rpm package
suse/kernel-livepatch-SLE15-SP5_Update_19&distro=SUSE Linux Enterprise Live Patching 15 SP5
pkg:rpm/suse/kernel-livepatch-SLE15-SP5_Update_19&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP5
Vulnerabilities (344)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-48907 | — | < 1-150500.11.3.2 | 1-150500.11.3.2 | Aug 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: auxdisplay: lcd2s: Fix memory leak in ->remove() Once allocated the struct lcd2s_data is never freed. Fix the memory leak by switching to devm_kzalloc(). | ||
| CVE-2022-48906 | — | < 1-150500.11.3.2 | 1-150500.11.3.2 | Aug 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: mptcp: Correctly set DATA_FIN timeout when number of retransmits is large Syzkaller with UBSAN uncovered a scenario where a large number of DATA_FIN retransmits caused a shift-out-of-bounds in the DATA_FIN time | ||
| CVE-2022-48905 | — | < 1-150500.11.3.2 | 1-150500.11.3.2 | Aug 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: ibmvnic: free reset-work-item when flushing Fix a tiny memory leak when flushing the reset work queue. | ||
| CVE-2022-48904 | — | < 1-150500.11.3.2 | 1-150500.11.3.2 | Aug 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Fix I/O page table memory leak The current logic updates the I/O page table mode for the domain before calling the logic to free memory used for the page table. This results in IOMMU page table memor | ||
| CVE-2022-48903 | — | < 1-150500.11.3.2 | 1-150500.11.3.2 | Aug 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: btrfs: fix relocation crash due to premature return from btrfs_commit_transaction() We are seeing crashes similar to the following trace: [38.969182] WARNING: CPU: 20 PID: 2105 at fs/btrfs/relocation.c:4070 bt | ||
| CVE-2021-4441 | — | < 1-150500.11.3.2 | 1-150500.11.3.2 | Aug 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: spi: spi-zynq-qspi: Fix a NULL pointer dereference in zynq_qspi_exec_mem_op() In zynq_qspi_exec_mem_op(), kzalloc() is directly used in memset(), which could lead to a NULL pointer dereference on failure of kza | ||
| CVE-2023-52913 | — | < 1-150500.11.3.2 | 1-150500.11.3.2 | Aug 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/i915: Fix potential context UAFs gem_context_register() makes the context visible to userspace, and which point a separate thread can trigger the I915_GEM_CONTEXT_DESTROY ioctl. So we need to ensure that no | ||
| CVE-2023-52912 | — | < 1-150500.11.3.2 | 1-150500.11.3.2 | Aug 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fixed bug on error when unloading amdgpu Fixed bug on error when unloading amdgpu. The error message is as follows: [ 377.706202] kernel BUG at drivers/gpu/drm/drm_buddy.c:278! [ 377.706215] inva | ||
| CVE-2023-52911 | — | < 1-150500.11.3.2 | 1-150500.11.3.2 | Aug 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/msm: another fix for the headless Adreno GPU Fix another oops reproducible when rebooting the board with the Adreno GPU working in the headless mode (e.g. iMX platforms). Unable to handle kernel NULL point | ||
| CVE-2023-52910 | — | < 1-150500.11.3.2 | 1-150500.11.3.2 | Aug 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: iommu/iova: Fix alloc iova overflows issue In __alloc_and_insert_iova_range, there is an issue that retry_pfn overflows. The value of iovad->anchor.pfn_hi is ~0UL, then when iovad->cached_node is iovad->anchor, | ||
| CVE-2023-52909 | — | < 1-150500.11.3.2 | 1-150500.11.3.2 | Aug 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: nfsd: fix handling of cached open files in nfsd4_open codepath Commit fb70bf124b05 ("NFSD: Instantiate a struct file when creating a regular NFSv4 file") added the ability to cache an open fd over a compound. T | ||
| CVE-2023-52908 | — | < 1-150500.11.3.2 | 1-150500.11.3.2 | Aug 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix potential NULL dereference Fix potential NULL dereference, in the case when "man", the resource manager might be NULL, when/if we print debug information. | ||
| CVE-2023-52907 | — | < 1-150500.11.3.2 | 1-150500.11.3.2 | Aug 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: Wait for out_urb's completion in pn533_usb_send_frame() Fix a use-after-free that occurs in hcd when in_urb sent from pn533_usb_send_frame() is completed earlier than out_urb. Its callback frees the | ||
| CVE-2023-52906 | — | < 1-150500.11.3.2 | 1-150500.11.3.2 | Aug 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: net/sched: act_mpls: Fix warning during failed attribute validation The 'TCA_MPLS_LABEL' attribute is of 'NLA_U32' type, but has a validation type of 'NLA_VALIDATE_FUNCTION'. This is an invalid combination acco | ||
| CVE-2023-52905 | — | < 1-150500.11.3.2 | 1-150500.11.3.2 | Aug 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: Fix resource leakage in VF driver unbind resources allocated like mcam entries to support the Ntuple feature and hash tables for the tc feature are not getting freed in driver unbind. This patch f | ||
| CVE-2023-52904 | — | < 1-150500.11.3.2 | 1-150500.11.3.2 | Aug 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix possible NULL pointer dereference in snd_usb_pcm_has_fixed_rate() The subs function argument may be NULL, so do not use it before the NULL check. | ||
| CVE-2023-52901 | — | < 1-150500.11.3.2 | 1-150500.11.3.2 | Aug 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Check endpoint is valid before dereferencing it When the host controller is not responding, all URBs queued to all endpoints need to be killed. This can cause a kernel panic if we dereference an inva | ||
| CVE-2023-52900 | — | < 1-150500.11.3.2 | 1-150500.11.3.2 | Aug 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix general protection fault in nilfs_btree_insert() If nilfs2 reads a corrupted disk image and tries to reads a b-tree node block by calling __nilfs_btree_get_block() against an invalid virtual block a | ||
| CVE-2023-52899 | — | < 1-150500.11.3.2 | 1-150500.11.3.2 | Aug 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: Add exception protection processing for vd in axi_chan_handle_err function Since there is no protection for vd, a kernel panic will be triggered here in exceptional cases. You can refer to the processing of ax | ||
| CVE-2023-52898 | — | < 1-150500.11.3.2 | 1-150500.11.3.2 | Aug 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: xhci: Fix null pointer dereference when host dies Make sure xhci_free_dev() and xhci_kill_endpoint_urbs() do not race and cause null pointer dereference when host suddenly dies. Usb core may call xhci_free_dev |
- CVE-2022-48907Aug 22, 2024affected < 1-150500.11.3.2fixed 1-150500.11.3.2
In the Linux kernel, the following vulnerability has been resolved: auxdisplay: lcd2s: Fix memory leak in ->remove() Once allocated the struct lcd2s_data is never freed. Fix the memory leak by switching to devm_kzalloc().
- CVE-2022-48906Aug 22, 2024affected < 1-150500.11.3.2fixed 1-150500.11.3.2
In the Linux kernel, the following vulnerability has been resolved: mptcp: Correctly set DATA_FIN timeout when number of retransmits is large Syzkaller with UBSAN uncovered a scenario where a large number of DATA_FIN retransmits caused a shift-out-of-bounds in the DATA_FIN time
- CVE-2022-48905Aug 22, 2024affected < 1-150500.11.3.2fixed 1-150500.11.3.2
In the Linux kernel, the following vulnerability has been resolved: ibmvnic: free reset-work-item when flushing Fix a tiny memory leak when flushing the reset work queue.
- CVE-2022-48904Aug 22, 2024affected < 1-150500.11.3.2fixed 1-150500.11.3.2
In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Fix I/O page table memory leak The current logic updates the I/O page table mode for the domain before calling the logic to free memory used for the page table. This results in IOMMU page table memor
- CVE-2022-48903Aug 22, 2024affected < 1-150500.11.3.2fixed 1-150500.11.3.2
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix relocation crash due to premature return from btrfs_commit_transaction() We are seeing crashes similar to the following trace: [38.969182] WARNING: CPU: 20 PID: 2105 at fs/btrfs/relocation.c:4070 bt
- CVE-2021-4441Aug 22, 2024affected < 1-150500.11.3.2fixed 1-150500.11.3.2
In the Linux kernel, the following vulnerability has been resolved: spi: spi-zynq-qspi: Fix a NULL pointer dereference in zynq_qspi_exec_mem_op() In zynq_qspi_exec_mem_op(), kzalloc() is directly used in memset(), which could lead to a NULL pointer dereference on failure of kza
- CVE-2023-52913Aug 21, 2024affected < 1-150500.11.3.2fixed 1-150500.11.3.2
In the Linux kernel, the following vulnerability has been resolved: drm/i915: Fix potential context UAFs gem_context_register() makes the context visible to userspace, and which point a separate thread can trigger the I915_GEM_CONTEXT_DESTROY ioctl. So we need to ensure that no
- CVE-2023-52912Aug 21, 2024affected < 1-150500.11.3.2fixed 1-150500.11.3.2
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fixed bug on error when unloading amdgpu Fixed bug on error when unloading amdgpu. The error message is as follows: [ 377.706202] kernel BUG at drivers/gpu/drm/drm_buddy.c:278! [ 377.706215] inva
- CVE-2023-52911Aug 21, 2024affected < 1-150500.11.3.2fixed 1-150500.11.3.2
In the Linux kernel, the following vulnerability has been resolved: drm/msm: another fix for the headless Adreno GPU Fix another oops reproducible when rebooting the board with the Adreno GPU working in the headless mode (e.g. iMX platforms). Unable to handle kernel NULL point
- CVE-2023-52910Aug 21, 2024affected < 1-150500.11.3.2fixed 1-150500.11.3.2
In the Linux kernel, the following vulnerability has been resolved: iommu/iova: Fix alloc iova overflows issue In __alloc_and_insert_iova_range, there is an issue that retry_pfn overflows. The value of iovad->anchor.pfn_hi is ~0UL, then when iovad->cached_node is iovad->anchor,
- CVE-2023-52909Aug 21, 2024affected < 1-150500.11.3.2fixed 1-150500.11.3.2
In the Linux kernel, the following vulnerability has been resolved: nfsd: fix handling of cached open files in nfsd4_open codepath Commit fb70bf124b05 ("NFSD: Instantiate a struct file when creating a regular NFSv4 file") added the ability to cache an open fd over a compound. T
- CVE-2023-52908Aug 21, 2024affected < 1-150500.11.3.2fixed 1-150500.11.3.2
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix potential NULL dereference Fix potential NULL dereference, in the case when "man", the resource manager might be NULL, when/if we print debug information.
- CVE-2023-52907Aug 21, 2024affected < 1-150500.11.3.2fixed 1-150500.11.3.2
In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: Wait for out_urb's completion in pn533_usb_send_frame() Fix a use-after-free that occurs in hcd when in_urb sent from pn533_usb_send_frame() is completed earlier than out_urb. Its callback frees the
- CVE-2023-52906Aug 21, 2024affected < 1-150500.11.3.2fixed 1-150500.11.3.2
In the Linux kernel, the following vulnerability has been resolved: net/sched: act_mpls: Fix warning during failed attribute validation The 'TCA_MPLS_LABEL' attribute is of 'NLA_U32' type, but has a validation type of 'NLA_VALIDATE_FUNCTION'. This is an invalid combination acco
- CVE-2023-52905Aug 21, 2024affected < 1-150500.11.3.2fixed 1-150500.11.3.2
In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: Fix resource leakage in VF driver unbind resources allocated like mcam entries to support the Ntuple feature and hash tables for the tc feature are not getting freed in driver unbind. This patch f
- CVE-2023-52904Aug 21, 2024affected < 1-150500.11.3.2fixed 1-150500.11.3.2
In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix possible NULL pointer dereference in snd_usb_pcm_has_fixed_rate() The subs function argument may be NULL, so do not use it before the NULL check.
- CVE-2023-52901Aug 21, 2024affected < 1-150500.11.3.2fixed 1-150500.11.3.2
In the Linux kernel, the following vulnerability has been resolved: usb: xhci: Check endpoint is valid before dereferencing it When the host controller is not responding, all URBs queued to all endpoints need to be killed. This can cause a kernel panic if we dereference an inva
- CVE-2023-52900Aug 21, 2024affected < 1-150500.11.3.2fixed 1-150500.11.3.2
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix general protection fault in nilfs_btree_insert() If nilfs2 reads a corrupted disk image and tries to reads a b-tree node block by calling __nilfs_btree_get_block() against an invalid virtual block a
- CVE-2023-52899Aug 21, 2024affected < 1-150500.11.3.2fixed 1-150500.11.3.2
In the Linux kernel, the following vulnerability has been resolved: Add exception protection processing for vd in axi_chan_handle_err function Since there is no protection for vd, a kernel panic will be triggered here in exceptional cases. You can refer to the processing of ax
- CVE-2023-52898Aug 21, 2024affected < 1-150500.11.3.2fixed 1-150500.11.3.2
In the Linux kernel, the following vulnerability has been resolved: xhci: Fix null pointer dereference when host dies Make sure xhci_free_dev() and xhci_kill_endpoint_urbs() do not race and cause null pointer dereference when host suddenly dies. Usb core may call xhci_free_dev
Page 6 of 18