VYPR

rpm package

suse/kernel-obs-build&distro=SUSE Linux Enterprise Software Development Kit 12 SP5

pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5

Vulnerabilities (1,486)

  • CVE-2022-48805Jul 16, 2024
    affected < 4.12.14-122.225.1fixed 4.12.14-122.225.1

    In the Linux kernel, the following vulnerability has been resolved: net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup ax88179_rx_fixup() contains several out-of-bounds accesses that can be triggered by a malicious (or defective) USB device, in particular: - The m

  • CVE-2022-48804Jul 16, 2024
    affected < 4.12.14-122.225.1fixed 4.12.14-122.225.1

    In the Linux kernel, the following vulnerability has been resolved: vt_ioctl: fix array_index_nospec in vt_setactivate array_index_nospec ensures that an out-of-bounds value is set to zero on the transient path. Decreasing the value by one afterwards causes a transient integer

  • CVE-2022-48799Jul 16, 2024
    affected < 4.12.14-122.231.1fixed 4.12.14-122.231.1

    In the Linux kernel, the following vulnerability has been resolved: perf: Fix list corruption in perf_cgroup_switch() There's list corruption on cgrp_cpuctx_list. This happens on the following path: perf_cgroup_switch: list_for_each_entry(cgrp_cpuctx_list) cpu_ctx_sche

  • CVE-2022-48794Jul 16, 2024
    affected < 4.12.14-122.225.1fixed 4.12.14-122.225.1

    In the Linux kernel, the following vulnerability has been resolved: net: ieee802154: at86rf230: Stop leaking skb's Upon error the ieee802154_xmit_complete() helper is not called. Only ieee802154_wake_queue() is called manually. In the Tx case we then leak the skb structure. Fr

  • CVE-2022-48792Jul 16, 2024
    affected < 4.12.14-122.225.1fixed 4.12.14-122.225.1

    In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fix use-after-free for aborted SSP/STP sas_task Currently a use-after-free may occur if a sas_task is aborted by the upper layer before we handle the I/O completion in mpi_ssp_completion() or mpi_

  • CVE-2022-48791Jul 16, 2024
    affected < 4.12.14-122.231.1fixed 4.12.14-122.231.1

    In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fix use-after-free for aborted TMF sas_task Currently a use-after-free may occur if a TMF sas_task is aborted before we handle the IO completion in mpi_ssp_completion(). The abort occurs due to ti

  • CVE-2022-48790Jul 16, 2024
    affected < 4.12.14-122.231.1fixed 4.12.14-122.231.1

    In the Linux kernel, the following vulnerability has been resolved: nvme: fix a possible use-after-free in controller reset during load Unlike .queue_rq, in .submit_async_event drivers may not check the ctrl readiness for AER submission. This may lead to a use-after-free condit

  • CVE-2022-48789Jul 16, 2024
    affected < 4.12.14-122.231.1fixed 4.12.14-122.231.1

    In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: fix possible use-after-free in transport error_recovery work While nvme_tcp_submit_async_event_work is checking the ctrl and queue state before preparing the AER command and scheduling io_work, in ord

  • CVE-2022-48788Jul 16, 2024
    affected < 4.12.14-122.231.1fixed 4.12.14-122.231.1

    In the Linux kernel, the following vulnerability has been resolved: nvme-rdma: fix possible use-after-free in transport error_recovery work While nvme_rdma_submit_async_event_work is checking the ctrl and queue state before preparing the AER command and scheduling io_work, in o

  • CVE-2022-48786Jul 16, 2024
    affected < 4.12.14-122.228.2fixed 4.12.14-122.228.2

    In the Linux kernel, the following vulnerability has been resolved: vsock: remove vsock from connected table when connect is interrupted by a signal vsock_connect() expects that the socket could already be in the TCP_ESTABLISHED state when the connecting task wakes up with a si

  • CVE-2022-48775Jul 16, 2024
    affected < 4.12.14-122.225.1fixed 4.12.14-122.225.1

    In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Fix memory leak in vmbus_add_channel_kobj kobject_init_and_add() takes reference even when it fails. According to the doc of kobject_init_and_add(): If this function returns an error, ko

  • CVE-2023-52885Jul 14, 2024
    affected < 4.12.14-122.225.1fixed 4.12.14-122.225.1

    In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix UAF in svc_tcp_listen_data_ready() After the listener svc_sock is freed, and before invoking svc_tcp_accept() for the established child sock, there is a window that the newsock retaining a freed lis

  • CVE-2024-40995MedJul 12, 2024
    affected < 4.12.14-122.225.1fixed 4.12.14-122.225.1

    In the Linux kernel, the following vulnerability has been resolved: net/sched: act_api: fix possible infinite loop in tcf_idr_check_alloc() syzbot found hanging tasks waiting on rtnl_lock [1] A reproducer is available in the syzbot bug. When a request to add multiple actions

  • CVE-2024-40984MedJul 12, 2024
    affected < 4.12.14-122.228.2fixed 4.12.14-122.228.2

    In the Linux kernel, the following vulnerability has been resolved: ACPICA: Revert "ACPICA: avoid Info: mapping multiple BARs. Your kernel is fine." Undo the modifications made in commit d410ee5109a1 ("ACPICA: avoid "Info: mapping multiple BARs. Your kernel is fine.""). The ini

  • CVE-2024-40978HigJul 12, 2024
    affected < 4.12.14-122.225.1fixed 4.12.14-122.225.1

    In the Linux kernel, the following vulnerability has been resolved: scsi: qedi: Fix crash while reading debugfs attribute The qedi_dbg_do_not_recover_cmd_read() function invokes sprintf() directly on a __user pointer, which results into the crash. To fix this issue, use a smal

  • CVE-2024-40959MedJul 12, 2024
    affected < 4.12.14-122.225.1fixed 4.12.14-122.225.1

    In the Linux kernel, the following vulnerability has been resolved: xfrm6: check ip6_dst_idev() return value in xfrm6_get_saddr() ip6_dst_idev() can return NULL, xfrm6_get_saddr() must act accordingly. syzbot reported: Oops: general protection fault, probably for non-canonica

  • CVE-2024-40942MedJul 12, 2024
    affected < 4.12.14-122.225.1fixed 4.12.14-122.225.1

    In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: mesh: Fix leak of mesh_preq_queue objects The hwmp code use objects of type mesh_preq_queue, added to a list in ieee80211_if_mesh, to keep track of mpath we need to resolve. If the mpath gets de

  • CVE-2024-40941MedJul 12, 2024
    affected < 4.12.14-122.225.1fixed 4.12.14-122.225.1

    In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: don't read past the mfuart notifcation In case the firmware sends a notification that claims it has more data than it has, we will read past that was allocated for the notification. Remove t

  • CVE-2024-40912MedJul 12, 2024
    affected < 4.12.14-122.225.1fixed 4.12.14-122.225.1

    In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: Fix deadlock in ieee80211_sta_ps_deliver_wakeup() The ieee80211_sta_ps_deliver_wakeup() function takes sta->ps_lock to synchronizes with ieee80211_tx_h_unicast_ps_buf() which is called from soft

  • CVE-2024-39509MedJul 12, 2024
    affected < 4.12.14-122.225.1fixed 4.12.14-122.225.1

    In the Linux kernel, the following vulnerability has been resolved: HID: core: remove unnecessary WARN_ON() in implement() Syzkaller hit a warning [1] in a call to implement() when trying to write a value into a field of smaller size in an output report. Since implement() alre

Page 10 of 75