rpm package

suse/kernel-rt_debug&distro=SUSE Linux Enterprise Real Time 12 SP5

pkg:rpm/suse/kernel-rt_debug&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2012%20SP5

Vulnerabilities (1,429)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2022-48850		—	< 4.12.14-10.197.1	4.12.14-10.197.1	Jul 16, 2024	In the Linux kernel, the following vulnerability has been resolved: net-sysfs: add check for netdevice being present to speed_show When bringing down the netdevice or system shutdown, a panic can be triggered while accessing the sysfs path because the device is already removed.
CVE-2022-48844		—	< 4.12.14-10.203.1	4.12.14-10.203.1	Jul 16, 2024	In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_core: Fix leaking sent_cmd skb sent_cmd memory is not freed before freeing hci_dev causing it to leak it contents.
CVE-2022-48839		—	< 4.12.14-10.197.1	4.12.14-10.197.1	Jul 16, 2024	In the Linux kernel, the following vulnerability has been resolved: net/packet: fix slab-out-of-bounds access in packet_recvmsg() syzbot found that when an AF_PACKET socket is using PACKET_COPY_THRESH and mmap operations, tpacket_rcv() is queueing skbs with garbage in skb->cb[]
CVE-2022-48836		—	< 4.12.14-10.197.1	4.12.14-10.197.1	Jul 16, 2024	In the Linux kernel, the following vulnerability has been resolved: Input: aiptek - properly check endpoint type Syzbot reported warning in usb_submit_urb() which is caused by wrong endpoint type. There was a check for the number of endpoints, but not for the type of endpoint.
CVE-2022-48829	Med	5.5	< 4.12.14-10.197.1	4.12.14-10.197.1	Jul 16, 2024	In the Linux kernel, the following vulnerability has been resolved: NFSD: Fix NFSv3 SETATTR/CREATE's handling of large file sizes iattr::ia_size is a loff_t, so these NFSv3 procedures must be careful to deal with incoming client size values that are larger than s64_max without
CVE-2022-48828	Med	5.5	< 4.12.14-10.197.1	4.12.14-10.197.1	Jul 16, 2024	In the Linux kernel, the following vulnerability has been resolved: NFSD: Fix ia_size underflow iattr::ia_size is a loff_t, which is a signed 64-bit type. NFSv3 and NFSv4 both define file size as an unsigned 64-bit type. Thus there is a range of valid file size values an NFS cl
CVE-2022-48827	Hig	7.1	< 4.12.14-10.197.1	4.12.14-10.197.1	Jul 16, 2024	In the Linux kernel, the following vulnerability has been resolved: NFSD: Fix the behavior of READ near OFFSET_MAX Dan Aloni reports: > Due to commit 8cfb9015280d ("NFS: Always provide aligned buffers to > the RPC read layers") on the client, a read of 0xfff is aligned up > to
CVE-2022-48826		—	< 4.12.14-10.197.1	4.12.14-10.197.1	Jul 16, 2024	In the Linux kernel, the following vulnerability has been resolved: drm/vc4: Fix deadlock on DSI device attach error DSI device attach to DSI host will be done with host device's lock held. Un-registering host in "device attach" error path (ex: probe retry) will result in dead
CVE-2022-48823		—	< 4.12.14-10.197.1	4.12.14-10.197.1	Jul 16, 2024	In the Linux kernel, the following vulnerability has been resolved: scsi: qedf: Fix refcount issue when LOGO is received during TMF Hung task call trace was seen during LOGO processing. [ 974.309060] [0000:00:00.0]:[qedf_eh_device_reset:868]: 1:0:2:0: LUN RESET Issued... [ 9
CVE-2022-48822		—	< 4.12.14-10.200.1	4.12.14-10.200.1	Jul 16, 2024	In the Linux kernel, the following vulnerability has been resolved: usb: f_fs: Fix use-after-free for epfile Consider a case where ffs_func_eps_disable is called from ffs_func_disable as part of composition switch and at the same time ffs_epfile_release get called from userspac
CVE-2022-48811		—	< 4.12.14-10.197.1	4.12.14-10.197.1	Jul 16, 2024	In the Linux kernel, the following vulnerability has been resolved: ibmvnic: don't release napi in __ibmvnic_open() If __ibmvnic_open() encounters an error such as when setting link state, it calls release_resources() which frees the napi structures needlessly. Instead, have __
CVE-2022-48810		—	< 4.12.14-10.197.1	4.12.14-10.197.1	Jul 16, 2024	In the Linux kernel, the following vulnerability has been resolved: ipmr,ip6mr: acquire RTNL before calling ip[6]mr_free_table() on failure path ip[6]mr_free_table() can only be called under RTNL lock. RTNL: assertion failed at net/core/dev.c (10367) WARNING: CPU: 1 PID: 5890
CVE-2022-48805		—	< 4.12.14-10.197.1	4.12.14-10.197.1	Jul 16, 2024	In the Linux kernel, the following vulnerability has been resolved: net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup ax88179_rx_fixup() contains several out-of-bounds accesses that can be triggered by a malicious (or defective) USB device, in particular: - The m
CVE-2022-48804		—	< 4.12.14-10.197.1	4.12.14-10.197.1	Jul 16, 2024	In the Linux kernel, the following vulnerability has been resolved: vt_ioctl: fix array_index_nospec in vt_setactivate array_index_nospec ensures that an out-of-bounds value is set to zero on the transient path. Decreasing the value by one afterwards causes a transient integer
CVE-2022-48799		—	< 4.12.14-10.203.1	4.12.14-10.203.1	Jul 16, 2024	In the Linux kernel, the following vulnerability has been resolved: perf: Fix list corruption in perf_cgroup_switch() There's list corruption on cgrp_cpuctx_list. This happens on the following path: perf_cgroup_switch: list_for_each_entry(cgrp_cpuctx_list) cpu_ctx_sche
CVE-2022-48794		—	< 4.12.14-10.197.1	4.12.14-10.197.1	Jul 16, 2024	In the Linux kernel, the following vulnerability has been resolved: net: ieee802154: at86rf230: Stop leaking skb's Upon error the ieee802154_xmit_complete() helper is not called. Only ieee802154_wake_queue() is called manually. In the Tx case we then leak the skb structure. Fr
CVE-2022-48792		—	< 4.12.14-10.197.1	4.12.14-10.197.1	Jul 16, 2024	In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fix use-after-free for aborted SSP/STP sas_task Currently a use-after-free may occur if a sas_task is aborted by the upper layer before we handle the I/O completion in mpi_ssp_completion() or mpi_
CVE-2022-48791		—	< 4.12.14-10.203.1	4.12.14-10.203.1	Jul 16, 2024	In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fix use-after-free for aborted TMF sas_task Currently a use-after-free may occur if a TMF sas_task is aborted before we handle the IO completion in mpi_ssp_completion(). The abort occurs due to ti
CVE-2022-48790		—	< 4.12.14-10.203.1	4.12.14-10.203.1	Jul 16, 2024	In the Linux kernel, the following vulnerability has been resolved: nvme: fix a possible use-after-free in controller reset during load Unlike .queue_rq, in .submit_async_event drivers may not check the ctrl readiness for AER submission. This may lead to a use-after-free condit
CVE-2022-48789		—	< 4.12.14-10.203.1	4.12.14-10.203.1	Jul 16, 2024	In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: fix possible use-after-free in transport error_recovery work While nvme_tcp_submit_async_event_work is checking the ctrl and queue state before preparing the AER command and scheduling io_work, in ord

CVE-2022-48850Jul 16, 2024
affected < 4.12.14-10.197.1fixed 4.12.14-10.197.1
In the Linux kernel, the following vulnerability has been resolved: net-sysfs: add check for netdevice being present to speed_show When bringing down the netdevice or system shutdown, a panic can be triggered while accessing the sysfs path because the device is already removed.
CVE-2022-48844Jul 16, 2024
affected < 4.12.14-10.203.1fixed 4.12.14-10.203.1
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_core: Fix leaking sent_cmd skb sent_cmd memory is not freed before freeing hci_dev causing it to leak it contents.
CVE-2022-48839Jul 16, 2024
affected < 4.12.14-10.197.1fixed 4.12.14-10.197.1
In the Linux kernel, the following vulnerability has been resolved: net/packet: fix slab-out-of-bounds access in packet_recvmsg() syzbot found that when an AF_PACKET socket is using PACKET_COPY_THRESH and mmap operations, tpacket_rcv() is queueing skbs with garbage in skb->cb[]
CVE-2022-48836Jul 16, 2024
affected < 4.12.14-10.197.1fixed 4.12.14-10.197.1
In the Linux kernel, the following vulnerability has been resolved: Input: aiptek - properly check endpoint type Syzbot reported warning in usb_submit_urb() which is caused by wrong endpoint type. There was a check for the number of endpoints, but not for the type of endpoint.
CVE-2022-48829MedJul 16, 2024
affected < 4.12.14-10.197.1fixed 4.12.14-10.197.1
In the Linux kernel, the following vulnerability has been resolved: NFSD: Fix NFSv3 SETATTR/CREATE's handling of large file sizes iattr::ia_size is a loff_t, so these NFSv3 procedures must be careful to deal with incoming client size values that are larger than s64_max without
CVE-2022-48828MedJul 16, 2024
affected < 4.12.14-10.197.1fixed 4.12.14-10.197.1
In the Linux kernel, the following vulnerability has been resolved: NFSD: Fix ia_size underflow iattr::ia_size is a loff_t, which is a signed 64-bit type. NFSv3 and NFSv4 both define file size as an unsigned 64-bit type. Thus there is a range of valid file size values an NFS cl
CVE-2022-48827HigJul 16, 2024
affected < 4.12.14-10.197.1fixed 4.12.14-10.197.1
In the Linux kernel, the following vulnerability has been resolved: NFSD: Fix the behavior of READ near OFFSET_MAX Dan Aloni reports: > Due to commit 8cfb9015280d ("NFS: Always provide aligned buffers to > the RPC read layers") on the client, a read of 0xfff is aligned up > to
CVE-2022-48826Jul 16, 2024
affected < 4.12.14-10.197.1fixed 4.12.14-10.197.1
In the Linux kernel, the following vulnerability has been resolved: drm/vc4: Fix deadlock on DSI device attach error DSI device attach to DSI host will be done with host device's lock held. Un-registering host in "device attach" error path (ex: probe retry) will result in dead
CVE-2022-48823Jul 16, 2024
affected < 4.12.14-10.197.1fixed 4.12.14-10.197.1
In the Linux kernel, the following vulnerability has been resolved: scsi: qedf: Fix refcount issue when LOGO is received during TMF Hung task call trace was seen during LOGO processing. [ 974.309060] [0000:00:00.0]:[qedf_eh_device_reset:868]: 1:0:2:0: LUN RESET Issued... [ 9
CVE-2022-48822Jul 16, 2024
affected < 4.12.14-10.200.1fixed 4.12.14-10.200.1
In the Linux kernel, the following vulnerability has been resolved: usb: f_fs: Fix use-after-free for epfile Consider a case where ffs_func_eps_disable is called from ffs_func_disable as part of composition switch and at the same time ffs_epfile_release get called from userspac
CVE-2022-48811Jul 16, 2024
affected < 4.12.14-10.197.1fixed 4.12.14-10.197.1
In the Linux kernel, the following vulnerability has been resolved: ibmvnic: don't release napi in __ibmvnic_open() If __ibmvnic_open() encounters an error such as when setting link state, it calls release_resources() which frees the napi structures needlessly. Instead, have __
CVE-2022-48810Jul 16, 2024
affected < 4.12.14-10.197.1fixed 4.12.14-10.197.1
In the Linux kernel, the following vulnerability has been resolved: ipmr,ip6mr: acquire RTNL before calling ip[6]mr_free_table() on failure path ip[6]mr_free_table() can only be called under RTNL lock. RTNL: assertion failed at net/core/dev.c (10367) WARNING: CPU: 1 PID: 5890
CVE-2022-48805Jul 16, 2024
affected < 4.12.14-10.197.1fixed 4.12.14-10.197.1
In the Linux kernel, the following vulnerability has been resolved: net: usb: ax88179_178a: Fix out-of-bounds accesses in RX fixup ax88179_rx_fixup() contains several out-of-bounds accesses that can be triggered by a malicious (or defective) USB device, in particular: - The m
CVE-2022-48804Jul 16, 2024
affected < 4.12.14-10.197.1fixed 4.12.14-10.197.1
In the Linux kernel, the following vulnerability has been resolved: vt_ioctl: fix array_index_nospec in vt_setactivate array_index_nospec ensures that an out-of-bounds value is set to zero on the transient path. Decreasing the value by one afterwards causes a transient integer
CVE-2022-48799Jul 16, 2024
affected < 4.12.14-10.203.1fixed 4.12.14-10.203.1
In the Linux kernel, the following vulnerability has been resolved: perf: Fix list corruption in perf_cgroup_switch() There's list corruption on cgrp_cpuctx_list. This happens on the following path: perf_cgroup_switch: list_for_each_entry(cgrp_cpuctx_list) cpu_ctx_sche
CVE-2022-48794Jul 16, 2024
affected < 4.12.14-10.197.1fixed 4.12.14-10.197.1
In the Linux kernel, the following vulnerability has been resolved: net: ieee802154: at86rf230: Stop leaking skb's Upon error the ieee802154_xmit_complete() helper is not called. Only ieee802154_wake_queue() is called manually. In the Tx case we then leak the skb structure. Fr
CVE-2022-48792Jul 16, 2024
affected < 4.12.14-10.197.1fixed 4.12.14-10.197.1
In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fix use-after-free for aborted SSP/STP sas_task Currently a use-after-free may occur if a sas_task is aborted by the upper layer before we handle the I/O completion in mpi_ssp_completion() or mpi_
CVE-2022-48791Jul 16, 2024
affected < 4.12.14-10.203.1fixed 4.12.14-10.203.1
In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fix use-after-free for aborted TMF sas_task Currently a use-after-free may occur if a TMF sas_task is aborted before we handle the IO completion in mpi_ssp_completion(). The abort occurs due to ti
CVE-2022-48790Jul 16, 2024
affected < 4.12.14-10.203.1fixed 4.12.14-10.203.1
In the Linux kernel, the following vulnerability has been resolved: nvme: fix a possible use-after-free in controller reset during load Unlike .queue_rq, in .submit_async_event drivers may not check the ctrl readiness for AER submission. This may lead to a use-after-free condit
CVE-2022-48789Jul 16, 2024
affected < 4.12.14-10.203.1fixed 4.12.14-10.203.1
In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: fix possible use-after-free in transport error_recovery work While nvme_tcp_submit_async_event_work is checking the ctrl and queue state before preparing the AER command and scheduling io_work, in ord

Page 10 of 72