rpm package

suse/kernel-docs&distro=SUSE Linux Enterprise Server for SAP Applications 15 SP3

pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3

Vulnerabilities (1,468)

CVE	CVSS	Affected versions	Fixed in	Published	Description
CVE-2023-52840	—	< 5.3.18-150300.59.164.1	5.3.18-150300.59.164.1	May 21, 2024	In the Linux kernel, the following vulnerability has been resolved: Input: synaptics-rmi4 - fix use after free in rmi_unregister_function() The put_device() calls rmi_release_function() which frees "fn" so the dereference on the next line "fn->num_of_irqs" is a use after free.
CVE-2023-52752	—	< 5.3.18-150300.59.167.1	5.3.18-150300.59.167.1	May 21, 2024	In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() Skip SMB sessions that are being teared down (e.g. @ses->ses_status == SES_EXITING) in cifs_debug_data_proc_show() to avoid use-after-free in @
CVE-2022-48710	—	< 5.3.18-150300.59.164.1	5.3.18-150300.59.164.1	May 21, 2024	In the Linux kernel, the following vulnerability has been resolved: drm/radeon: fix a possible null pointer dereference In radeon_fp_native_mode(), the return value of drm_mode_duplicate() is assigned to mode, which will lead to a NULL pointer dereference on failure of drm_mode
CVE-2023-52707	—	< 5.3.18-150300.59.167.1	5.3.18-150300.59.167.1	May 21, 2024	In the Linux kernel, the following vulnerability has been resolved: sched/psi: Fix use-after-free in ep_remove_wait_queue() If a non-root cgroup gets removed when there is a thread that registered trigger and is polling on a pressure file within the cgroup, the polling waitqueu
CVE-2021-47431	—	< 5.3.18-150300.59.164.1	5.3.18-150300.59.164.1	May 21, 2024	In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix gart.bo pin_count leak gmc_v{9,10}_0_gart_disable() isn't called matched with correspoding gart_enbale function in SRIOV case. This will lead to gart.bo pin_count leak on driver unload.
CVE-2021-47428	—	< 5.3.18-150300.59.164.1	5.3.18-150300.59.164.1	May 21, 2024	In the Linux kernel, the following vulnerability has been resolved: powerpc/64s: fix program check interrupt emergency stack path Emergency stack path was jumping into a 3: label inside the __GEN_COMMON_BODY macro for the normal path after it had finished, rather than jumping o
CVE-2021-47426	—	< 5.3.18-150300.59.164.1	5.3.18-150300.59.164.1	May 21, 2024	In the Linux kernel, the following vulnerability has been resolved: bpf, s390: Fix potential memory leak about jit_data Make sure to free jit_data through kfree() in the error path.
CVE-2021-47425	—	< 5.3.18-150300.59.164.1	5.3.18-150300.59.164.1	May 21, 2024	In the Linux kernel, the following vulnerability has been resolved: i2c: acpi: fix resource leak in reconfiguration device addition acpi_i2c_find_adapter_by_handle() calls bus_find_device() which takes a reference on the adapter which is never released which will result in a re
CVE-2021-47424	—	< 5.3.18-150300.59.164.1	5.3.18-150300.59.164.1	May 21, 2024	In the Linux kernel, the following vulnerability has been resolved: i40e: Fix freeing of uninitialized misc IRQ vector When VSI set up failed in i40e_probe() as part of PF switch set up driver was trying to free misc IRQ vectors in i40e_clear_interrupt_scheme and produced a ker
CVE-2021-47423	—	< 5.3.18-150300.59.164.1	5.3.18-150300.59.164.1	May 21, 2024	In the Linux kernel, the following vulnerability has been resolved: drm/nouveau/debugfs: fix file release memory leak When using single_open() for opening, single_release() should be called, otherwise the 'op' allocated in single_open() will be leaked.
CVE-2021-47422	—	< 5.3.18-150300.59.164.1	5.3.18-150300.59.164.1	May 21, 2024	In the Linux kernel, the following vulnerability has been resolved: drm/nouveau/kms/nv50-: fix file release memory leak When using single_open() for opening, single_release() should be called, otherwise the 'op' allocated in single_open() will be leaked.
CVE-2021-47416	—	< 5.3.18-150300.59.164.1	5.3.18-150300.59.164.1	May 21, 2024	In the Linux kernel, the following vulnerability has been resolved: phy: mdio: fix memory leak Syzbot reported memory leak in MDIO bus interface, the problem was in wrong state logic. MDIOBUS_ALLOCATED indicates 2 states: 1. Bus is only allocated 2. Bus allocated and __mdiob
CVE-2021-47413	—	< 5.3.18-150300.59.164.1	5.3.18-150300.59.164.1	May 21, 2024	In the Linux kernel, the following vulnerability has been resolved: usb: chipidea: ci_hdrc_imx: Also search for 'phys' phandle When passing 'phys' in the devicetree to describe the USB PHY phandle (which is the recommended way according to Documentation/devicetree/bindings/usb/
CVE-2021-47409	—	< 5.3.18-150300.59.164.1	5.3.18-150300.59.164.1	May 21, 2024	In the Linux kernel, the following vulnerability has been resolved: usb: dwc2: check return value after calling platform_get_resource() It will cause null-ptr-deref if platform_get_resource() returns NULL, we need check the return value.
CVE-2021-47405	—	< 5.3.18-150300.59.164.1	5.3.18-150300.59.164.1	May 21, 2024	In the Linux kernel, the following vulnerability has been resolved: HID: usbhid: free raw_report buffers in usbhid_stop Free the unsent raw_report buffers when the device is removed. Fixes a memory leak reported by syzbot at: https://syzkaller.appspot.com/bug?id=7b4fa7cb1a7c2d
CVE-2021-47404	—	< 5.3.18-150300.59.164.1	5.3.18-150300.59.164.1	May 21, 2024	In the Linux kernel, the following vulnerability has been resolved: HID: betop: fix slab-out-of-bounds Write in betop_probe Syzbot reported slab-out-of-bounds Write bug in hid-betopff driver. The problem is the driver assumes the device must have an input report but some malici
CVE-2021-47402	—	< 5.3.18-150300.59.164.1	5.3.18-150300.59.164.1	May 21, 2024	In the Linux kernel, the following vulnerability has been resolved: net: sched: flower: protect fl_walk() with rcu Patch that refactored fl_walk() to use idr_for_each_entry_continue_ul() also removed rcu protection of individual filters which causes following use-after-free whe
CVE-2021-47399	—	< 5.3.18-150300.59.164.1	5.3.18-150300.59.164.1	May 21, 2024	In the Linux kernel, the following vulnerability has been resolved: ixgbe: Fix NULL pointer dereference in ixgbe_xdp_setup The ixgbe driver currently generates a NULL pointer dereference with some machine (online cpus < 63). This is due to the fact that the maximum value of num
CVE-2021-47396	—	< 5.3.18-150300.59.164.1	5.3.18-150300.59.164.1	May 21, 2024	In the Linux kernel, the following vulnerability has been resolved: mac80211-hwsim: fix late beacon hrtimer handling Thomas explained in https://lore.kernel.org/r/87mtoeb4hb.ffs@tglx that our handling of the hrtimer here is wrong: If the timer fires late (e.g. due to vCPU sched
CVE-2021-47395	—	< 5.3.18-150300.59.164.1	5.3.18-150300.59.164.1	May 21, 2024	In the Linux kernel, the following vulnerability has been resolved: mac80211: limit injected vht mcs/nss in ieee80211_parse_tx_radiotap Limit max values for vht mcs and nss in ieee80211_parse_tx_radiotap routine in order to fix the following warning reported by syzbot: WARNING

CVE-2023-52840May 21, 2024
affected < 5.3.18-150300.59.164.1fixed 5.3.18-150300.59.164.1
In the Linux kernel, the following vulnerability has been resolved: Input: synaptics-rmi4 - fix use after free in rmi_unregister_function() The put_device() calls rmi_release_function() which frees "fn" so the dereference on the next line "fn->num_of_irqs" is a use after free.
CVE-2023-52752May 21, 2024
affected < 5.3.18-150300.59.167.1fixed 5.3.18-150300.59.167.1
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() Skip SMB sessions that are being teared down (e.g. @ses->ses_status == SES_EXITING) in cifs_debug_data_proc_show() to avoid use-after-free in @
CVE-2022-48710May 21, 2024
affected < 5.3.18-150300.59.164.1fixed 5.3.18-150300.59.164.1
In the Linux kernel, the following vulnerability has been resolved: drm/radeon: fix a possible null pointer dereference In radeon_fp_native_mode(), the return value of drm_mode_duplicate() is assigned to mode, which will lead to a NULL pointer dereference on failure of drm_mode
CVE-2023-52707May 21, 2024
affected < 5.3.18-150300.59.167.1fixed 5.3.18-150300.59.167.1
In the Linux kernel, the following vulnerability has been resolved: sched/psi: Fix use-after-free in ep_remove_wait_queue() If a non-root cgroup gets removed when there is a thread that registered trigger and is polling on a pressure file within the cgroup, the polling waitqueu
CVE-2021-47431May 21, 2024
affected < 5.3.18-150300.59.164.1fixed 5.3.18-150300.59.164.1
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix gart.bo pin_count leak gmc_v{9,10}_0_gart_disable() isn't called matched with correspoding gart_enbale function in SRIOV case. This will lead to gart.bo pin_count leak on driver unload.
CVE-2021-47428May 21, 2024
affected < 5.3.18-150300.59.164.1fixed 5.3.18-150300.59.164.1
In the Linux kernel, the following vulnerability has been resolved: powerpc/64s: fix program check interrupt emergency stack path Emergency stack path was jumping into a 3: label inside the __GEN_COMMON_BODY macro for the normal path after it had finished, rather than jumping o
CVE-2021-47426May 21, 2024
affected < 5.3.18-150300.59.164.1fixed 5.3.18-150300.59.164.1
In the Linux kernel, the following vulnerability has been resolved: bpf, s390: Fix potential memory leak about jit_data Make sure to free jit_data through kfree() in the error path.
CVE-2021-47425May 21, 2024
affected < 5.3.18-150300.59.164.1fixed 5.3.18-150300.59.164.1
In the Linux kernel, the following vulnerability has been resolved: i2c: acpi: fix resource leak in reconfiguration device addition acpi_i2c_find_adapter_by_handle() calls bus_find_device() which takes a reference on the adapter which is never released which will result in a re
CVE-2021-47424May 21, 2024
affected < 5.3.18-150300.59.164.1fixed 5.3.18-150300.59.164.1
In the Linux kernel, the following vulnerability has been resolved: i40e: Fix freeing of uninitialized misc IRQ vector When VSI set up failed in i40e_probe() as part of PF switch set up driver was trying to free misc IRQ vectors in i40e_clear_interrupt_scheme and produced a ker
CVE-2021-47423May 21, 2024
affected < 5.3.18-150300.59.164.1fixed 5.3.18-150300.59.164.1
In the Linux kernel, the following vulnerability has been resolved: drm/nouveau/debugfs: fix file release memory leak When using single_open() for opening, single_release() should be called, otherwise the 'op' allocated in single_open() will be leaked.
CVE-2021-47422May 21, 2024
affected < 5.3.18-150300.59.164.1fixed 5.3.18-150300.59.164.1
In the Linux kernel, the following vulnerability has been resolved: drm/nouveau/kms/nv50-: fix file release memory leak When using single_open() for opening, single_release() should be called, otherwise the 'op' allocated in single_open() will be leaked.
CVE-2021-47416May 21, 2024
affected < 5.3.18-150300.59.164.1fixed 5.3.18-150300.59.164.1
In the Linux kernel, the following vulnerability has been resolved: phy: mdio: fix memory leak Syzbot reported memory leak in MDIO bus interface, the problem was in wrong state logic. MDIOBUS_ALLOCATED indicates 2 states: 1. Bus is only allocated 2. Bus allocated and __mdiob
CVE-2021-47413May 21, 2024
affected < 5.3.18-150300.59.164.1fixed 5.3.18-150300.59.164.1
In the Linux kernel, the following vulnerability has been resolved: usb: chipidea: ci_hdrc_imx: Also search for 'phys' phandle When passing 'phys' in the devicetree to describe the USB PHY phandle (which is the recommended way according to Documentation/devicetree/bindings/usb/
CVE-2021-47409May 21, 2024
affected < 5.3.18-150300.59.164.1fixed 5.3.18-150300.59.164.1
In the Linux kernel, the following vulnerability has been resolved: usb: dwc2: check return value after calling platform_get_resource() It will cause null-ptr-deref if platform_get_resource() returns NULL, we need check the return value.
CVE-2021-47405May 21, 2024
affected < 5.3.18-150300.59.164.1fixed 5.3.18-150300.59.164.1
In the Linux kernel, the following vulnerability has been resolved: HID: usbhid: free raw_report buffers in usbhid_stop Free the unsent raw_report buffers when the device is removed. Fixes a memory leak reported by syzbot at: https://syzkaller.appspot.com/bug?id=7b4fa7cb1a7c2d
CVE-2021-47404May 21, 2024
affected < 5.3.18-150300.59.164.1fixed 5.3.18-150300.59.164.1
In the Linux kernel, the following vulnerability has been resolved: HID: betop: fix slab-out-of-bounds Write in betop_probe Syzbot reported slab-out-of-bounds Write bug in hid-betopff driver. The problem is the driver assumes the device must have an input report but some malici
CVE-2021-47402May 21, 2024
affected < 5.3.18-150300.59.164.1fixed 5.3.18-150300.59.164.1
In the Linux kernel, the following vulnerability has been resolved: net: sched: flower: protect fl_walk() with rcu Patch that refactored fl_walk() to use idr_for_each_entry_continue_ul() also removed rcu protection of individual filters which causes following use-after-free whe
CVE-2021-47399May 21, 2024
affected < 5.3.18-150300.59.164.1fixed 5.3.18-150300.59.164.1
In the Linux kernel, the following vulnerability has been resolved: ixgbe: Fix NULL pointer dereference in ixgbe_xdp_setup The ixgbe driver currently generates a NULL pointer dereference with some machine (online cpus < 63). This is due to the fact that the maximum value of num
CVE-2021-47396May 21, 2024
affected < 5.3.18-150300.59.164.1fixed 5.3.18-150300.59.164.1
In the Linux kernel, the following vulnerability has been resolved: mac80211-hwsim: fix late beacon hrtimer handling Thomas explained in https://lore.kernel.org/r/87mtoeb4hb.ffs@tglx that our handling of the hrtimer here is wrong: If the timer fires late (e.g. due to vCPU sched
CVE-2021-47395May 21, 2024
affected < 5.3.18-150300.59.164.1fixed 5.3.18-150300.59.164.1
In the Linux kernel, the following vulnerability has been resolved: mac80211: limit injected vht mcs/nss in ieee80211_parse_tx_radiotap Limit max values for vht mcs and nss in ieee80211_parse_tx_radiotap routine in order to fix the following warning reported by syzbot: WARNING

Page 43 of 74