rpm package
suse/kernel-livepatch-SLE15-SP6_Update_2&distro=SUSE Linux Enterprise Live Patching 15 SP6
pkg:rpm/suse/kernel-livepatch-SLE15-SP6_Update_2&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP6
Vulnerabilities (315)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-52868 | Hig | 7.8 | < 1-150600.13.3.2 | 1-150600.13.3.2 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: thermal: core: prevent potential string overflow The dev->id value comes from ida_alloc() so it's a number between zero and INT_MAX. If it's too high then these sprintf()s will overflow. | |
| CVE-2023-52867 | Hig | 7.8 | < 1-150600.13.3.2 | 1-150600.13.3.2 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/radeon: possible buffer overflow Buffer 'afmt_status' of size 6 could overflow, since index 'afmt_idx' is checked after access. | |
| CVE-2023-52866 | Hig | 7.1 | < 1-150600.13.3.2 | 1-150600.13.3.2 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: HID: uclogic: Fix user-memory-access bug in uclogic_params_ugee_v2_init_event_hooks() When CONFIG_HID_UCLOGIC=y and CONFIG_KUNIT_ALL_TESTS=y, launch kernel and then the below user-memory-access bug occurs. In | |
| CVE-2023-52865 | Med | 5.5 | < 1-150600.13.3.2 | 1-150600.13.3.2 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: clk-mt6797: Add check for mtk_alloc_clk_data Add the check for the return value of mtk_alloc_clk_data() in order to avoid NULL pointer dereference. | |
| CVE-2023-52864 | Hig | 7.8 | < 1-150600.13.3.2 | 1-150600.13.3.2 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: platform/x86: wmi: Fix opening of char device Since commit fa1f68db6ca7 ("drivers: misc: pass miscdevice pointer via file private data"), the miscdevice stores a pointer to itself inside filp->private_data, whi | |
| CVE-2023-52863 | Med | 5.5 | < 1-150600.13.3.2 | 1-150600.13.3.2 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: hwmon: (axi-fan-control) Fix possible NULL pointer dereference axi_fan_control_irq_handler(), dependent on the private axi_fan_control_data structure, might be called before the hwmon device is registered. That | |
| CVE-2023-52862 | Med | 4.1 | < 1-150600.13.3.2 | 1-150600.13.3.2 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix null pointer dereference in error message This patch fixes a null pointer dereference in the error message that is printed when the Display Core (DC) fails to initialize. The original messa | |
| CVE-2023-52861 | Med | 6.2 | < 1-150600.13.3.2 | 1-150600.13.3.2 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm: bridge: it66121: Fix invalid connector dereference Fix the NULL pointer dereference when no monitor is connected, and the sound card is opened from userspace. Instead return an empty buffer (of zeroes) as | |
| CVE-2023-52858 | Med | 6.2 | < 1-150600.13.3.2 | 1-150600.13.3.2 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: clk-mt7629: Add check for mtk_alloc_clk_data Add the check for the return value of mtk_alloc_clk_data() in order to avoid NULL pointer dereference. | |
| CVE-2023-52857 | Med | 5.5 | < 1-150600.13.3.2 | 1-150600.13.3.2 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Fix coverity issue with unintentional integer overflow 1. Instead of multiplying 2 variable of different types. Change to assign a value of one variable and then multiply the other variable. 2. A | |
| CVE-2023-52856 | Med | 5.5 | < 1-150600.13.3.2 | 1-150600.13.3.2 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/bridge: lt8912b: Fix crash on bridge detach The lt8912b driver, in its bridge detach function, calls drm_connector_unregister() and drm_connector_cleanup(). drm_connector_unregister() should be called only | |
| CVE-2023-52855 | Med | 5.5 | < 1-150600.13.3.2 | 1-150600.13.3.2 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: usb: dwc2: fix possible NULL pointer dereference caused by driver concurrency In _dwc2_hcd_urb_enqueue(), "urb->hcpriv = NULL" is executed without holding the lock "hsotg->lock". In _dwc2_hcd_urb_dequeue(): | |
| CVE-2023-52854 | Hig | 7.8 | < 1-150600.13.3.2 | 1-150600.13.3.2 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: padata: Fix refcnt handling in padata_free_shell() In a high-load arm64 environment, the pcrypt_aead01 test in LTP can lead to system UAF (Use-After-Free) issues. Due to the lengthy analysis of the pcrypt_aead0 | |
| CVE-2023-52853 | Med | 5.5 | < 1-150600.13.3.2 | 1-150600.13.3.2 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: hid: cp2112: Fix duplicate workqueue initialization Previously the cp2112 driver called INIT_DELAYED_WORK within cp2112_gpio_irq_startup, resulting in duplicate initilizations of the workqueue on subsequent IRQ | |
| CVE-2023-52851 | Hig | 7.8 | < 1-150600.13.3.2 | 1-150600.13.3.2 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: IB/mlx5: Fix init stage error handling to avoid double free of same QP and UAF In the unlikely event that workqueue allocation fails and returns NULL in mlx5_mkey_cache_init(), delete the call to mlx5r_umr_reso | |
| CVE-2023-52850 | Med | 5.5 | < 1-150600.13.3.2 | 1-150600.13.3.2 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: media: hantro: Check whether reset op is defined before use The i.MX8MM/N/P does not define the .reset op since reset of the VPU is done by genpd. Check whether the .reset op is defined before calling it to avo | |
| CVE-2023-52849 | Med | 5.5 | < 1-150600.13.3.2 | 1-150600.13.3.2 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: cxl/mem: Fix shutdown order Ira reports that removing cxl_mock_mem causes a crash with the following trace: BUG: kernel NULL pointer dereference, address: 0000000000000044 [..] RIP: 0010:cxl_region_decode_r | |
| CVE-2023-52847 | Hig | 7.0 | < 1-150600.13.3.2 | 1-150600.13.3.2 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: media: bttv: fix use after free error due to btv->timeout timer There may be some a race condition between timer function bttv_irq_timeout and bttv_remove. The timer is setup in probe and there is no timer_dele | |
| CVE-2023-52846 | Hig | 7.8 | < 1-150600.13.3.2 | 1-150600.13.3.2 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: hsr: Prevent use after free in prp_create_tagged_frame() The prp_fill_rct() function can fail. In that situation, it frees the skb and returns NULL. Meanwhile on the success path, it returns the original skb. | |
| CVE-2023-52845 | Med | 5.5 | < 1-150600.13.3.2 | 1-150600.13.3.2 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING syzbot reported the following uninit-value access issue [1]: ===================================================== BUG: KMSAN: uninit-value in |
- affected < 1-150600.13.3.2fixed 1-150600.13.3.2
In the Linux kernel, the following vulnerability has been resolved: thermal: core: prevent potential string overflow The dev->id value comes from ida_alloc() so it's a number between zero and INT_MAX. If it's too high then these sprintf()s will overflow.
- affected < 1-150600.13.3.2fixed 1-150600.13.3.2
In the Linux kernel, the following vulnerability has been resolved: drm/radeon: possible buffer overflow Buffer 'afmt_status' of size 6 could overflow, since index 'afmt_idx' is checked after access.
- affected < 1-150600.13.3.2fixed 1-150600.13.3.2
In the Linux kernel, the following vulnerability has been resolved: HID: uclogic: Fix user-memory-access bug in uclogic_params_ugee_v2_init_event_hooks() When CONFIG_HID_UCLOGIC=y and CONFIG_KUNIT_ALL_TESTS=y, launch kernel and then the below user-memory-access bug occurs. In
- affected < 1-150600.13.3.2fixed 1-150600.13.3.2
In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: clk-mt6797: Add check for mtk_alloc_clk_data Add the check for the return value of mtk_alloc_clk_data() in order to avoid NULL pointer dereference.
- affected < 1-150600.13.3.2fixed 1-150600.13.3.2
In the Linux kernel, the following vulnerability has been resolved: platform/x86: wmi: Fix opening of char device Since commit fa1f68db6ca7 ("drivers: misc: pass miscdevice pointer via file private data"), the miscdevice stores a pointer to itself inside filp->private_data, whi
- affected < 1-150600.13.3.2fixed 1-150600.13.3.2
In the Linux kernel, the following vulnerability has been resolved: hwmon: (axi-fan-control) Fix possible NULL pointer dereference axi_fan_control_irq_handler(), dependent on the private axi_fan_control_data structure, might be called before the hwmon device is registered. That
- affected < 1-150600.13.3.2fixed 1-150600.13.3.2
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix null pointer dereference in error message This patch fixes a null pointer dereference in the error message that is printed when the Display Core (DC) fails to initialize. The original messa
- affected < 1-150600.13.3.2fixed 1-150600.13.3.2
In the Linux kernel, the following vulnerability has been resolved: drm: bridge: it66121: Fix invalid connector dereference Fix the NULL pointer dereference when no monitor is connected, and the sound card is opened from userspace. Instead return an empty buffer (of zeroes) as
- affected < 1-150600.13.3.2fixed 1-150600.13.3.2
In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: clk-mt7629: Add check for mtk_alloc_clk_data Add the check for the return value of mtk_alloc_clk_data() in order to avoid NULL pointer dereference.
- affected < 1-150600.13.3.2fixed 1-150600.13.3.2
In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Fix coverity issue with unintentional integer overflow 1. Instead of multiplying 2 variable of different types. Change to assign a value of one variable and then multiply the other variable. 2. A
- affected < 1-150600.13.3.2fixed 1-150600.13.3.2
In the Linux kernel, the following vulnerability has been resolved: drm/bridge: lt8912b: Fix crash on bridge detach The lt8912b driver, in its bridge detach function, calls drm_connector_unregister() and drm_connector_cleanup(). drm_connector_unregister() should be called only
- affected < 1-150600.13.3.2fixed 1-150600.13.3.2
In the Linux kernel, the following vulnerability has been resolved: usb: dwc2: fix possible NULL pointer dereference caused by driver concurrency In _dwc2_hcd_urb_enqueue(), "urb->hcpriv = NULL" is executed without holding the lock "hsotg->lock". In _dwc2_hcd_urb_dequeue():
- affected < 1-150600.13.3.2fixed 1-150600.13.3.2
In the Linux kernel, the following vulnerability has been resolved: padata: Fix refcnt handling in padata_free_shell() In a high-load arm64 environment, the pcrypt_aead01 test in LTP can lead to system UAF (Use-After-Free) issues. Due to the lengthy analysis of the pcrypt_aead0
- affected < 1-150600.13.3.2fixed 1-150600.13.3.2
In the Linux kernel, the following vulnerability has been resolved: hid: cp2112: Fix duplicate workqueue initialization Previously the cp2112 driver called INIT_DELAYED_WORK within cp2112_gpio_irq_startup, resulting in duplicate initilizations of the workqueue on subsequent IRQ
- affected < 1-150600.13.3.2fixed 1-150600.13.3.2
In the Linux kernel, the following vulnerability has been resolved: IB/mlx5: Fix init stage error handling to avoid double free of same QP and UAF In the unlikely event that workqueue allocation fails and returns NULL in mlx5_mkey_cache_init(), delete the call to mlx5r_umr_reso
- affected < 1-150600.13.3.2fixed 1-150600.13.3.2
In the Linux kernel, the following vulnerability has been resolved: media: hantro: Check whether reset op is defined before use The i.MX8MM/N/P does not define the .reset op since reset of the VPU is done by genpd. Check whether the .reset op is defined before calling it to avo
- affected < 1-150600.13.3.2fixed 1-150600.13.3.2
In the Linux kernel, the following vulnerability has been resolved: cxl/mem: Fix shutdown order Ira reports that removing cxl_mock_mem causes a crash with the following trace: BUG: kernel NULL pointer dereference, address: 0000000000000044 [..] RIP: 0010:cxl_region_decode_r
- affected < 1-150600.13.3.2fixed 1-150600.13.3.2
In the Linux kernel, the following vulnerability has been resolved: media: bttv: fix use after free error due to btv->timeout timer There may be some a race condition between timer function bttv_irq_timeout and bttv_remove. The timer is setup in probe and there is no timer_dele
- affected < 1-150600.13.3.2fixed 1-150600.13.3.2
In the Linux kernel, the following vulnerability has been resolved: hsr: Prevent use after free in prp_create_tagged_frame() The prp_fill_rct() function can fail. In that situation, it frees the skb and returns NULL. Meanwhile on the success path, it returns the original skb.
- affected < 1-150600.13.3.2fixed 1-150600.13.3.2
In the Linux kernel, the following vulnerability has been resolved: tipc: Change nla_policy for bearer-related names to NLA_NUL_STRING syzbot reported the following uninit-value access issue [1]: ===================================================== BUG: KMSAN: uninit-value in
Page 10 of 16