rpm package
suse/kernel-rt&distro=SUSE Linux Enterprise Micro 5.2
pkg:rpm/suse/kernel-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.2
Vulnerabilities (1,678)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-48985 | — | < 5.3.18-150300.194.1 | 5.3.18-150300.194.1 | Oct 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: mana: Fix race on per-CQ variable napi work_done After calling napi_complete_done(), the NAPIF_STATE_SCHED bit may be cleared, and another CPU can start napi thread and access per-CQ variable, cq->work_don | ||
| CVE-2022-48970 | — | < 5.3.18-150300.191.1 | 5.3.18-150300.191.1 | Oct 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: af_unix: Get user_ns from in_skb in unix_diag_get_exact(). Wei Chen reported a NULL deref in sk_user_ns() [0][1], and Paolo diagnosed the root cause: in unix_diag_get_exact(), the newly allocated skb does not h | ||
| CVE-2022-48967 | — | < 5.3.18-150300.191.1 | 5.3.18-150300.191.1 | Oct 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: NFC: nci: Bounds check struct nfc_target arrays While running under CONFIG_FORTIFY_SOURCE=y, syzkaller reported: memcpy: detected field-spanning write (size 129) of single field "target->sensf_res" at net/nf | ||
| CVE-2022-48962 | — | < 5.3.18-150300.191.1 | 5.3.18-150300.191.1 | Oct 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: hisilicon: Fix potential use-after-free in hisi_femac_rx() The skb is delivered to napi_gro_receive() which may free it, after calling this, dereferencing skb may trigger use-after-free. | ||
| CVE-2022-48960 | — | < 5.3.18-150300.191.1 | 5.3.18-150300.191.1 | Oct 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: hisilicon: Fix potential use-after-free in hix5hd2_rx() The skb is delivered to napi_gro_receive() which may free it, after calling this, dereferencing skb may trigger use-after-free. | ||
| CVE-2022-48956 | — | < 5.3.18-150300.191.1 | 5.3.18-150300.191.1 | Oct 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: ipv6: avoid use-after-free in ip6_fragment() Blamed commit claimed rcu_read_lock() was held by ip6_fragment() callers. It seems to not be always true, at least for UDP stack. syzbot reported: BUG: KASAN: use | ||
| CVE-2022-48947 | — | < 5.3.18-150300.191.1 | 5.3.18-150300.191.1 | Oct 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix u8 overflow By keep sending L2CAP_CONF_REQ packets, chan->num_conf_rsp increases multiple times and eventually it will wrap around the maximum number (i.e., 255). This patch prevents this | ||
| CVE-2024-50047 | — | < 5.3.18-150300.191.1 | 5.3.18-150300.191.1 | Oct 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: smb: client: fix UAF in async decryption Doing an async decryption (large read) crashes with a slab-use-after-free way down in the crypto API. Reproducer: # mount.cifs -o ...,seal,esize=1 //srv/share /mnt | ||
| CVE-2024-49991 | — | < 5.3.18-150300.191.1 | 5.3.18-150300.191.1 | Oct 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: amdkfd_free_gtt_mem clear the correct pointer Pass pointer reference to amdgpu_bo_unref to clear the correct pointer, otherwise amdgpu_bo_unref clear the local variable, the original pointer not set | ||
| CVE-2024-49982 | — | < 5.3.18-150300.191.1 | 5.3.18-150300.191.1 | Oct 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: aoe: fix the potential use-after-free problem in more places For fixing CVE-2023-6270, f98364e92662 ("aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts") makes tx() calling dev_put() instead of d | ||
| CVE-2024-49974 | — | < 5.3.18-150300.191.1 | 5.3.18-150300.191.1 | Oct 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: NFSD: Limit the number of concurrent async COPY operations Nothing appears to limit the number of concurrent async COPY operations that clients can start. In addition, AFAICT each async COPY can copy an unlimit | ||
| CVE-2024-49969 | — | < 5.3.18-150300.191.1 | 5.3.18-150300.191.1 | Oct 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix index out of bounds in DCN30 color transformation This commit addresses a potential index out of bounds issue in the `cm3_helper_translate_curve_to_hw_format` function in the DCN30 color ma | ||
| CVE-2024-49936 | — | < 5.3.18-150300.191.1 | 5.3.18-150300.191.1 | Oct 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: net/xen-netback: prevent UAF in xenvif_flush_hash() During the list_for_each_entry_rcu iteration call of xenvif_flush_hash, kfree_rcu does not exist inside the rcu read critical section, so if kfree_rcu is call | ||
| CVE-2024-49925 | — | < 5.3.18-150300.194.1 | 5.3.18-150300.194.1 | Oct 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: fbdev: efifb: Register sysfs groups through driver core The driver core can register and cleanup sysfs groups already. Make use of that functionality to simplify the error handling and cleanup. Also avoid a UA | ||
| CVE-2024-49867 | — | < 5.3.18-150300.191.1 | 5.3.18-150300.191.1 | Oct 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: btrfs: wait for fixup workers before stopping cleaner kthread during umount During unmount, at close_ctree(), we have the following steps in this order: 1) Park the cleaner kthread - this doesn't destroy the k | ||
| CVE-2024-47747 | Hig | 7.0 | < 5.3.18-150300.191.1 | 5.3.18-150300.191.1 | Oct 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition In the ether3_probe function, a timer is initialized with a callback function ether3_ledoff, bound to &prev(dev)->timer. Once t | |
| CVE-2024-49860 | — | < 5.3.18-150300.191.1 | 5.3.18-150300.191.1 | Oct 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: ACPI: sysfs: validate return type of _STR method Only buffer objects are valid return values of _STR. If something else is returned description_show() will access invalid memory. | ||
| CVE-2024-47706 | Med | 5.5 | < 5.3.18-150300.191.1 | 5.3.18-150300.191.1 | Oct 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix possible UAF for bfqq->bic with merge chain 1) initial state, three tasks: Process 1 Process 2 Process 3 (BIC1) (BIC2) (BIC3) | Λ | Λ | Λ | | | |
| CVE-2024-47684 | Med | 5.5 | < 5.3.18-150300.191.1 | 5.3.18-150300.191.1 | Oct 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: tcp: check skb is non-NULL in tcp_rto_delta_us() We have some machines running stock Ubuntu 20.04.6 which is their 5.4.0-174-generic kernel that are running ceph and recently hit a null ptr dereference in tcp_r | |
| CVE-2024-47674 | — | < 5.3.18-150300.191.1 | 5.3.18-150300.191.1 | Oct 15, 2024 | In the Linux kernel, the following vulnerability has been resolved: mm: avoid leaving partial pfn mappings around in error case As Jann points out, PFN mappings are special, because unlike normal memory mappings, there is no lifetime information associated with the mapping - it |
- CVE-2022-48985Oct 21, 2024affected < 5.3.18-150300.194.1fixed 5.3.18-150300.194.1
In the Linux kernel, the following vulnerability has been resolved: net: mana: Fix race on per-CQ variable napi work_done After calling napi_complete_done(), the NAPIF_STATE_SCHED bit may be cleared, and another CPU can start napi thread and access per-CQ variable, cq->work_don
- CVE-2022-48970Oct 21, 2024affected < 5.3.18-150300.191.1fixed 5.3.18-150300.191.1
In the Linux kernel, the following vulnerability has been resolved: af_unix: Get user_ns from in_skb in unix_diag_get_exact(). Wei Chen reported a NULL deref in sk_user_ns() [0][1], and Paolo diagnosed the root cause: in unix_diag_get_exact(), the newly allocated skb does not h
- CVE-2022-48967Oct 21, 2024affected < 5.3.18-150300.191.1fixed 5.3.18-150300.191.1
In the Linux kernel, the following vulnerability has been resolved: NFC: nci: Bounds check struct nfc_target arrays While running under CONFIG_FORTIFY_SOURCE=y, syzkaller reported: memcpy: detected field-spanning write (size 129) of single field "target->sensf_res" at net/nf
- CVE-2022-48962Oct 21, 2024affected < 5.3.18-150300.191.1fixed 5.3.18-150300.191.1
In the Linux kernel, the following vulnerability has been resolved: net: hisilicon: Fix potential use-after-free in hisi_femac_rx() The skb is delivered to napi_gro_receive() which may free it, after calling this, dereferencing skb may trigger use-after-free.
- CVE-2022-48960Oct 21, 2024affected < 5.3.18-150300.191.1fixed 5.3.18-150300.191.1
In the Linux kernel, the following vulnerability has been resolved: net: hisilicon: Fix potential use-after-free in hix5hd2_rx() The skb is delivered to napi_gro_receive() which may free it, after calling this, dereferencing skb may trigger use-after-free.
- CVE-2022-48956Oct 21, 2024affected < 5.3.18-150300.191.1fixed 5.3.18-150300.191.1
In the Linux kernel, the following vulnerability has been resolved: ipv6: avoid use-after-free in ip6_fragment() Blamed commit claimed rcu_read_lock() was held by ip6_fragment() callers. It seems to not be always true, at least for UDP stack. syzbot reported: BUG: KASAN: use
- CVE-2022-48947Oct 21, 2024affected < 5.3.18-150300.191.1fixed 5.3.18-150300.191.1
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix u8 overflow By keep sending L2CAP_CONF_REQ packets, chan->num_conf_rsp increases multiple times and eventually it will wrap around the maximum number (i.e., 255). This patch prevents this
- CVE-2024-50047Oct 21, 2024affected < 5.3.18-150300.191.1fixed 5.3.18-150300.191.1
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix UAF in async decryption Doing an async decryption (large read) crashes with a slab-use-after-free way down in the crypto API. Reproducer: # mount.cifs -o ...,seal,esize=1 //srv/share /mnt
- CVE-2024-49991Oct 21, 2024affected < 5.3.18-150300.191.1fixed 5.3.18-150300.191.1
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: amdkfd_free_gtt_mem clear the correct pointer Pass pointer reference to amdgpu_bo_unref to clear the correct pointer, otherwise amdgpu_bo_unref clear the local variable, the original pointer not set
- CVE-2024-49982Oct 21, 2024affected < 5.3.18-150300.191.1fixed 5.3.18-150300.191.1
In the Linux kernel, the following vulnerability has been resolved: aoe: fix the potential use-after-free problem in more places For fixing CVE-2023-6270, f98364e92662 ("aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts") makes tx() calling dev_put() instead of d
- CVE-2024-49974Oct 21, 2024affected < 5.3.18-150300.191.1fixed 5.3.18-150300.191.1
In the Linux kernel, the following vulnerability has been resolved: NFSD: Limit the number of concurrent async COPY operations Nothing appears to limit the number of concurrent async COPY operations that clients can start. In addition, AFAICT each async COPY can copy an unlimit
- CVE-2024-49969Oct 21, 2024affected < 5.3.18-150300.191.1fixed 5.3.18-150300.191.1
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix index out of bounds in DCN30 color transformation This commit addresses a potential index out of bounds issue in the `cm3_helper_translate_curve_to_hw_format` function in the DCN30 color ma
- CVE-2024-49936Oct 21, 2024affected < 5.3.18-150300.191.1fixed 5.3.18-150300.191.1
In the Linux kernel, the following vulnerability has been resolved: net/xen-netback: prevent UAF in xenvif_flush_hash() During the list_for_each_entry_rcu iteration call of xenvif_flush_hash, kfree_rcu does not exist inside the rcu read critical section, so if kfree_rcu is call
- CVE-2024-49925Oct 21, 2024affected < 5.3.18-150300.194.1fixed 5.3.18-150300.194.1
In the Linux kernel, the following vulnerability has been resolved: fbdev: efifb: Register sysfs groups through driver core The driver core can register and cleanup sysfs groups already. Make use of that functionality to simplify the error handling and cleanup. Also avoid a UA
- CVE-2024-49867Oct 21, 2024affected < 5.3.18-150300.191.1fixed 5.3.18-150300.191.1
In the Linux kernel, the following vulnerability has been resolved: btrfs: wait for fixup workers before stopping cleaner kthread during umount During unmount, at close_ctree(), we have the following steps in this order: 1) Park the cleaner kthread - this doesn't destroy the k
- affected < 5.3.18-150300.191.1fixed 5.3.18-150300.191.1
In the Linux kernel, the following vulnerability has been resolved: net: seeq: Fix use after free vulnerability in ether3 Driver Due to Race Condition In the ether3_probe function, a timer is initialized with a callback function ether3_ledoff, bound to &prev(dev)->timer. Once t
- CVE-2024-49860Oct 21, 2024affected < 5.3.18-150300.191.1fixed 5.3.18-150300.191.1
In the Linux kernel, the following vulnerability has been resolved: ACPI: sysfs: validate return type of _STR method Only buffer objects are valid return values of _STR. If something else is returned description_show() will access invalid memory.
- affected < 5.3.18-150300.191.1fixed 5.3.18-150300.191.1
In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix possible UAF for bfqq->bic with merge chain 1) initial state, three tasks: Process 1 Process 2 Process 3 (BIC1) (BIC2) (BIC3) | Λ | Λ | Λ | |
- affected < 5.3.18-150300.191.1fixed 5.3.18-150300.191.1
In the Linux kernel, the following vulnerability has been resolved: tcp: check skb is non-NULL in tcp_rto_delta_us() We have some machines running stock Ubuntu 20.04.6 which is their 5.4.0-174-generic kernel that are running ceph and recently hit a null ptr dereference in tcp_r
- CVE-2024-47674Oct 15, 2024affected < 5.3.18-150300.191.1fixed 5.3.18-150300.191.1
In the Linux kernel, the following vulnerability has been resolved: mm: avoid leaving partial pfn mappings around in error case As Jann points out, PFN mappings are special, because unlike normal memory mappings, there is no lifetime information associated with the mapping - it
Page 38 of 84