suse/kernel-obs-build&distro=SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS

Vulnerabilities (2,310)

• CVE-2023-53465Oct 1, 2025
  affected < 5.14.21-150500.55.124.1fixed 5.14.21-150500.55.124.1

  In the Linux kernel, the following vulnerability has been resolved: soundwire: qcom: fix storing port config out-of-bounds The 'qcom_swrm_ctrl->pconfig' has size of QCOM_SDW_MAX_PORTS (14), however we index it starting from 1, not 0, to match real port numbers. This can lead to

• CVE-2023-53464Oct 1, 2025
  affected < 5.14.21-150500.55.124.1fixed 5.14.21-150500.55.124.1

  In the Linux kernel, the following vulnerability has been resolved: scsi: iscsi_tcp: Check that sock is valid before iscsi_set_param() The validity of sock should be checked before assignment to avoid incorrect values. Commit 57569c37f0ad ("scsi: iscsi: iscsi_tcp: Fix null-ptr-

• CVE-2023-53463Oct 1, 2025
  affected < 5.14.21-150500.55.124.1fixed 5.14.21-150500.55.124.1

  In the Linux kernel, the following vulnerability has been resolved: ibmvnic: Do not reset dql stats on NON_FATAL err All ibmvnic resets, make a call to netdev_tx_reset_queue() when re-opening the device. netdev_tx_reset_queue() resets the num_queued and num_completed byte count

• CVE-2023-53458Oct 1, 2025
  affected < 5.14.21-150500.55.124.1fixed 5.14.21-150500.55.124.1

  In the Linux kernel, the following vulnerability has been resolved: media: cx23885: Fix a null-ptr-deref bug in buffer_prepare() and buffer_finish() When the driver calls cx23885_risc_buffer() to prepare the buffer, the function call dma_alloc_coherent may fail, resulting in a

• CVE-2023-53457Oct 1, 2025
  affected < 5.14.21-150500.55.124.1fixed 5.14.21-150500.55.124.1

  In the Linux kernel, the following vulnerability has been resolved: FS: JFS: Fix null-ptr-deref Read in txBegin Syzkaller reported an issue where txBegin may be called on a superblock in a read-only mounted filesystem which leads to NULL pointer deref. This could be solved b

• CVE-2023-53456Oct 1, 2025
  affected < 5.14.21-150500.55.124.1fixed 5.14.21-150500.55.124.1

  In the Linux kernel, the following vulnerability has been resolved: scsi: qla4xxx: Add length check when parsing nlattrs There are three places that qla4xxx parses nlattrs: - qla4xxx_set_chap_entry() - qla4xxx_iface_set_param() - qla4xxx_sysfs_ddb_set_param() and each of

• CVE-2023-53454Oct 1, 2025
  affected < 5.14.21-150500.55.124.1fixed 5.14.21-150500.55.124.1

  In the Linux kernel, the following vulnerability has been resolved: HID: multitouch: Correct devm device reference for hidinput input_dev name Reference the HID device rather than the input device for the devm allocation of the input_dev name. Referencing the input_dev would le

• CVE-2023-53453Oct 1, 2025
  affected < 5.14.21-150500.55.124.1fixed 5.14.21-150500.55.124.1

  In the Linux kernel, the following vulnerability has been resolved: drm/radeon: free iio for atombios when driver shutdown Fix below kmemleak when unload radeon driver: unreferenced object 0xffff9f8608ede200 (size 512): comm "systemd-udevd", pid 326, jiffies 4294682822 (age

• CVE-2023-53452Oct 1, 2025
  affected < 5.14.21-150500.55.124.1fixed 5.14.21-150500.55.124.1

  In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: fix potential race condition between napi_init and napi_enable A race condition can happen if netdev is registered, but NAPI isn't initialized yet, and meanwhile user space starts the netdev that w

• CVE-2023-53451Oct 1, 2025
  affected < 5.14.21-150500.55.124.1fixed 5.14.21-150500.55.124.1

  In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix potential NULL pointer dereference Klocwork tool reported 'cur_dsd' may be dereferenced. Add fix to validate pointer before dereferencing the pointer.

• CVE-2023-53449Oct 1, 2025
  affected < 5.14.21-150500.55.124.1fixed 5.14.21-150500.55.124.1

  In the Linux kernel, the following vulnerability has been resolved: s390/dasd: Fix potential memleak in dasd_eckd_init() `dasd_reserve_req` is allocated before `dasd_vol_info_req`, and it also needs to be freed before the error returns, just like the other cases in this functio

• CVE-2023-53448Oct 1, 2025
  affected < 5.14.21-150500.55.124.1fixed 5.14.21-150500.55.124.1

  In the Linux kernel, the following vulnerability has been resolved: fbdev: imxfb: Removed unneeded release_mem_region Remove unnecessary release_mem_region from the error path to prevent mem region from being released twice, which could avoid resource leak or other unexpected i

• CVE-2022-50444Oct 1, 2025
  affected < 5.14.21-150500.55.124.1fixed 5.14.21-150500.55.124.1

  In the Linux kernel, the following vulnerability has been resolved: clk: tegra20: Fix refcount leak in tegra20_clock_init of_find_matching_node() returns a node pointer with refcount incremented, we should use of_node_put() on it when not need anymore. Add missing of_node_put()

• CVE-2022-50443Oct 1, 2025
  affected < 5.14.21-150500.55.124.1fixed 5.14.21-150500.55.124.1

  In the Linux kernel, the following vulnerability has been resolved: drm/rockchip: lvds: fix PM usage counter unbalance in poweron pm_runtime_get_sync will increment pm usage counter even it failed. Forgetting to putting operation will result in reference leak here. We fix it by

• CVE-2022-50441Oct 1, 2025
  affected < 5.14.21-150500.55.124.1fixed 5.14.21-150500.55.124.1

  In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Lag, fix failure to cancel delayed bond work Commit 0d4e8ed139d8 ("net/mlx5: Lag, avoid lockdep warnings") accidentally removed a call to cancel delayed bond work thus it may cause queued delay to exp

• CVE-2022-50440Oct 1, 2025
  affected < 5.14.21-150500.55.124.1fixed 5.14.21-150500.55.124.1

  In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Validate the box size for the snooped cursor Invalid userspace dma surface copies could potentially overflow the memcpy from the surface to the snooped image leading to crashes. To fix it the dimens

• CVE-2022-50439Oct 1, 2025
  affected < 5.14.21-150500.55.124.1fixed 5.14.21-150500.55.124.1

  In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: mt8173: Enable IRQ when pdata is ready If the device does not come straight from reset, we might receive an IRQ before we are ready to handle it. [ 2.334737] Unable to handle kernel read fr

• CVE-2022-50437Oct 1, 2025
  affected < 5.14.21-150500.55.124.1fixed 5.14.21-150500.55.124.1

  In the Linux kernel, the following vulnerability has been resolved: drm/msm/hdmi: fix memory corruption with too many bridges Add the missing sanity check on the bridge counter to avoid corrupting data beyond the fixed-sized bridge array in case there are ever more than eight b

• CVE-2022-50436Oct 1, 2025
  affected < 5.14.21-150500.55.124.1fixed 5.14.21-150500.55.124.1

  In the Linux kernel, the following vulnerability has been resolved: ext4: don't set up encryption key during jbd2 transaction Commit a80f7fcf1867 ("ext4: fixup ext4_fc_track_* functions' signature") extended the scope of the transaction in ext4_unlink() too far, making it inclu

• CVE-2022-50435Oct 1, 2025
  affected < 5.14.21-150500.55.124.1fixed 5.14.21-150500.55.124.1

  In the Linux kernel, the following vulnerability has been resolved: ext4: avoid crash when inline data creation follows DIO write When inode is created and written to using direct IO, there is nothing to clear the EXT4_STATE_MAY_INLINE_DATA flag. Thus when inode gets truncated