rpm package

suse/kernel-obs-build&distro=SUSE Linux Enterprise Software Development Kit 12 SP5

pkg:rpm/suse/kernel-obs-build&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5

Vulnerabilities (1,486)

CVE	CVSS	Affected versions	Fixed in	Published	Description
CVE-2021-46974	—	< 4.12.14-122.201.2	4.12.14-122.201.2	Feb 27, 2024	In the Linux kernel, the following vulnerability has been resolved: bpf: Fix masking negation logic upon negative dst register The negation logic for the case where the off_reg is sitting in the dst register is not correct given then we cannot just invert the add to a sub or vi
CVE-2021-46966	—	< 4.12.14-122.216.1	4.12.14-122.216.1	Feb 27, 2024	In the Linux kernel, the following vulnerability has been resolved: ACPI: custom_method: fix potential use-after-free issue In cm_write(), buf is always freed when reaching the end of the function. If the requested count is less than table.length, the allocated buffer will be
CVE-2021-46964	—	< 4.12.14-122.216.1	4.12.14-122.216.1	Feb 27, 2024	In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Reserve extra IRQ vectors Commit a6dcfe08487e ("scsi: qla2xxx: Limit interrupt vectors to number of CPUs") lowers the number of allocated MSI-X vectors to the number of CPUs. That breaks vector
CVE-2021-46963	—	< 4.12.14-122.216.1	4.12.14-122.216.1	Feb 27, 2024	In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix crash in qla2xxx_mqueuecommand() RIP: 0010:kmem_cache_free+0xfa/0x1b0 Call Trace: qla2xxx_mqueuecommand+0x2b5/0x2c0 [qla2xxx] scsi_queue_rq+0x5e2/0xa40 __blk_mq_t
CVE-2021-46960	—	< 4.12.14-122.216.1	4.12.14-122.216.1	Feb 27, 2024	In the Linux kernel, the following vulnerability has been resolved: cifs: Return correct error code from smb2_get_enc_key Avoid a warning if the error percolates back up: [440700.376476] CIFS VFS: \\otters.example.com crypt_message: Could not get encryption key [440700.386947]
CVE-2021-46958	—	< 4.12.14-122.216.1	4.12.14-122.216.1	Feb 27, 2024	In the Linux kernel, the following vulnerability has been resolved: btrfs: fix race between transaction aborts and fsyncs leading to use-after-free There is a race between a task aborting a transaction during a commit, a task doing an fsync and the transaction kthread, which le
CVE-2021-46955	—	< 4.12.14-122.219.1	4.12.14-122.219.1	Feb 27, 2024	In the Linux kernel, the following vulnerability has been resolved: openvswitch: fix stack OOB read while fragmenting IPv4 packets running openvswitch on kernels built with KASAN, it's possible to see the following splat while testing fragmentation of IPv4 packets: BUG: KASAN
CVE-2021-46953	—	< 4.12.14-122.201.2	4.12.14-122.201.2	Feb 27, 2024	In the Linux kernel, the following vulnerability has been resolved: ACPI: GTDT: Don't corrupt interrupt mappings on watchdow probe failure When failing the driver probe because of invalid firmware properties, the GTDT driver unmaps the interrupt that it mapped earlier. However
CVE-2021-46950	—	< 4.12.14-122.216.1	4.12.14-122.216.1	Feb 27, 2024	In the Linux kernel, the following vulnerability has been resolved: md/raid1: properly indicate failure when ending a failed write request This patch addresses a data corruption bug in raid1 arrays using bitmaps. Without this fix, the bitmap bits for the failed I/O end up being
CVE-2021-46941	—	< 4.12.14-122.216.1	4.12.14-122.216.1	Feb 27, 2024	In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: core: Do core softreset when switch mode According to the programming guide, to switch mode for DRD controller, the driver needs to do the following. To switch from device to host: 1. Reset control
CVE-2021-46939	—	< 4.12.14-122.216.1	4.12.14-122.216.1	Feb 27, 2024	In the Linux kernel, the following vulnerability has been resolved: tracing: Restructure trace_clock_global() to never block It was reported that a fix to the ring buffer recursion detection would cause a hung machine when performing suspend / resume testing. The following back
CVE-2021-46938	—	< 4.12.14-122.216.1	4.12.14-122.216.1	Feb 27, 2024	In the Linux kernel, the following vulnerability has been resolved: dm rq: fix double free of blk_mq_tag_set in dev remove after table load fails When loading a device-mapper table for a request-based mapped device, and the allocation/initialization of the blk_mq_tag_set for th
CVE-2020-36777	—	< 4.12.14-122.201.2	4.12.14-122.201.2	Feb 27, 2024	In the Linux kernel, the following vulnerability has been resolved: media: dvbdev: Fix memory leak in dvb_media_device_free() dvb_media_device_free() is leaking memory. Free `dvbdev->adapter->conn` before setting it to NULL, as documented in include/media/media-device.h: "The m
CVE-2021-46933	—	< 4.12.14-122.219.1	4.12.14-122.219.1	Feb 27, 2024	In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_fs: Clear ffs_eventfd in ffs_data_clear. ffs_data_clear is indirectly called from both ffs_fs_kill_sb and ffs_ep0_release, so it ends up being called twice when userland closes ep0 and then unmou
CVE-2021-46932	—	< 4.12.14-122.201.2	4.12.14-122.201.2	Feb 27, 2024	In the Linux kernel, the following vulnerability has been resolved: Input: appletouch - initialize work before device registration Syzbot has reported warning in __flush_work(). This warning is caused by work->func == NULL, which means missing work initialization. This may hap
CVE-2021-46929	—	< 4.12.14-122.201.2	4.12.14-122.201.2	Feb 27, 2024	In the Linux kernel, the following vulnerability has been resolved: sctp: use call_rcu to free endpoint This patch is to delay the endpoint free by calling call_rcu() to fix another use-after-free issue in sctp_sock_dump(): BUG: KASAN: use-after-free in __lock_acquire+0x36d9
CVE-2021-46924	—	< 4.12.14-122.201.2	4.12.14-122.201.2	Feb 27, 2024	In the Linux kernel, the following vulnerability has been resolved: NFC: st21nfca: Fix memory leak in device probe and remove 'phy->pending_skb' is alloced when device probe, but forgot to free in the error handling path and remove path, this cause memory leak as follows: unre
CVE-2021-46921	—	< 4.12.14-122.201.2	4.12.14-122.201.2	Feb 27, 2024	In the Linux kernel, the following vulnerability has been resolved: locking/qrwlock: Fix ordering in queued_write_lock_slowpath() While this code is executed with the wait_lock held, a reader can acquire the lock without holding wait_lock. The writer side loops checking the va
CVE-2021-46915	—	< 4.12.14-122.201.2	4.12.14-122.201.2	Feb 27, 2024	In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_limit: avoid possible divide error in nft_limit_init div_u64() divides u64 by u32. nft_limit_init() wants to divide u64 by u64, use the appropriate math function (div64_u64) divide error: 0000
CVE-2021-46909	—	< 4.12.14-122.216.1	4.12.14-122.216.1	Feb 27, 2024	In the Linux kernel, the following vulnerability has been resolved: ARM: footbridge: fix PCI interrupt mapping Since commit 30fdfb929e82 ("PCI: Add a call to pci_assign_irq() in pci_device_probe()"), the PCI code will call the IRQ mapping function whenever a PCI driver is probe

CVE-2021-46974Feb 27, 2024
affected < 4.12.14-122.201.2fixed 4.12.14-122.201.2
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix masking negation logic upon negative dst register The negation logic for the case where the off_reg is sitting in the dst register is not correct given then we cannot just invert the add to a sub or vi
CVE-2021-46966Feb 27, 2024
affected < 4.12.14-122.216.1fixed 4.12.14-122.216.1
In the Linux kernel, the following vulnerability has been resolved: ACPI: custom_method: fix potential use-after-free issue In cm_write(), buf is always freed when reaching the end of the function. If the requested count is less than table.length, the allocated buffer will be
CVE-2021-46964Feb 27, 2024
affected < 4.12.14-122.216.1fixed 4.12.14-122.216.1
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Reserve extra IRQ vectors Commit a6dcfe08487e ("scsi: qla2xxx: Limit interrupt vectors to number of CPUs") lowers the number of allocated MSI-X vectors to the number of CPUs. That breaks vector
CVE-2021-46963Feb 27, 2024
affected < 4.12.14-122.216.1fixed 4.12.14-122.216.1
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix crash in qla2xxx_mqueuecommand() RIP: 0010:kmem_cache_free+0xfa/0x1b0 Call Trace: qla2xxx_mqueuecommand+0x2b5/0x2c0 [qla2xxx] scsi_queue_rq+0x5e2/0xa40 __blk_mq_t
CVE-2021-46960Feb 27, 2024
affected < 4.12.14-122.216.1fixed 4.12.14-122.216.1
In the Linux kernel, the following vulnerability has been resolved: cifs: Return correct error code from smb2_get_enc_key Avoid a warning if the error percolates back up: [440700.376476] CIFS VFS: \\otters.example.com crypt_message: Could not get encryption key [440700.386947]
CVE-2021-46958Feb 27, 2024
affected < 4.12.14-122.216.1fixed 4.12.14-122.216.1
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix race between transaction aborts and fsyncs leading to use-after-free There is a race between a task aborting a transaction during a commit, a task doing an fsync and the transaction kthread, which le
CVE-2021-46955Feb 27, 2024
affected < 4.12.14-122.219.1fixed 4.12.14-122.219.1
In the Linux kernel, the following vulnerability has been resolved: openvswitch: fix stack OOB read while fragmenting IPv4 packets running openvswitch on kernels built with KASAN, it's possible to see the following splat while testing fragmentation of IPv4 packets: BUG: KASAN
CVE-2021-46953Feb 27, 2024
affected < 4.12.14-122.201.2fixed 4.12.14-122.201.2
In the Linux kernel, the following vulnerability has been resolved: ACPI: GTDT: Don't corrupt interrupt mappings on watchdow probe failure When failing the driver probe because of invalid firmware properties, the GTDT driver unmaps the interrupt that it mapped earlier. However
CVE-2021-46950Feb 27, 2024
affected < 4.12.14-122.216.1fixed 4.12.14-122.216.1
In the Linux kernel, the following vulnerability has been resolved: md/raid1: properly indicate failure when ending a failed write request This patch addresses a data corruption bug in raid1 arrays using bitmaps. Without this fix, the bitmap bits for the failed I/O end up being
CVE-2021-46941Feb 27, 2024
affected < 4.12.14-122.216.1fixed 4.12.14-122.216.1
In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: core: Do core softreset when switch mode According to the programming guide, to switch mode for DRD controller, the driver needs to do the following. To switch from device to host: 1. Reset control
CVE-2021-46939Feb 27, 2024
affected < 4.12.14-122.216.1fixed 4.12.14-122.216.1
In the Linux kernel, the following vulnerability has been resolved: tracing: Restructure trace_clock_global() to never block It was reported that a fix to the ring buffer recursion detection would cause a hung machine when performing suspend / resume testing. The following back
CVE-2021-46938Feb 27, 2024
affected < 4.12.14-122.216.1fixed 4.12.14-122.216.1
In the Linux kernel, the following vulnerability has been resolved: dm rq: fix double free of blk_mq_tag_set in dev remove after table load fails When loading a device-mapper table for a request-based mapped device, and the allocation/initialization of the blk_mq_tag_set for th
CVE-2020-36777Feb 27, 2024
affected < 4.12.14-122.201.2fixed 4.12.14-122.201.2
In the Linux kernel, the following vulnerability has been resolved: media: dvbdev: Fix memory leak in dvb_media_device_free() dvb_media_device_free() is leaking memory. Free `dvbdev->adapter->conn` before setting it to NULL, as documented in include/media/media-device.h: "The m
CVE-2021-46933Feb 27, 2024
affected < 4.12.14-122.219.1fixed 4.12.14-122.219.1
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_fs: Clear ffs_eventfd in ffs_data_clear. ffs_data_clear is indirectly called from both ffs_fs_kill_sb and ffs_ep0_release, so it ends up being called twice when userland closes ep0 and then unmou
CVE-2021-46932Feb 27, 2024
affected < 4.12.14-122.201.2fixed 4.12.14-122.201.2
In the Linux kernel, the following vulnerability has been resolved: Input: appletouch - initialize work before device registration Syzbot has reported warning in __flush_work(). This warning is caused by work->func == NULL, which means missing work initialization. This may hap
CVE-2021-46929Feb 27, 2024
affected < 4.12.14-122.201.2fixed 4.12.14-122.201.2
In the Linux kernel, the following vulnerability has been resolved: sctp: use call_rcu to free endpoint This patch is to delay the endpoint free by calling call_rcu() to fix another use-after-free issue in sctp_sock_dump(): BUG: KASAN: use-after-free in __lock_acquire+0x36d9
CVE-2021-46924Feb 27, 2024
affected < 4.12.14-122.201.2fixed 4.12.14-122.201.2
In the Linux kernel, the following vulnerability has been resolved: NFC: st21nfca: Fix memory leak in device probe and remove 'phy->pending_skb' is alloced when device probe, but forgot to free in the error handling path and remove path, this cause memory leak as follows: unre
CVE-2021-46921Feb 27, 2024
affected < 4.12.14-122.201.2fixed 4.12.14-122.201.2
In the Linux kernel, the following vulnerability has been resolved: locking/qrwlock: Fix ordering in queued_write_lock_slowpath() While this code is executed with the wait_lock held, a reader can acquire the lock without holding wait_lock. The writer side loops checking the va
CVE-2021-46915Feb 27, 2024
affected < 4.12.14-122.201.2fixed 4.12.14-122.201.2
In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_limit: avoid possible divide error in nft_limit_init div_u64() divides u64 by u32. nft_limit_init() wants to divide u64 by u64, use the appropriate math function (div64_u64) divide error: 0000
CVE-2021-46909Feb 27, 2024
affected < 4.12.14-122.216.1fixed 4.12.14-122.216.1
In the Linux kernel, the following vulnerability has been resolved: ARM: footbridge: fix PCI interrupt mapping Since commit 30fdfb929e82 ("PCI: Add a call to pci_assign_irq() in pci_device_probe()"), the PCI code will call the IRQ mapping function whenever a PCI driver is probe

Page 42 of 75