rpm package
suse/kernel-preempt&distro=SUSE Linux Enterprise Server 15 SP2-LTSS
pkg:rpm/suse/kernel-preempt&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSS
Vulnerabilities (812)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-48925 | — | < 5.3.18-150200.24.203.1 | 5.3.18-150200.24.203.1 | Aug 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: RDMA/cma: Do not change route.addr.src_addr outside state checks If the state is not idle then resolve_prepare_src() should immediately fail and no change to global state should happen. However, it unconditiona | ||
| CVE-2022-48919 | — | < 5.3.18-150200.24.203.1 | 5.3.18-150200.24.203.1 | Aug 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: cifs: fix double free race when mount fails in cifs_get_root() When cifs_get_root() fails during cifs_smb3_do_mount() we call deactivate_locked_super() which eventually will call delayed_free() which will free | ||
| CVE-2022-48912 | — | < 5.3.18-150200.24.203.1 | 5.3.18-150200.24.203.1 | Aug 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: netfilter: fix use-after-free in __nf_register_net_hook() We must not dereference @new_hooks after nf_hook_mutex has been released, because other threads might have freed our allocated hooks already. BUG: KASA | ||
| CVE-2022-48911 | — | < 5.3.18-150200.24.206.1 | 5.3.18-150200.24.206.1 | Aug 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_queue: fix possible use-after-free Eric Dumazet says: The sock_hold() side seems suspect, because there is no guarantee that sk_refcnt is not already 0. On failure, we cannot queue the packet | ||
| CVE-2022-48901 | — | < 5.3.18-150200.24.203.1 | 5.3.18-150200.24.203.1 | Aug 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: btrfs: do not start relocation until in progress drops are done We hit a bug with a recovering relocation on mount for one of our file systems in production. I reproduced this locally by injecting errors into | ||
| CVE-2022-48873 | — | < 5.3.18-150200.24.203.1 | 5.3.18-150200.24.203.1 | Aug 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: Don't remove map on creater_process and device_release Do not remove the map from the list on error path in fastrpc_init_create_process, instead call fastrpc_map_put, to avoid use-after-free. Do | ||
| CVE-2022-48872 | — | < 5.3.18-150200.24.203.1 | 5.3.18-150200.24.203.1 | Aug 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: Fix use-after-free race condition for maps It is possible that in between calling fastrpc_map_get() until map->fl->lock is taken in fastrpc_free_map(), another thread can call fastrpc_map_lookup( | ||
| CVE-2024-43882 | Hig | 7.0 | < 5.3.18-150200.24.203.1 | 5.3.18-150200.24.203.1 | Aug 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: exec: Fix ToCToU between perm check and set-uid/gid usage When opening a file for exec via do_filp_open(), permission checking is done against the file's metadata at that moment, and on success, a file pointer | |
| CVE-2024-43861 | — | < 5.3.18-150200.24.203.1 | 5.3.18-150200.24.203.1 | Aug 20, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: usb: qmi_wwan: fix memory leak for not ip packets Free the unused skb when not ip packets arrive. | ||
| CVE-2024-42271 | — | < 5.3.18-150200.24.203.1 | 5.3.18-150200.24.203.1 | Aug 17, 2024 | In the Linux kernel, the following vulnerability has been resolved: net/iucv: fix use after free in iucv_sock_close() iucv_sever_path() is called from process context and from bh context. iucv->path is used as indicator whether somebody else is taking care of severing the path | ||
| CVE-2024-42232 | — | < 5.3.18-150200.24.203.1 | 5.3.18-150200.24.203.1 | Aug 7, 2024 | In the Linux kernel, the following vulnerability has been resolved: libceph: fix race between delayed_work() and ceph_monc_stop() The way the delayed work is handled in ceph_monc_stop() is prone to races with mon_fault() and possibly also finish_hunting(). Both of these can re | ||
| CVE-2024-42145 | — | < 5.3.18-150200.24.200.1 | 5.3.18-150200.24.200.1 | Jul 30, 2024 | In the Linux kernel, the following vulnerability has been resolved: IB/core: Implement a limit on UMAD receive List The existing behavior of ib_umad, which maintains received MAD packets in an unbounded list, poses a risk of uncontrolled growth. As user-space applications extra | ||
| CVE-2024-42077 | — | < 5.3.18-150200.24.203.1 | 5.3.18-150200.24.203.1 | Jul 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix DIO failure due to insufficient transaction credits The code in ocfs2_dio_end_io_write() estimates number of necessary transaction credits using ocfs2_calc_extend_credits(). This however does not ta | ||
| CVE-2024-41087 | — | < 5.3.18-150200.24.206.1 | 5.3.18-150200.24.206.1 | Jul 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: ata: libata-core: Fix double free on error If e.g. the ata_port_alloc() call in ata_host_alloc() fails, we will jump to the err_out label, which will call devres_release_group(). devres_release_group() will tri | ||
| CVE-2024-41069 | — | < 5.3.18-150200.24.200.1 | 5.3.18-150200.24.200.1 | Jul 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: ASoC: topology: Fix references to freed memory Most users after parsing a topology file, release memory used by it, so having pointer references directly into topology file contents is wrong. Use devm_kmemdup() | ||
| CVE-2024-41062 | — | < 5.3.18-150200.24.203.1 | 5.3.18-150200.24.203.1 | Jul 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: bluetooth/l2cap: sync sock recv cb and release The problem occurs between the system call to close the sock and hci_rx_work, where the former releases the sock and the latter accesses it without lock protection | ||
| CVE-2024-41059 | — | < 5.3.18-150200.24.200.1 | 5.3.18-150200.24.200.1 | Jul 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix uninit-value in copy_name [syzbot reported] BUG: KMSAN: uninit-value in sized_strscpy+0xc4/0x160 sized_strscpy+0xc4/0x160 copy_name+0x2af/0x320 fs/hfsplus/xattr.c:411 hfsplus_listxattr+0x11e9/0x | ||
| CVE-2024-41090 | — | < 5.3.18-150200.24.200.1 | 5.3.18-150200.24.200.1 | Jul 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: tap: add missing verification for short frame The cited commit missed to check against the validity of the frame length in the tap_get_user_xdp() path, which could cause a corrupted skb to be sent downstack. Ev | ||
| CVE-2024-41011 | — | < 5.3.18-150200.24.200.1 | 5.3.18-150200.24.200.1 | Jul 18, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: don't allow mapping the MMIO HDP page with large pages We don't get the right offset in that case. The GPU has an unused 4K area of the register BAR space into which you can remap registers. We re | ||
| CVE-2022-48853 | — | < 5.3.18-150200.24.203.1 | 5.3.18-150200.24.203.1 | Jul 16, 2024 | In the Linux kernel, the following vulnerability has been resolved: swiotlb: fix info leak with DMA_FROM_DEVICE The problem I'm addressing was discovered by the LTP test covering cve-2018-1000204. A short description of what happens follows: 1) The test case issues a command c |
- CVE-2022-48925Aug 22, 2024affected < 5.3.18-150200.24.203.1fixed 5.3.18-150200.24.203.1
In the Linux kernel, the following vulnerability has been resolved: RDMA/cma: Do not change route.addr.src_addr outside state checks If the state is not idle then resolve_prepare_src() should immediately fail and no change to global state should happen. However, it unconditiona
- CVE-2022-48919Aug 22, 2024affected < 5.3.18-150200.24.203.1fixed 5.3.18-150200.24.203.1
In the Linux kernel, the following vulnerability has been resolved: cifs: fix double free race when mount fails in cifs_get_root() When cifs_get_root() fails during cifs_smb3_do_mount() we call deactivate_locked_super() which eventually will call delayed_free() which will free
- CVE-2022-48912Aug 22, 2024affected < 5.3.18-150200.24.203.1fixed 5.3.18-150200.24.203.1
In the Linux kernel, the following vulnerability has been resolved: netfilter: fix use-after-free in __nf_register_net_hook() We must not dereference @new_hooks after nf_hook_mutex has been released, because other threads might have freed our allocated hooks already. BUG: KASA
- CVE-2022-48911Aug 22, 2024affected < 5.3.18-150200.24.206.1fixed 5.3.18-150200.24.206.1
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_queue: fix possible use-after-free Eric Dumazet says: The sock_hold() side seems suspect, because there is no guarantee that sk_refcnt is not already 0. On failure, we cannot queue the packet
- CVE-2022-48901Aug 22, 2024affected < 5.3.18-150200.24.203.1fixed 5.3.18-150200.24.203.1
In the Linux kernel, the following vulnerability has been resolved: btrfs: do not start relocation until in progress drops are done We hit a bug with a recovering relocation on mount for one of our file systems in production. I reproduced this locally by injecting errors into
- CVE-2022-48873Aug 21, 2024affected < 5.3.18-150200.24.203.1fixed 5.3.18-150200.24.203.1
In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: Don't remove map on creater_process and device_release Do not remove the map from the list on error path in fastrpc_init_create_process, instead call fastrpc_map_put, to avoid use-after-free. Do
- CVE-2022-48872Aug 21, 2024affected < 5.3.18-150200.24.203.1fixed 5.3.18-150200.24.203.1
In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: Fix use-after-free race condition for maps It is possible that in between calling fastrpc_map_get() until map->fl->lock is taken in fastrpc_free_map(), another thread can call fastrpc_map_lookup(
- affected < 5.3.18-150200.24.203.1fixed 5.3.18-150200.24.203.1
In the Linux kernel, the following vulnerability has been resolved: exec: Fix ToCToU between perm check and set-uid/gid usage When opening a file for exec via do_filp_open(), permission checking is done against the file's metadata at that moment, and on success, a file pointer
- CVE-2024-43861Aug 20, 2024affected < 5.3.18-150200.24.203.1fixed 5.3.18-150200.24.203.1
In the Linux kernel, the following vulnerability has been resolved: net: usb: qmi_wwan: fix memory leak for not ip packets Free the unused skb when not ip packets arrive.
- CVE-2024-42271Aug 17, 2024affected < 5.3.18-150200.24.203.1fixed 5.3.18-150200.24.203.1
In the Linux kernel, the following vulnerability has been resolved: net/iucv: fix use after free in iucv_sock_close() iucv_sever_path() is called from process context and from bh context. iucv->path is used as indicator whether somebody else is taking care of severing the path
- CVE-2024-42232Aug 7, 2024affected < 5.3.18-150200.24.203.1fixed 5.3.18-150200.24.203.1
In the Linux kernel, the following vulnerability has been resolved: libceph: fix race between delayed_work() and ceph_monc_stop() The way the delayed work is handled in ceph_monc_stop() is prone to races with mon_fault() and possibly also finish_hunting(). Both of these can re
- CVE-2024-42145Jul 30, 2024affected < 5.3.18-150200.24.200.1fixed 5.3.18-150200.24.200.1
In the Linux kernel, the following vulnerability has been resolved: IB/core: Implement a limit on UMAD receive List The existing behavior of ib_umad, which maintains received MAD packets in an unbounded list, poses a risk of uncontrolled growth. As user-space applications extra
- CVE-2024-42077Jul 29, 2024affected < 5.3.18-150200.24.203.1fixed 5.3.18-150200.24.203.1
In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix DIO failure due to insufficient transaction credits The code in ocfs2_dio_end_io_write() estimates number of necessary transaction credits using ocfs2_calc_extend_credits(). This however does not ta
- CVE-2024-41087Jul 29, 2024affected < 5.3.18-150200.24.206.1fixed 5.3.18-150200.24.206.1
In the Linux kernel, the following vulnerability has been resolved: ata: libata-core: Fix double free on error If e.g. the ata_port_alloc() call in ata_host_alloc() fails, we will jump to the err_out label, which will call devres_release_group(). devres_release_group() will tri
- CVE-2024-41069Jul 29, 2024affected < 5.3.18-150200.24.200.1fixed 5.3.18-150200.24.200.1
In the Linux kernel, the following vulnerability has been resolved: ASoC: topology: Fix references to freed memory Most users after parsing a topology file, release memory used by it, so having pointer references directly into topology file contents is wrong. Use devm_kmemdup()
- CVE-2024-41062Jul 29, 2024affected < 5.3.18-150200.24.203.1fixed 5.3.18-150200.24.203.1
In the Linux kernel, the following vulnerability has been resolved: bluetooth/l2cap: sync sock recv cb and release The problem occurs between the system call to close the sock and hci_rx_work, where the former releases the sock and the latter accesses it without lock protection
- CVE-2024-41059Jul 29, 2024affected < 5.3.18-150200.24.200.1fixed 5.3.18-150200.24.200.1
In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix uninit-value in copy_name [syzbot reported] BUG: KMSAN: uninit-value in sized_strscpy+0xc4/0x160 sized_strscpy+0xc4/0x160 copy_name+0x2af/0x320 fs/hfsplus/xattr.c:411 hfsplus_listxattr+0x11e9/0x
- CVE-2024-41090Jul 29, 2024affected < 5.3.18-150200.24.200.1fixed 5.3.18-150200.24.200.1
In the Linux kernel, the following vulnerability has been resolved: tap: add missing verification for short frame The cited commit missed to check against the validity of the frame length in the tap_get_user_xdp() path, which could cause a corrupted skb to be sent downstack. Ev
- CVE-2024-41011Jul 18, 2024affected < 5.3.18-150200.24.200.1fixed 5.3.18-150200.24.200.1
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: don't allow mapping the MMIO HDP page with large pages We don't get the right offset in that case. The GPU has an unused 4K area of the register BAR space into which you can remap registers. We re
- CVE-2022-48853Jul 16, 2024affected < 5.3.18-150200.24.203.1fixed 5.3.18-150200.24.203.1
In the Linux kernel, the following vulnerability has been resolved: swiotlb: fix info leak with DMA_FROM_DEVICE The problem I'm addressing was discovered by the LTP test covering cve-2018-1000204. A short description of what happens follows: 1) The test case issues a command c
Page 4 of 41