rpm package
suse/kernel-livepatch-SLE15-SP5_Update_27&distro=SUSE Linux Enterprise Live Patching 15 SP5
pkg:rpm/suse/kernel-livepatch-SLE15-SP5_Update_27&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP5
Vulnerabilities (218)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-49865 | — | < 1-150500.11.7.1 | 1-150500.11.7.1 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: ipv6: addrlabel: fix infoleak when sending struct ifaddrlblmsg to network When copying a `struct ifaddrlblmsg` to the network, __ifal_reserved remained uninitialized, resulting in a 1-byte infoleak: BUG: KMS | ||
| CVE-2022-49864 | — | < 1-150500.11.7.1 | 1-150500.11.7.1 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix NULL pointer dereference in svm_migrate_to_ram() ./drivers/gpu/drm/amd/amdkfd/kfd_migrate.c:985:58-62: ERROR: p is NULL but dereferenced. | ||
| CVE-2022-49863 | — | < 1-150500.11.7.1 | 1-150500.11.7.1 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: can: af_can: fix NULL pointer dereference in can_rx_register() It causes NULL pointer dereference when testing as following: (a) use syscall(__NR_socket, 0x10ul, 3ul, 0) to create netlink socket. (b) use syscal | ||
| CVE-2022-49861 | — | < 1-150500.11.7.1 | 1-150500.11.7.1 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: dmaengine: mv_xor_v2: Fix a resource leak in mv_xor_v2_remove() A clk_prepare_enable() call in the probe is not balanced by a corresponding clk_disable_unprepare() in the remove function. Add the missing call. | ||
| CVE-2022-49860 | — | < 1-150500.11.7.1 | 1-150500.11.7.1 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: k3-udma-glue: fix memory leak when register device fail If device_register() fails, it should call put_device() to give up reference, the name allocated in dev_set_name() can be freed in callback | ||
| CVE-2022-49858 | — | < 1-150500.11.7.1 | 1-150500.11.7.1 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: Fix SQE threshold checking Current way of checking available SQE count which is based on HW updated SQB count could result in driver submitting an SQE even before CQE for the previously transmitte | ||
| CVE-2022-49853 | — | < 1-150500.11.7.1 | 1-150500.11.7.1 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: net: macvlan: fix memory leaks of macvlan_common_newlink kmemleak reports memory leaks in macvlan_common_newlink, as follows: ip link add link eth0 name .. type macvlan mode source macaddr add km | ||
| CVE-2022-49850 | — | < 1-150500.11.7.1 | 1-150500.11.7.1 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix deadlock in nilfs_count_free_blocks() A semaphore deadlock can occur if nilfs_get_block() detects metadata corruption while locating data blocks and a superblock writeback occurs at the same time: | ||
| CVE-2022-49846 | — | < 1-150500.11.7.1 | 1-150500.11.7.1 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: udf: Fix a slab-out-of-bounds write bug in udf_find_entry() Syzbot reported a slab-out-of-bounds Write bug: loop0: detected capacity change from 0 to 2048 ====================================================== | ||
| CVE-2022-49845 | — | < 1-150500.11.7.1 | 1-150500.11.7.1 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: can: j1939: j1939_send_one(): fix missing CAN header initialization The read access to struct canxl_frame::len inside of a j1939 created skbuff revealed a missing initialization of reserved and later filled ele | ||
| CVE-2022-49842 | — | < 1-150500.11.7.1 | 1-150500.11.7.1 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: ASoC: core: Fix use-after-free in snd_soc_exit() KASAN reports a use-after-free: BUG: KASAN: use-after-free in device_del+0xb5b/0xc60 Read of size 8 at addr ffff888008655050 by task rmmod/387 CPU: 2 PID: 387 C | ||
| CVE-2022-49841 | — | < 1-150500.11.7.1 | 1-150500.11.7.1 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: serial: imx: Add missing .thaw_noirq hook The following warning is seen with non-console UART instance when system hibernates. [ 37.371969] ------------[ cut here ]------------ [ 37.376599] uart3_root_clk | ||
| CVE-2022-49839 | — | < 1-150500.11.7.1 | 1-150500.11.7.1 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: scsi: scsi_transport_sas: Fix error handling in sas_phy_add() If transport_add_device() fails in sas_phy_add(), the kernel will crash trying to delete the device in transport_remove_device() called from sas_rem | ||
| CVE-2022-49837 | — | < 1-150500.11.7.1 | 1-150500.11.7.1 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: bpf: Fix memory leaks in __check_func_call kmemleak reports this issue: unreferenced object 0xffff88817139d000 (size 2048): comm "test_progs", pid 33246, jiffies 4307381979 (age 45851.820s) hex dump (first | ||
| CVE-2022-49836 | — | < 1-150500.11.7.1 | 1-150500.11.7.1 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: siox: fix possible memory leak in siox_device_add() If device_register() returns error in siox_device_add(), the name allocated by dev_set_name() need be freed. As comment of device_register() says, it should u | ||
| CVE-2022-49835 | — | < 1-150500.11.7.1 | 1-150500.11.7.1 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: fix potential memleak in 'add_widget_node' As 'kobject_add' may allocated memory for 'kobject->name' when return error. And in this function, if call 'kobject_add' failed didn't free kobject. So call | ||
| CVE-2022-49834 | — | < 1-150500.11.7.1 | 1-150500.11.7.1 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix use-after-free bug of ns_writer on remount If a nilfs2 filesystem is downgraded to read-only due to metadata corruption on disk and is remounted read/write, or if emergency read-only remount is perf | ||
| CVE-2022-49832 | — | < 1-150500.11.7.1 | 1-150500.11.7.1 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map Here is the BUG report by KASAN about null pointer dereference: BUG: KASAN: null-ptr-deref in strcmp+0x2e/0x50 Read of size 1 at addr 00 | ||
| CVE-2022-49830 | — | < 1-150500.11.7.1 | 1-150500.11.7.1 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: drm/drv: Fix potential memory leak in drm_dev_init() drm_dev_init() will add drm_dev_init_release() as a callback. When drmm_add_action() failed, the release function won't be added. As the result, the ref cnt | ||
| CVE-2022-49827 | — | < 1-150500.11.7.1 | 1-150500.11.7.1 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: drm: Fix potential null-ptr-deref in drm_vblank_destroy_worker() drm_vblank_init() call drmm_add_action_or_reset() with drm_vblank_init_release() as action. If __drmm_add_action() failed, will directly call drm |
- CVE-2022-49865May 1, 2025affected < 1-150500.11.7.1fixed 1-150500.11.7.1
In the Linux kernel, the following vulnerability has been resolved: ipv6: addrlabel: fix infoleak when sending struct ifaddrlblmsg to network When copying a `struct ifaddrlblmsg` to the network, __ifal_reserved remained uninitialized, resulting in a 1-byte infoleak: BUG: KMS
- CVE-2022-49864May 1, 2025affected < 1-150500.11.7.1fixed 1-150500.11.7.1
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix NULL pointer dereference in svm_migrate_to_ram() ./drivers/gpu/drm/amd/amdkfd/kfd_migrate.c:985:58-62: ERROR: p is NULL but dereferenced.
- CVE-2022-49863May 1, 2025affected < 1-150500.11.7.1fixed 1-150500.11.7.1
In the Linux kernel, the following vulnerability has been resolved: can: af_can: fix NULL pointer dereference in can_rx_register() It causes NULL pointer dereference when testing as following: (a) use syscall(__NR_socket, 0x10ul, 3ul, 0) to create netlink socket. (b) use syscal
- CVE-2022-49861May 1, 2025affected < 1-150500.11.7.1fixed 1-150500.11.7.1
In the Linux kernel, the following vulnerability has been resolved: dmaengine: mv_xor_v2: Fix a resource leak in mv_xor_v2_remove() A clk_prepare_enable() call in the probe is not balanced by a corresponding clk_disable_unprepare() in the remove function. Add the missing call.
- CVE-2022-49860May 1, 2025affected < 1-150500.11.7.1fixed 1-150500.11.7.1
In the Linux kernel, the following vulnerability has been resolved: dmaengine: ti: k3-udma-glue: fix memory leak when register device fail If device_register() fails, it should call put_device() to give up reference, the name allocated in dev_set_name() can be freed in callback
- CVE-2022-49858May 1, 2025affected < 1-150500.11.7.1fixed 1-150500.11.7.1
In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: Fix SQE threshold checking Current way of checking available SQE count which is based on HW updated SQB count could result in driver submitting an SQE even before CQE for the previously transmitte
- CVE-2022-49853May 1, 2025affected < 1-150500.11.7.1fixed 1-150500.11.7.1
In the Linux kernel, the following vulnerability has been resolved: net: macvlan: fix memory leaks of macvlan_common_newlink kmemleak reports memory leaks in macvlan_common_newlink, as follows: ip link add link eth0 name .. type macvlan mode source macaddr add km
- CVE-2022-49850May 1, 2025affected < 1-150500.11.7.1fixed 1-150500.11.7.1
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix deadlock in nilfs_count_free_blocks() A semaphore deadlock can occur if nilfs_get_block() detects metadata corruption while locating data blocks and a superblock writeback occurs at the same time:
- CVE-2022-49846May 1, 2025affected < 1-150500.11.7.1fixed 1-150500.11.7.1
In the Linux kernel, the following vulnerability has been resolved: udf: Fix a slab-out-of-bounds write bug in udf_find_entry() Syzbot reported a slab-out-of-bounds Write bug: loop0: detected capacity change from 0 to 2048 ======================================================
- CVE-2022-49845May 1, 2025affected < 1-150500.11.7.1fixed 1-150500.11.7.1
In the Linux kernel, the following vulnerability has been resolved: can: j1939: j1939_send_one(): fix missing CAN header initialization The read access to struct canxl_frame::len inside of a j1939 created skbuff revealed a missing initialization of reserved and later filled ele
- CVE-2022-49842May 1, 2025affected < 1-150500.11.7.1fixed 1-150500.11.7.1
In the Linux kernel, the following vulnerability has been resolved: ASoC: core: Fix use-after-free in snd_soc_exit() KASAN reports a use-after-free: BUG: KASAN: use-after-free in device_del+0xb5b/0xc60 Read of size 8 at addr ffff888008655050 by task rmmod/387 CPU: 2 PID: 387 C
- CVE-2022-49841May 1, 2025affected < 1-150500.11.7.1fixed 1-150500.11.7.1
In the Linux kernel, the following vulnerability has been resolved: serial: imx: Add missing .thaw_noirq hook The following warning is seen with non-console UART instance when system hibernates. [ 37.371969] ------------[ cut here ]------------ [ 37.376599] uart3_root_clk
- CVE-2022-49839May 1, 2025affected < 1-150500.11.7.1fixed 1-150500.11.7.1
In the Linux kernel, the following vulnerability has been resolved: scsi: scsi_transport_sas: Fix error handling in sas_phy_add() If transport_add_device() fails in sas_phy_add(), the kernel will crash trying to delete the device in transport_remove_device() called from sas_rem
- CVE-2022-49837May 1, 2025affected < 1-150500.11.7.1fixed 1-150500.11.7.1
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix memory leaks in __check_func_call kmemleak reports this issue: unreferenced object 0xffff88817139d000 (size 2048): comm "test_progs", pid 33246, jiffies 4307381979 (age 45851.820s) hex dump (first
- CVE-2022-49836May 1, 2025affected < 1-150500.11.7.1fixed 1-150500.11.7.1
In the Linux kernel, the following vulnerability has been resolved: siox: fix possible memory leak in siox_device_add() If device_register() returns error in siox_device_add(), the name allocated by dev_set_name() need be freed. As comment of device_register() says, it should u
- CVE-2022-49835May 1, 2025affected < 1-150500.11.7.1fixed 1-150500.11.7.1
In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: fix potential memleak in 'add_widget_node' As 'kobject_add' may allocated memory for 'kobject->name' when return error. And in this function, if call 'kobject_add' failed didn't free kobject. So call
- CVE-2022-49834May 1, 2025affected < 1-150500.11.7.1fixed 1-150500.11.7.1
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix use-after-free bug of ns_writer on remount If a nilfs2 filesystem is downgraded to read-only due to metadata corruption on disk and is remounted read/write, or if emergency read-only remount is perf
- CVE-2022-49832May 1, 2025affected < 1-150500.11.7.1fixed 1-150500.11.7.1
In the Linux kernel, the following vulnerability has been resolved: pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map Here is the BUG report by KASAN about null pointer dereference: BUG: KASAN: null-ptr-deref in strcmp+0x2e/0x50 Read of size 1 at addr 00
- CVE-2022-49830May 1, 2025affected < 1-150500.11.7.1fixed 1-150500.11.7.1
In the Linux kernel, the following vulnerability has been resolved: drm/drv: Fix potential memory leak in drm_dev_init() drm_dev_init() will add drm_dev_init_release() as a callback. When drmm_add_action() failed, the release function won't be added. As the result, the ref cnt
- CVE-2022-49827May 1, 2025affected < 1-150500.11.7.1fixed 1-150500.11.7.1
In the Linux kernel, the following vulnerability has been resolved: drm: Fix potential null-ptr-deref in drm_vblank_destroy_worker() drm_vblank_init() call drmm_add_action_or_reset() with drm_vblank_init_release() as action. If __drmm_add_action() failed, will directly call drm
Page 8 of 11