14.21-150400.24.128.1 | 5.14.21-150400.24.128.1 | Jul 16, 2024 | In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: gpmi: don't leak PM reference in error path If gpmi_nfc_apply_timings() fails, the PM runtime usage counter must be dropped. | ||
| CVE-2022-48777 | — | < 5.14.21-150400.24.128.1 | 5.14.21-150400.24.128.1 | Jul 16, 2024 | In the Linux kernel, the following vulnerability has been resolved: mtd: parsers: qcom: Fix kernel panic on skipped partition In the event of a skipped partition (case when the entry name is empty) the kernel panics in the cleanup function as the name entry is NULL. Rework the | ||
| CVE-2022-48776 | — | < 5.14.21-150400.24.128.1 | 5.14.21-150400.24.128.1 | Jul 16, 2024 | In the Linux kernel, the following vulnerability has been resolved: mtd: parsers: qcom: Fix missing free for pparts in cleanup Mtdpart doesn't free pparts when a cleanup function is declared. Add missing free for pparts in cleanup function for smem to fix the leak. | ||
| CVE-2022-48775 | — | < 5.14.21-150400.24.128.1 | 5.14.21-150400.24.128.1 | Jul 16, 2024 | In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Fix memory leak in vmbus_add_channel_kobj kobject_init_and_add() takes reference even when it fails. According to the doc of kobject_init_and_add(): If this function returns an error, ko |
- CVE-2022-48797Jul 16, 2024affected < 5.14.21-150400.24.128.1fixed 5.14.21-150400.24.128.1
In the Linux kernel, the following vulnerability has been resolved: mm: don't try to NUMA-migrate COW pages that have other uses Oded Gabbay reports that enabling NUMA balancing causes corruption with his Gaudi accelerator test load: "All the details are in the bug, but the b
- CVE-2022-48796Jul 16, 2024affected < 5.14.21-150400.24.128.1fixed 5.14.21-150400.24.128.1
In the Linux kernel, the following vulnerability has been resolved: iommu: Fix potential use-after-free during probe Kasan has reported the following use after free on dev->iommu. when a device probe fails and it is in process of freeing dev->iommu in dev_iommu_free function, a
- CVE-2022-48794Jul 16, 2024affected < 5.14.21-150400.24.128.1fixed 5.14.21-150400.24.128.1
In the Linux kernel, the following vulnerability has been resolved: net: ieee802154: at86rf230: Stop leaking skb's Upon error the ieee802154_xmit_complete() helper is not called. Only ieee802154_wake_queue() is called manually. In the Tx case we then leak the skb structure. Fr
- CVE-2022-48793Jul 16, 2024affected < 5.14.21-150400.24.128.1fixed 5.14.21-150400.24.128.1
In the Linux kernel, the following vulnerability has been resolved: KVM: x86: nSVM: fix potential NULL derefernce on nested migration Turns out that due to review feedback and/or rebases I accidentally moved the call to nested_svm_load_cr3 to be too early, before the NPT is ena
- CVE-2022-48792Jul 16, 2024affected < 5.14.21-150400.24.128.1fixed 5.14.21-150400.24.128.1
In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fix use-after-free for aborted SSP/STP sas_task Currently a use-after-free may occur if a sas_task is aborted by the upper layer before we handle the I/O completion in mpi_ssp_completion() or mpi_
- CVE-2022-48791Jul 16, 2024affected < 5.14.21-150400.24.128.1fixed 5.14.21-150400.24.128.1
In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fix use-after-free for aborted TMF sas_task Currently a use-after-free may occur if a TMF sas_task is aborted before we handle the IO completion in mpi_ssp_completion(). The abort occurs due to ti
- CVE-2022-48790Jul 16, 2024affected < 5.14.21-150400.24.128.1fixed 5.14.21-150400.24.128.1
In the Linux kernel, the following vulnerability has been resolved: nvme: fix a possible use-after-free in controller reset during load Unlike .queue_rq, in .submit_async_event drivers may not check the ctrl readiness for AER submission. This may lead to a use-after-free condit
- CVE-2022-48789Jul 16, 2024affected < 5.14.21-150400.24.128.1fixed 5.14.21-150400.24.128.1
In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: fix possible use-after-free in transport error_recovery work While nvme_tcp_submit_async_event_work is checking the ctrl and queue state before preparing the AER command and scheduling io_work, in ord
- CVE-2022-48788Jul 16, 2024affected < 5.14.21-150400.24.128.1fixed 5.14.21-150400.24.128.1
In the Linux kernel, the following vulnerability has been resolved: nvme-rdma: fix possible use-after-free in transport error_recovery work While nvme_rdma_submit_async_event_work is checking the ctrl and queue state before preparing the AER command and scheduling io_work, in o
- CVE-2022-48787Jul 16, 2024affected < 5.14.21-150400.24.128.1fixed 5.14.21-150400.24.128.1
In the Linux kernel, the following vulnerability has been resolved: iwlwifi: fix use-after-free If no firmware was present at all (or, presumably, all of the firmware files failed to parse), we end up unbinding by calling device_release_driver(), which calls remove(), which the
- CVE-2022-48786Jul 16, 2024affected < 5.14.21-150400.24.128.1fixed 5.14.21-150400.24.128.1
In the Linux kernel, the following vulnerability has been resolved: vsock: remove vsock from connected table when connect is interrupted by a signal vsock_connect() expects that the socket could already be in the TCP_ESTABLISHED state when the connecting task wakes up with a si
- CVE-2021-47624Jul 16, 2024affected < 5.14.21-150400.24.128.1fixed 5.14.21-150400.24.128.1
In the Linux kernel, the following vulnerability has been resolved: net/sunrpc: fix reference count leaks in rpc_sysfs_xprt_state_change The refcount leak issues take place in an error handling path. When the 3rd argument buf doesn't match with "offline", "online" or "remove",
- CVE-2021-47622Jul 16, 2024affected < 5.14.21-150400.24.128.1fixed 5.14.21-150400.24.128.1
In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: Fix a deadlock in the error handler The following deadlock has been observed on a test setup: - All tags allocated - The SCSI error handler calls ufshcd_eh_host_reset_handler() - ufshcd_eh_host
- CVE-2022-48784Jul 16, 2024affected < 5.14.21-150400.24.128.1fixed 5.14.21-150400.24.128.1
In the Linux kernel, the following vulnerability has been resolved: cfg80211: fix race in netlink owner interface destruction My previous fix here to fix the deadlock left a race where the exact same deadlock (see the original commit referenced below) can still happen if cfg802
- CVE-2022-48783Jul 16, 2024affected < 5.14.21-150400.24.128.1fixed 5.14.21-150400.24.128.1
In the Linux kernel, the following vulnerability has been resolved: net: dsa: lantiq_gswip: fix use after free in gswip_remove() of_node_put(priv->ds->slave_mii_bus->dev.of_node) should be done before mdiobus_free(priv->ds->slave_mii_bus).
- CVE-2022-48780Jul 16, 2024affected < 5.14.21-150400.24.128.1fixed 5.14.21-150400.24.128.1
In the Linux kernel, the following vulnerability has been resolved: net/smc: Avoid overwriting the copies of clcsock callback functions The callback functions of clcsock will be saved and replaced during the fallback. But if the fallback happens more than once, then the copies
- CVE-2022-48778Jul 16, 2024affected < 5.14.21-150400.24.128.1fixed 5.14.21-150400.24.128.1
In the Linux kernel, the following vulnerability has been resolved: mtd: rawnand: gpmi: don't leak PM reference in error path If gpmi_nfc_apply_timings() fails, the PM runtime usage counter must be dropped.
- CVE-2022-48777Jul 16, 2024affected < 5.14.21-150400.24.128.1fixed 5.14.21-150400.24.128.1
In the Linux kernel, the following vulnerability has been resolved: mtd: parsers: qcom: Fix kernel panic on skipped partition In the event of a skipped partition (case when the entry name is empty) the kernel panics in the cleanup function as the name entry is NULL. Rework the
- CVE-2022-48776Jul 16, 2024affected < 5.14.21-150400.24.128.1fixed 5.14.21-150400.24.128.1
In the Linux kernel, the following vulnerability has been resolved: mtd: parsers: qcom: Fix missing free for pparts in cleanup Mtdpart doesn't free pparts when a cleanup function is declared. Add missing free for pparts in cleanup function for smem to fix the leak.
- CVE-2022-48775Jul 16, 2024affected < 5.14.21-150400.24.128.1fixed 5.14.21-150400.24.128.1
In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Fix memory leak in vmbus_add_channel_kobj kobject_init_and_add() takes reference even when it fails. According to the doc of kobject_init_and_add(): If this function returns an error, ko
Page 105 of 142