rpm package
suse/kernel-docs&distro=SUSE Linux Enterprise Server for SAP Applications 15 SP4
pkg:rpm/suse/kernel-docs&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4
Vulnerabilities (2,843)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-47091 | — | < 5.14.21-150400.24.116.1 | 5.14.21-150400.24.116.1 | Mar 4, 2024 | In the Linux kernel, the following vulnerability has been resolved: mac80211: fix locking in ieee80211_start_ap error path We need to hold the local->mtx to release the channel context, as even encoded by the lockdep_assert_held() there. Fix it. | ||
| CVE-2021-47087 | — | < 5.14.21-150400.24.116.1 | 5.14.21-150400.24.116.1 | Mar 4, 2024 | In the Linux kernel, the following vulnerability has been resolved: tee: optee: Fix incorrect page free bug Pointer to the allocated pages (struct page *page) has already progressed towards the end of allocation. It is incorrect to perform __free_pages(page, order) using this p | ||
| CVE-2021-47083 | — | < 5.14.21-150400.24.111.2 | 5.14.21-150400.24.111.2 | Mar 4, 2024 | In the Linux kernel, the following vulnerability has been resolved: pinctrl: mediatek: fix global-out-of-bounds issue When eint virtual eint number is greater than gpio number, it maybe produce 'desc[eint_n]' size globle-out-of-bounds issue. | ||
| CVE-2021-47082 | — | < 5.14.21-150400.24.116.1 | 5.14.21-150400.24.116.1 | Mar 4, 2024 | In the Linux kernel, the following vulnerability has been resolved: tun: avoid double free in tun_free_netdev Avoid double free in tun_free_netdev() by moving the dev->tstats and tun->security allocs to a new ndo_init routine (tun_net_init()) that will be called by register_net | ||
| CVE-2024-26622 | — | < 5.14.21-150400.24.111.2 | 5.14.21-150400.24.111.2 | Mar 4, 2024 | In the Linux kernel, the following vulnerability has been resolved: tomoyo: fix UAF write bug in tomoyo_write_control() Since tomoyo_write_control() updates head->write_buf when write() of long lines is requested, we need to fetch head->write_buf after head->io_sem is held. Ot | ||
| CVE-2023-52582 | — | < 5.14.21-150400.24.116.1 | 5.14.21-150400.24.116.1 | Mar 2, 2024 | In the Linux kernel, the following vulnerability has been resolved: netfs: Only call folio_start_fscache() one time for each folio If a network filesystem using netfs implements a clamp_length() function, it can set subrequest lengths smaller than a page size. When we loop thr | ||
| CVE-2023-52576 | — | < 5.14.21-150400.24.116.1 | 5.14.21-150400.24.116.1 | Mar 2, 2024 | In the Linux kernel, the following vulnerability has been resolved: x86/mm, kexec, ima: Use memblock_free_late() from ima_free_kexec_buffer() The code calling ima_free_kexec_buffer() runs long after the memblock allocator has already been torn down, potentially resulting in a u | ||
| CVE-2023-52574 | — | < 5.14.21-150400.24.116.1 | 5.14.21-150400.24.116.1 | Mar 2, 2024 | In the Linux kernel, the following vulnerability has been resolved: team: fix null-ptr-deref when team device type is changed Get a null-ptr-deref bug as follows with reproducer [1]. BUG: kernel NULL pointer dereference, address: 0000000000000228 ... RIP: 0010:vlan_dev_hard_he | ||
| CVE-2023-52572 | — | < 5.14.21-150400.24.153.1 | 5.14.21-150400.24.153.1 | Mar 2, 2024 | In the Linux kernel, the following vulnerability has been resolved: cifs: Fix UAF in cifs_demultiplex_thread() There is a UAF when xfstests on cifs: BUG: KASAN: use-after-free in smb2_is_network_name_deleted+0x27/0x160 Read of size 4 at addr ffff88810103fc08 by task cifsd/ | ||
| CVE-2023-52569 | — | < 5.14.21-150400.24.116.1 | 5.14.21-150400.24.116.1 | Mar 2, 2024 | In the Linux kernel, the following vulnerability has been resolved: btrfs: remove BUG() after failure to insert delayed dir index item Instead of calling BUG() when we fail to insert a delayed dir index item into the delayed node's tree, we can just release all the resources we | ||
| CVE-2023-52567 | — | < 5.14.21-150400.24.116.1 | 5.14.21-150400.24.116.1 | Mar 2, 2024 | In the Linux kernel, the following vulnerability has been resolved: serial: 8250_port: Check IRQ data before use In case the leaf driver wants to use IRQ polling (irq = 0) and IIR register shows that an interrupt happened in the 8250 hardware the IRQ data can be NULL. In such a | ||
| CVE-2023-52566 | — | < 5.14.21-150400.24.116.1 | 5.14.21-150400.24.116.1 | Mar 2, 2024 | In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential use after free in nilfs_gccache_submit_read_data() In nilfs_gccache_submit_read_data(), brelse(bh) is called to drop the reference count of bh when the call to nilfs_dat_translate() fails. | ||
| CVE-2023-52564 | — | < 5.14.21-150400.24.116.1 | 5.14.21-150400.24.116.1 | Mar 2, 2024 | In the Linux kernel, the following vulnerability has been resolved: Revert "tty: n_gsm: fix UAF in gsm_cleanup_mux" This reverts commit 9b9c8195f3f0d74a826077fc1c01b9ee74907239. The commit above is reverted as it did not solve the original issue. gsm_cleanup_mux() tries to fr | ||
| CVE-2023-52559 | — | < 5.14.21-150400.24.111.2 | 5.14.21-150400.24.111.2 | Mar 2, 2024 | In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Avoid memory allocation in iommu_suspend() The iommu_suspend() syscore suspend callback is invoked with IRQ disabled. Allocating memory with the GFP_KERNEL flag may re-enable IRQs during the suspend | ||
| CVE-2023-52532 | — | < 5.14.21-150400.24.116.1 | 5.14.21-150400.24.116.1 | Mar 2, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: mana: Fix TX CQE error handling For an unknown TX CQE error type (probably from a newer hardware), still free the SKB, update the queue tail, etc., otherwise the accounting will be wrong. Also, TX errors | ||
| CVE-2023-52531 | — | < 5.14.21-150400.24.111.2 | 5.14.21-150400.24.111.2 | Mar 2, 2024 | In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: Fix a memory corruption issue A few lines above, space is kzalloc()'ed for: sizeof(struct iwl_nvm_data) + sizeof(struct ieee80211_channel) + sizeof(struct ieee80211_rate) 'mvm->nvm_data' | ||
| CVE-2023-52530 | — | < 5.14.21-150400.24.111.2 | 5.14.21-150400.24.111.2 | Mar 2, 2024 | In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix potential key use-after-free When ieee80211_key_link() is called by ieee80211_gtk_rekey_add() but returns 0 due to KRACK protection (identical key reinstall), ieee80211_gtk_rekey_add() will | ||
| CVE-2023-52529 | — | < 5.14.21-150400.24.116.1 | 5.14.21-150400.24.116.1 | Mar 2, 2024 | In the Linux kernel, the following vulnerability has been resolved: HID: sony: Fix a potential memory leak in sony_probe() If an error occurs after a successful usb_alloc_urb() call, usb_free_urb() should be called. | ||
| CVE-2023-52528 | — | < 5.14.21-150400.24.116.1 | 5.14.21-150400.24.116.1 | Mar 2, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg syzbot reported the following uninit-value access issue: ===================================================== BUG: KMSAN: uninit-value in sms | ||
| CVE-2023-52525 | — | < 5.14.21-150400.24.116.1 | 5.14.21-150400.24.116.1 | Mar 2, 2024 | In the Linux kernel, the following vulnerability has been resolved: wifi: mwifiex: Fix oob check condition in mwifiex_process_rx_packet Only skip the code path trying to access the rfc1042 headers when the buffer is too small, so the driver can still process packets without rfc |
- CVE-2021-47091Mar 4, 2024affected < 5.14.21-150400.24.116.1fixed 5.14.21-150400.24.116.1
In the Linux kernel, the following vulnerability has been resolved: mac80211: fix locking in ieee80211_start_ap error path We need to hold the local->mtx to release the channel context, as even encoded by the lockdep_assert_held() there. Fix it.
- CVE-2021-47087Mar 4, 2024affected < 5.14.21-150400.24.116.1fixed 5.14.21-150400.24.116.1
In the Linux kernel, the following vulnerability has been resolved: tee: optee: Fix incorrect page free bug Pointer to the allocated pages (struct page *page) has already progressed towards the end of allocation. It is incorrect to perform __free_pages(page, order) using this p
- CVE-2021-47083Mar 4, 2024affected < 5.14.21-150400.24.111.2fixed 5.14.21-150400.24.111.2
In the Linux kernel, the following vulnerability has been resolved: pinctrl: mediatek: fix global-out-of-bounds issue When eint virtual eint number is greater than gpio number, it maybe produce 'desc[eint_n]' size globle-out-of-bounds issue.
- CVE-2021-47082Mar 4, 2024affected < 5.14.21-150400.24.116.1fixed 5.14.21-150400.24.116.1
In the Linux kernel, the following vulnerability has been resolved: tun: avoid double free in tun_free_netdev Avoid double free in tun_free_netdev() by moving the dev->tstats and tun->security allocs to a new ndo_init routine (tun_net_init()) that will be called by register_net
- CVE-2024-26622Mar 4, 2024affected < 5.14.21-150400.24.111.2fixed 5.14.21-150400.24.111.2
In the Linux kernel, the following vulnerability has been resolved: tomoyo: fix UAF write bug in tomoyo_write_control() Since tomoyo_write_control() updates head->write_buf when write() of long lines is requested, we need to fetch head->write_buf after head->io_sem is held. Ot
- CVE-2023-52582Mar 2, 2024affected < 5.14.21-150400.24.116.1fixed 5.14.21-150400.24.116.1
In the Linux kernel, the following vulnerability has been resolved: netfs: Only call folio_start_fscache() one time for each folio If a network filesystem using netfs implements a clamp_length() function, it can set subrequest lengths smaller than a page size. When we loop thr
- CVE-2023-52576Mar 2, 2024affected < 5.14.21-150400.24.116.1fixed 5.14.21-150400.24.116.1
In the Linux kernel, the following vulnerability has been resolved: x86/mm, kexec, ima: Use memblock_free_late() from ima_free_kexec_buffer() The code calling ima_free_kexec_buffer() runs long after the memblock allocator has already been torn down, potentially resulting in a u
- CVE-2023-52574Mar 2, 2024affected < 5.14.21-150400.24.116.1fixed 5.14.21-150400.24.116.1
In the Linux kernel, the following vulnerability has been resolved: team: fix null-ptr-deref when team device type is changed Get a null-ptr-deref bug as follows with reproducer [1]. BUG: kernel NULL pointer dereference, address: 0000000000000228 ... RIP: 0010:vlan_dev_hard_he
- CVE-2023-52572Mar 2, 2024affected < 5.14.21-150400.24.153.1fixed 5.14.21-150400.24.153.1
In the Linux kernel, the following vulnerability has been resolved: cifs: Fix UAF in cifs_demultiplex_thread() There is a UAF when xfstests on cifs: BUG: KASAN: use-after-free in smb2_is_network_name_deleted+0x27/0x160 Read of size 4 at addr ffff88810103fc08 by task cifsd/
- CVE-2023-52569Mar 2, 2024affected < 5.14.21-150400.24.116.1fixed 5.14.21-150400.24.116.1
In the Linux kernel, the following vulnerability has been resolved: btrfs: remove BUG() after failure to insert delayed dir index item Instead of calling BUG() when we fail to insert a delayed dir index item into the delayed node's tree, we can just release all the resources we
- CVE-2023-52567Mar 2, 2024affected < 5.14.21-150400.24.116.1fixed 5.14.21-150400.24.116.1
In the Linux kernel, the following vulnerability has been resolved: serial: 8250_port: Check IRQ data before use In case the leaf driver wants to use IRQ polling (irq = 0) and IIR register shows that an interrupt happened in the 8250 hardware the IRQ data can be NULL. In such a
- CVE-2023-52566Mar 2, 2024affected < 5.14.21-150400.24.116.1fixed 5.14.21-150400.24.116.1
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential use after free in nilfs_gccache_submit_read_data() In nilfs_gccache_submit_read_data(), brelse(bh) is called to drop the reference count of bh when the call to nilfs_dat_translate() fails.
- CVE-2023-52564Mar 2, 2024affected < 5.14.21-150400.24.116.1fixed 5.14.21-150400.24.116.1
In the Linux kernel, the following vulnerability has been resolved: Revert "tty: n_gsm: fix UAF in gsm_cleanup_mux" This reverts commit 9b9c8195f3f0d74a826077fc1c01b9ee74907239. The commit above is reverted as it did not solve the original issue. gsm_cleanup_mux() tries to fr
- CVE-2023-52559Mar 2, 2024affected < 5.14.21-150400.24.111.2fixed 5.14.21-150400.24.111.2
In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Avoid memory allocation in iommu_suspend() The iommu_suspend() syscore suspend callback is invoked with IRQ disabled. Allocating memory with the GFP_KERNEL flag may re-enable IRQs during the suspend
- CVE-2023-52532Mar 2, 2024affected < 5.14.21-150400.24.116.1fixed 5.14.21-150400.24.116.1
In the Linux kernel, the following vulnerability has been resolved: net: mana: Fix TX CQE error handling For an unknown TX CQE error type (probably from a newer hardware), still free the SKB, update the queue tail, etc., otherwise the accounting will be wrong. Also, TX errors
- CVE-2023-52531Mar 2, 2024affected < 5.14.21-150400.24.111.2fixed 5.14.21-150400.24.111.2
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: Fix a memory corruption issue A few lines above, space is kzalloc()'ed for: sizeof(struct iwl_nvm_data) + sizeof(struct ieee80211_channel) + sizeof(struct ieee80211_rate) 'mvm->nvm_data'
- CVE-2023-52530Mar 2, 2024affected < 5.14.21-150400.24.111.2fixed 5.14.21-150400.24.111.2
In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix potential key use-after-free When ieee80211_key_link() is called by ieee80211_gtk_rekey_add() but returns 0 due to KRACK protection (identical key reinstall), ieee80211_gtk_rekey_add() will
- CVE-2023-52529Mar 2, 2024affected < 5.14.21-150400.24.116.1fixed 5.14.21-150400.24.116.1
In the Linux kernel, the following vulnerability has been resolved: HID: sony: Fix a potential memory leak in sony_probe() If an error occurs after a successful usb_alloc_urb() call, usb_free_urb() should be called.
- CVE-2023-52528Mar 2, 2024affected < 5.14.21-150400.24.116.1fixed 5.14.21-150400.24.116.1
In the Linux kernel, the following vulnerability has been resolved: net: usb: smsc75xx: Fix uninit-value access in __smsc75xx_read_reg syzbot reported the following uninit-value access issue: ===================================================== BUG: KMSAN: uninit-value in sms
- CVE-2023-52525Mar 2, 2024affected < 5.14.21-150400.24.116.1fixed 5.14.21-150400.24.116.1
In the Linux kernel, the following vulnerability has been resolved: wifi: mwifiex: Fix oob check condition in mwifiex_process_rx_packet Only skip the code path trying to access the rfc1042 headers when the buffer is too small, so the driver can still process packets without rfc
Page 133 of 143