suse/kernel-rt&distro=SUSE Linux Enterprise Micro 5.2

Vulnerabilities (1,678)

• CVE-2022-49977Jun 18, 2025
  affected < 5.3.18-150300.214.1fixed 5.3.18-150300.214.1

  In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix NULL pointer dereference in is_ftrace_trampoline when ftrace is dead ftrace_startup does not remove ops from ftrace_ops_list when ftrace_startup_enable fails: register_ftrace_function ftrace_star

• CVE-2022-49968Jun 18, 2025
  affected < 5.3.18-150300.214.1fixed 5.3.18-150300.214.1

  In the Linux kernel, the following vulnerability has been resolved: ieee802154/adf7242: defer destroy_workqueue call There is a possible race condition (use-after-free) like below (FREE) | (USE) adf7242_remove | adf7242_channel cancel_d

• CVE-2022-49956Jun 18, 2025
  affected < 5.3.18-150300.214.1fixed 5.3.18-150300.214.1

  In the Linux kernel, the following vulnerability has been resolved: staging: rtl8712: fix use after free bugs _Read/Write_MACREG callbacks are NULL so the read/write_macreg_hdl() functions don't do anything except free the "pcmd" pointer. It results in a use after free. Delet

• CVE-2022-49954Jun 18, 2025
  affected < 5.3.18-150300.214.1fixed 5.3.18-150300.214.1

  In the Linux kernel, the following vulnerability has been resolved: Input: iforce - wake up after clearing IFORCE_XMIT_RUNNING flag syzbot is reporting hung task at __input_unregister_device() [1], for iforce_close() waiting at wait_event_interruptible() with dev->mutex held is

• CVE-2022-49952Jun 18, 2025
  affected < 5.3.18-150300.214.1fixed 5.3.18-150300.214.1

  In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: fix memory corruption on probe Add the missing sanity check on the probed-session count to avoid corrupting memory beyond the fixed-size slab-allocated session array when there are more than FAST

• CVE-2022-49950Jun 18, 2025
  affected < 5.3.18-150300.214.1fixed 5.3.18-150300.214.1

  In the Linux kernel, the following vulnerability has been resolved: misc: fastrpc: fix memory corruption on open The probe session-duplication overflow check incremented the session count also when there were no more available sessions so that memory beyond the fixed-size slab-

• CVE-2022-49948Jun 18, 2025
  affected < 5.3.18-150300.214.1fixed 5.3.18-150300.214.1

  In the Linux kernel, the following vulnerability has been resolved: vt: Clear selection before changing the font When changing the console font with ioctl(KDFONTOP) the new font size can be bigger than the previous font. A previous selection may thus now be outside of the new s

• CVE-2022-49945Jun 18, 2025
  affected < 5.3.18-150300.214.1fixed 5.3.18-150300.214.1

  In the Linux kernel, the following vulnerability has been resolved: hwmon: (gpio-fan) Fix array out of bounds access The driver does not check if the cooling state passed to gpio_fan_set_cur_state() exceeds the maximum cooling state as stored in fan_data->num_speeds. Since the

• CVE-2022-49943Jun 18, 2025
  affected < 5.3.18-150300.235.1fixed 5.3.18-150300.235.1

  In the Linux kernel, the following vulnerability has been resolved: USB: gadget: Fix obscure lockdep violation for udc_mutex A recent commit expanding the scope of the udc_lock mutex in the gadget core managed to cause an obscure and slightly bizarre lockdep violation. In abbr

• CVE-2022-49942Jun 18, 2025
  affected < 5.3.18-150300.214.1fixed 5.3.18-150300.214.1

  In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: Don't finalize CSA in IBSS mode if state is disconnected When we are not connected to a channel, sending channel "switch" announcement doesn't make any sense. The BSS list is empty in that case

• CVE-2022-49937Jun 18, 2025
  affected < 5.3.18-150300.214.1fixed 5.3.18-150300.214.1

  In the Linux kernel, the following vulnerability has been resolved: media: mceusb: Use new usb_control_msg_*() routines Automatic kernel fuzzing led to a WARN about invalid pipe direction in the mceusb driver: ------------[ cut here ]------------ usb 6-1: BOGUS control dir, pi

• CVE-2022-49936Jun 18, 2025
  affected < 5.3.18-150300.214.1fixed 5.3.18-150300.214.1

  In the Linux kernel, the following vulnerability has been resolved: USB: core: Prevent nested device-reset calls Automatic kernel fuzzing revealed a recursive locking violation in usb-storage: ============================================ WARNING: possible recursive locking det

• CVE-2022-49934Jun 18, 2025
  affected < 5.3.18-150300.214.1fixed 5.3.18-150300.214.1

  In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: Fix UAF in ieee80211_scan_rx() ieee80211_scan_rx() tries to access scan_req->flags after a null check, but a UAF is observed when the scan is completed and __ieee80211_scan_completed() executes,

• CVE-2025-38079HigJun 18, 2025
  affected < 5.3.18-150300.217.1fixed 5.3.18-150300.217.1

  In the Linux kernel, the following vulnerability has been resolved: crypto: algif_hash - fix double free in hash_accept If accept(2) is called on socket type algif_hash with MSG_MORE flag set and crypto_ahash_import fails, sk2 is freed. However, it is also freed in af_alg_relea

• CVE-2025-38068Jun 18, 2025
  affected < 5.3.18-150300.232.1fixed 5.3.18-150300.232.1

  In the Linux kernel, the following vulnerability has been resolved: crypto: lzo - Fix compression buffer overrun Unlike the decompression code, the compression code in LZO never checked for output overruns. It instead assumes that the caller always provides enough buffer space

• CVE-2025-38001Jun 6, 2025
  affected < 5.3.18-150300.214.1fixed 5.3.18-150300.214.1

  In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Address reentrant enqueue adding class to eltree twice Savino says: "We are writing to report that this recent patch (141d34391abbb315d68556b7c67ad97885407547) [1] can be bypassed,

• CVE-2025-38000Jun 6, 2025
  affected < 5.3.18-150300.214.1fixed 5.3.18-150300.214.1

  In the Linux kernel, the following vulnerability has been resolved: sch_hfsc: Fix qlen accounting bug when using peek in hfsc_enqueue() When enqueuing the first packet to an HFSC class, hfsc_enqueue() calls the child qdisc's peek() operation before incrementing sch->q.qlen and

• CVE-2025-37997May 29, 2025
  affected < 5.3.18-150300.214.1fixed 5.3.18-150300.214.1

  In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: fix region locking in hash types Region locking introduced in v5.6-rc4 contained three macros to handle the region locks: ahash_bucket_start(), ahash_bucket_end() which gave back the start and

• CVE-2025-37953May 20, 2025
  affected < 5.3.18-150300.214.1fixed 5.3.18-150300.214.1

  In the Linux kernel, the following vulnerability has been resolved: sch_htb: make htb_deactivate() idempotent Alan reported a NULL pointer dereference in htb_next_rb_node() after we made htb_qlen_notify() idempotent. It turns out in the following case it introduced some regres

• CVE-2025-37932May 20, 2025
  affected < 5.3.18-150300.214.1fixed 5.3.18-150300.214.1

  In the Linux kernel, the following vulnerability has been resolved: sch_htb: make htb_qlen_notify() idempotent htb_qlen_notify() always deactivates the HTB class and in fact could trigger a warning if it is already deactivated. Therefore, it is not idempotent and not friendly t