suse/kernel-preempt&distro=SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS

Vulnerabilities (1,350)

• CVE-2023-52919Oct 22, 2024
  affected < 5.3.18-150300.59.182.1fixed 5.3.18-150300.59.182.1

  In the Linux kernel, the following vulnerability has been resolved: nfc: nci: fix possible NULL pointer dereference in send_acknowledge() Handle memory allocation failure from nci_skb_alloc() (calling alloc_skb()) to avoid possible NULL pointer dereference.

• CVE-2022-49032Oct 21, 2024
  affected < 5.3.18-150300.59.185.1fixed 5.3.18-150300.59.185.1

  In the Linux kernel, the following vulnerability has been resolved: iio: health: afe4404: Fix oob read in afe4404_[read|write]_raw KASAN report out-of-bounds read as follows: BUG: KASAN: global-out-of-bounds in afe4404_read_raw+0x2ce/0x380 Read of size 4 at addr ffffffffc00e46

• CVE-2022-49031Oct 21, 2024
  affected < 5.3.18-150300.59.185.1fixed 5.3.18-150300.59.185.1

  In the Linux kernel, the following vulnerability has been resolved: iio: health: afe4403: Fix oob read in afe4403_read_raw KASAN report out-of-bounds read as follows: BUG: KASAN: global-out-of-bounds in afe4403_read_raw+0x42e/0x4c0 Read of size 4 at addr ffffffffc02ac638 by ta

• CVE-2022-49029Oct 21, 2024
  affected < 5.3.18-150300.59.185.1fixed 5.3.18-150300.59.185.1

  In the Linux kernel, the following vulnerability has been resolved: hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails Smatch report warning as follows: drivers/hwmon/ibmpex.c:509 ibmpex_register_bmc() warn: '&data->list' not removed from list If ibmpex_find_

• CVE-2022-49025Oct 21, 2024
  affected < 5.3.18-150300.59.182.1fixed 5.3.18-150300.59.182.1

  In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix use-after-free when reverting termination table When having multiple dests with termination tables and second one or afterwards fails the driver reverts usage of term tables but doesn't reset the

• CVE-2022-49023Oct 21, 2024
  affected < 5.3.18-150300.59.182.1fixed 5.3.18-150300.59.182.1

  In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: fix buffer overflow in elem comparison For vendor elements, the code here assumes that 5 octets are present without checking. Since the element itself is already checked to fit, we only need to

• CVE-2022-49022Oct 21, 2024
  affected < 5.3.18-150300.59.185.1fixed 5.3.18-150300.59.185.1

  In the Linux kernel, the following vulnerability has been resolved: wifi: mac8021: fix possible oob access in ieee80211_get_rate_duration Fix possible out-of-bound access in ieee80211_get_rate_duration routine as reported by the following UBSAN report: UBSAN: array-index-out-o

• CVE-2022-49021Oct 21, 2024
  affected < 5.3.18-150300.59.185.1fixed 5.3.18-150300.59.185.1

  In the Linux kernel, the following vulnerability has been resolved: net: phy: fix null-ptr-deref while probe() failed I got a null-ptr-deref report as following when doing fault injection test: BUG: kernel NULL pointer dereference, address: 0000000000000058 Oops: 0000 [#1] PRE

• CVE-2022-49019Oct 21, 2024
  affected < 5.3.18-150300.59.185.1fixed 5.3.18-150300.59.185.1

  In the Linux kernel, the following vulnerability has been resolved: net: ethernet: nixge: fix NULL dereference In function nixge_hw_dma_bd_release() dereference of NULL pointer priv->rx_bd_v is possible for the case of its allocation failure in nixge_hw_dma_bd_init(). Move for

• CVE-2022-49015Oct 21, 2024
  affected < 5.3.18-150300.59.182.1fixed 5.3.18-150300.59.182.1

  In the Linux kernel, the following vulnerability has been resolved: net: hsr: Fix potential use-after-free The skb is delivered to netif_rx() which may free it, after calling this, dereferencing skb may trigger use-after-free.

• CVE-2022-49014Oct 21, 2024
  affected < 5.3.18-150300.59.182.1fixed 5.3.18-150300.59.182.1

  In the Linux kernel, the following vulnerability has been resolved: net: tun: Fix use-after-free in tun_detach() syzbot reported use-after-free in tun_detach() [1]. This causes call trace like below: ================================================================== BUG: KASA

• CVE-2022-49011Oct 21, 2024
  affected < 5.3.18-150300.59.185.1fixed 5.3.18-150300.59.185.1

  In the Linux kernel, the following vulnerability has been resolved: hwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new() As comment of pci_get_domain_bus_and_slot() says, it returns a pci device with refcount increment, when finish using it, the caller must decremen

• CVE-2022-49010Oct 21, 2024
  affected < 5.3.18-150300.59.185.1fixed 5.3.18-150300.59.185.1

  In the Linux kernel, the following vulnerability has been resolved: hwmon: (coretemp) Check for null before removing sysfs attrs If coretemp_add_core() gets an error then pdata->core_data[indx] is already NULL and has been kfreed. Don't pass that to sysfs_remove_group() as that

• CVE-2022-49006Oct 21, 2024
  affected < 5.3.18-150300.59.185.1fixed 5.3.18-150300.59.185.1

  In the Linux kernel, the following vulnerability has been resolved: tracing: Free buffers when a used dynamic event is removed After 65536 dynamic events have been added and removed, the "type" field of the event then uses the first type number that is available (not currently

• CVE-2022-49003Oct 21, 2024
  affected < 5.3.18-150300.59.182.1fixed 5.3.18-150300.59.182.1

  In the Linux kernel, the following vulnerability has been resolved: nvme: fix SRCU protection of nvme_ns_head list Walking the nvme_ns_head siblings list is protected by the head's srcu in nvme_ns_head_submit_bio() but not nvme_mpath_revalidate_paths(). Removing namespaces from

• CVE-2022-48999Oct 21, 2024
  affected < 5.3.18-150300.59.182.1fixed 5.3.18-150300.59.182.1

  In the Linux kernel, the following vulnerability has been resolved: ipv4: Handle attempt to delete multipath route when fib_info contains an nh reference Gwangun Jung reported a slab-out-of-bounds access in fib_nh_match: fib_nh_match+0xf98/0x1130 linux-6.0-rc7/net/ipv4/fib_

• CVE-2022-48991Oct 21, 2024
  affected < 5.3.18-150300.59.182.1fixed 5.3.18-150300.59.182.1

  In the Linux kernel, the following vulnerability has been resolved: mm/khugepaged: invoke MMU notifiers in shmem/file collapse paths Any codepath that zaps page table entries must invoke MMU notifiers to ensure that secondary MMUs (like KVM) don't keep accessing pages which are

• CVE-2022-48988Oct 21, 2024
  affected < 5.3.18-150300.59.182.1fixed 5.3.18-150300.59.182.1

  In the Linux kernel, the following vulnerability has been resolved: memcg: fix possible use-after-free in memcg_write_event_control() memcg_write_event_control() accesses the dentry->d_name of the specified control fd to route the write call. As a cgroup interface file can't b

• CVE-2022-48985Oct 21, 2024
  affected < 5.3.18-150300.59.185.1fixed 5.3.18-150300.59.185.1

  In the Linux kernel, the following vulnerability has been resolved: net: mana: Fix race on per-CQ variable napi work_done After calling napi_complete_done(), the NAPIF_STATE_SCHED bit may be cleared, and another CPU can start napi thread and access per-CQ variable, cq->work_don

• CVE-2022-48970Oct 21, 2024
  affected < 5.3.18-150300.59.182.1fixed 5.3.18-150300.59.182.1

  In the Linux kernel, the following vulnerability has been resolved: af_unix: Get user_ns from in_skb in unix_diag_get_exact(). Wei Chen reported a NULL deref in sk_user_ns() [0][1], and Paolo diagnosed the root cause: in unix_diag_get_exact(), the newly allocated skb does not h