rpm package
suse/kernel-rt_debug&distro=SUSE Real Time Module 15 SP5
pkg:rpm/suse/kernel-rt_debug&distro=SUSE%20Real%20Time%20Module%2015%20SP5
Vulnerabilities (2,442)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-36015 | — | < 5.14.21-150500.13.58.1 | 5.14.21-150500.13.58.1 | May 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: ppdev: Add an error check in register_device In register_device, the return value of ida_simple_get is unchecked, in witch ida_simple_get will use an invalid index value. To address this issue, index should be | ||
| CVE-2024-36014 | — | < 5.14.21-150500.13.58.1 | 5.14.21-150500.13.58.1 | May 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/arm/malidp: fix a possible null pointer dereference In malidp_mw_connector_reset, new memory is allocated with kzalloc, but no check is performed. In order to prevent null pointer dereferencing, ensure that | ||
| CVE-2023-52880 | — | < 5.14.21-150500.13.58.1 | 5.14.21-150500.13.58.1 | May 24, 2024 | In the Linux kernel, the following vulnerability has been resolved: tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc Any unprivileged user can attach N_GSM0710 ldisc, but it requires CAP_NET_ADMIN to create a GSM network anyway. Require initial namespace CAP_NET_ADM | ||
| CVE-2021-47572 | — | < 5.14.21-150500.13.61.1 | 5.14.21-150500.13.61.1 | May 24, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: nexthop: fix null pointer dereference when IPv6 is not enabled When we try to add an IPv6 nexthop and IPv6 is not enabled (!CONFIG_IPV6) we'll hit a NULL pointer dereference[1] in the error path of nh_crea | ||
| CVE-2021-47571 | — | < 5.14.21-150500.13.61.1 | 5.14.21-150500.13.61.1 | May 24, 2024 | In the Linux kernel, the following vulnerability has been resolved: staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect() The free_rtllib() function frees the "dev" pointer so there is use after free on the next line. Re-arrange things to avoid that. | ||
| CVE-2021-47569 | — | < 5.14.21-150500.13.58.1 | 5.14.21-150500.13.58.1 | May 24, 2024 | In the Linux kernel, the following vulnerability has been resolved: io_uring: fail cancellation for EXITING tasks WARNING: CPU: 1 PID: 20 at fs/io_uring.c:6269 io_try_cancel_userdata+0x3c5/0x640 fs/io_uring.c:6269 CPU: 1 PID: 20 Comm: kworker/1:0 Not tainted 5.16.0-rc1-syzkalle | ||
| CVE-2021-47566 | — | < 5.14.21-150500.13.61.1 | 5.14.21-150500.13.61.1 | May 24, 2024 | In the Linux kernel, the following vulnerability has been resolved: proc/vmcore: fix clearing user buffer by properly using clear_user() To clear a user buffer we cannot simply use memset, we have to use clear_user(). With a virtio-mem device that registers a vmcore_cb and has | ||
| CVE-2021-47565 | — | < 5.14.21-150500.13.58.1 | 5.14.21-150500.13.58.1 | May 24, 2024 | In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Fix kernel panic during drive powercycle test While looping over shost's sdev list it is possible that one of the drives is getting removed and its sas_target object is freed but its sdev object | ||
| CVE-2021-47564 | — | < 5.14.21-150500.13.58.1 | 5.14.21-150500.13.58.1 | May 24, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: marvell: prestera: fix double free issue on err path fix error path handling in prestera_bridge_port_join() that cases prestera driver to crash (see below). Trace: Internal error: Oops: 96000044 [#1] | ||
| CVE-2021-47563 | — | < 5.14.21-150500.13.58.1 | 5.14.21-150500.13.58.1 | May 24, 2024 | In the Linux kernel, the following vulnerability has been resolved: ice: avoid bpf_prog refcount underflow Ice driver has the routines for managing XDP resources that are shared between ndo_bpf op and VSI rebuild flow. The latter takes place for example when user changes queue | ||
| CVE-2021-47562 | — | < 5.14.21-150500.13.58.1 | 5.14.21-150500.13.58.1 | May 24, 2024 | In the Linux kernel, the following vulnerability has been resolved: ice: fix vsi->txq_map sizing The approach of having XDP queue per CPU regardless of user's setting exposed a hidden bug that could occur in case when Rx queue count differ from Tx queue count. Currently vsi->tx | ||
| CVE-2021-47560 | — | < 5.14.21-150500.13.58.1 | 5.14.21-150500.13.58.1 | May 24, 2024 | In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum: Protect driver from buggy firmware When processing port up/down events generated by the device's firmware, the driver protects itself from events reported for non-existent local ports, but not | ||
| CVE-2021-47559 | — | < 5.14.21-150500.13.58.1 | 5.14.21-150500.13.58.1 | May 24, 2024 | In the Linux kernel, the following vulnerability has been resolved: net/smc: Fix NULL pointer dereferencing in smc_vlan_by_tcpsk() Coverity reports a possible NULL dereferencing problem: in smc_vlan_by_tcpsk(): 6. returned_null: netdev_lower_get_next returns NULL (checked 29 o | ||
| CVE-2021-47558 | — | < 5.14.21-150500.13.58.1 | 5.14.21-150500.13.58.1 | May 24, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: stmmac: Disable Tx queues when reconfiguring the interface The Tx queues were not disabled in situations where the driver needed to stop the interface to apply a new configuration. This could result in a k | ||
| CVE-2021-47557 | — | < 5.14.21-150500.13.58.1 | 5.14.21-150500.13.58.1 | May 24, 2024 | In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_ets: don't peek at classes beyond 'nbands' when the number of DRR classes decreases, the round-robin active list can contain elements that have already been freed in ets_qdisc_change(). As a cons | ||
| CVE-2021-47556 | — | < 5.14.21-150500.13.58.1 | 5.14.21-150500.13.58.1 | May 24, 2024 | In the Linux kernel, the following vulnerability has been resolved: ethtool: ioctl: fix potential NULL deref in ethtool_set_coalesce() ethtool_set_coalesce() now uses both the .get_coalesce() and .set_coalesce() callbacks. But the check for their availability is buggy, so chang | ||
| CVE-2021-47555 | — | < 5.14.21-150500.13.58.1 | 5.14.21-150500.13.58.1 | May 24, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: vlan: fix underflow for the real_dev refcnt Inject error before dev_hold(real_dev) in register_vlan_dev(), and execute the following testcase: ip link add dev dummy1 type dummy ip link add name dummy1.100 | ||
| CVE-2021-47554 | — | < 5.14.21-150500.13.58.1 | 5.14.21-150500.13.58.1 | May 24, 2024 | In the Linux kernel, the following vulnerability has been resolved: vdpa_sim: avoid putting an uninitialized iova_domain The system will crash if we put an uninitialized iova_domain, this could happen when an error occurs before initializing the iova_domain in vdpasim_create(). | ||
| CVE-2021-47553 | — | < 5.14.21-150500.13.58.1 | 5.14.21-150500.13.58.1 | May 24, 2024 | In the Linux kernel, the following vulnerability has been resolved: sched/scs: Reset task stack state in bringup_cpu() To hot unplug a CPU, the idle task on that CPU calls a few layers of C code before finally leaving the kernel. When KASAN is in use, poisoned shadow is left ar | ||
| CVE-2021-47552 | — | < 5.14.21-150500.13.58.1 | 5.14.21-150500.13.58.1 | May 24, 2024 | In the Linux kernel, the following vulnerability has been resolved: blk-mq: cancel blk-mq dispatch work in both blk_cleanup_queue and disk_release() For avoiding to slow down queue destroy, we don't call blk_mq_quiesce_queue() in blk_cleanup_queue(), instead of delaying to canc |
- CVE-2024-36015May 29, 2024affected < 5.14.21-150500.13.58.1fixed 5.14.21-150500.13.58.1
In the Linux kernel, the following vulnerability has been resolved: ppdev: Add an error check in register_device In register_device, the return value of ida_simple_get is unchecked, in witch ida_simple_get will use an invalid index value. To address this issue, index should be
- CVE-2024-36014May 29, 2024affected < 5.14.21-150500.13.58.1fixed 5.14.21-150500.13.58.1
In the Linux kernel, the following vulnerability has been resolved: drm/arm/malidp: fix a possible null pointer dereference In malidp_mw_connector_reset, new memory is allocated with kzalloc, but no check is performed. In order to prevent null pointer dereferencing, ensure that
- CVE-2023-52880May 24, 2024affected < 5.14.21-150500.13.58.1fixed 5.14.21-150500.13.58.1
In the Linux kernel, the following vulnerability has been resolved: tty: n_gsm: require CAP_NET_ADMIN to attach N_GSM0710 ldisc Any unprivileged user can attach N_GSM0710 ldisc, but it requires CAP_NET_ADMIN to create a GSM network anyway. Require initial namespace CAP_NET_ADM
- CVE-2021-47572May 24, 2024affected < 5.14.21-150500.13.61.1fixed 5.14.21-150500.13.61.1
In the Linux kernel, the following vulnerability has been resolved: net: nexthop: fix null pointer dereference when IPv6 is not enabled When we try to add an IPv6 nexthop and IPv6 is not enabled (!CONFIG_IPV6) we'll hit a NULL pointer dereference[1] in the error path of nh_crea
- CVE-2021-47571May 24, 2024affected < 5.14.21-150500.13.61.1fixed 5.14.21-150500.13.61.1
In the Linux kernel, the following vulnerability has been resolved: staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect() The free_rtllib() function frees the "dev" pointer so there is use after free on the next line. Re-arrange things to avoid that.
- CVE-2021-47569May 24, 2024affected < 5.14.21-150500.13.58.1fixed 5.14.21-150500.13.58.1
In the Linux kernel, the following vulnerability has been resolved: io_uring: fail cancellation for EXITING tasks WARNING: CPU: 1 PID: 20 at fs/io_uring.c:6269 io_try_cancel_userdata+0x3c5/0x640 fs/io_uring.c:6269 CPU: 1 PID: 20 Comm: kworker/1:0 Not tainted 5.16.0-rc1-syzkalle
- CVE-2021-47566May 24, 2024affected < 5.14.21-150500.13.61.1fixed 5.14.21-150500.13.61.1
In the Linux kernel, the following vulnerability has been resolved: proc/vmcore: fix clearing user buffer by properly using clear_user() To clear a user buffer we cannot simply use memset, we have to use clear_user(). With a virtio-mem device that registers a vmcore_cb and has
- CVE-2021-47565May 24, 2024affected < 5.14.21-150500.13.58.1fixed 5.14.21-150500.13.58.1
In the Linux kernel, the following vulnerability has been resolved: scsi: mpt3sas: Fix kernel panic during drive powercycle test While looping over shost's sdev list it is possible that one of the drives is getting removed and its sas_target object is freed but its sdev object
- CVE-2021-47564May 24, 2024affected < 5.14.21-150500.13.58.1fixed 5.14.21-150500.13.58.1
In the Linux kernel, the following vulnerability has been resolved: net: marvell: prestera: fix double free issue on err path fix error path handling in prestera_bridge_port_join() that cases prestera driver to crash (see below). Trace: Internal error: Oops: 96000044 [#1]
- CVE-2021-47563May 24, 2024affected < 5.14.21-150500.13.58.1fixed 5.14.21-150500.13.58.1
In the Linux kernel, the following vulnerability has been resolved: ice: avoid bpf_prog refcount underflow Ice driver has the routines for managing XDP resources that are shared between ndo_bpf op and VSI rebuild flow. The latter takes place for example when user changes queue
- CVE-2021-47562May 24, 2024affected < 5.14.21-150500.13.58.1fixed 5.14.21-150500.13.58.1
In the Linux kernel, the following vulnerability has been resolved: ice: fix vsi->txq_map sizing The approach of having XDP queue per CPU regardless of user's setting exposed a hidden bug that could occur in case when Rx queue count differ from Tx queue count. Currently vsi->tx
- CVE-2021-47560May 24, 2024affected < 5.14.21-150500.13.58.1fixed 5.14.21-150500.13.58.1
In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum: Protect driver from buggy firmware When processing port up/down events generated by the device's firmware, the driver protects itself from events reported for non-existent local ports, but not
- CVE-2021-47559May 24, 2024affected < 5.14.21-150500.13.58.1fixed 5.14.21-150500.13.58.1
In the Linux kernel, the following vulnerability has been resolved: net/smc: Fix NULL pointer dereferencing in smc_vlan_by_tcpsk() Coverity reports a possible NULL dereferencing problem: in smc_vlan_by_tcpsk(): 6. returned_null: netdev_lower_get_next returns NULL (checked 29 o
- CVE-2021-47558May 24, 2024affected < 5.14.21-150500.13.58.1fixed 5.14.21-150500.13.58.1
In the Linux kernel, the following vulnerability has been resolved: net: stmmac: Disable Tx queues when reconfiguring the interface The Tx queues were not disabled in situations where the driver needed to stop the interface to apply a new configuration. This could result in a k
- CVE-2021-47557May 24, 2024affected < 5.14.21-150500.13.58.1fixed 5.14.21-150500.13.58.1
In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_ets: don't peek at classes beyond 'nbands' when the number of DRR classes decreases, the round-robin active list can contain elements that have already been freed in ets_qdisc_change(). As a cons
- CVE-2021-47556May 24, 2024affected < 5.14.21-150500.13.58.1fixed 5.14.21-150500.13.58.1
In the Linux kernel, the following vulnerability has been resolved: ethtool: ioctl: fix potential NULL deref in ethtool_set_coalesce() ethtool_set_coalesce() now uses both the .get_coalesce() and .set_coalesce() callbacks. But the check for their availability is buggy, so chang
- CVE-2021-47555May 24, 2024affected < 5.14.21-150500.13.58.1fixed 5.14.21-150500.13.58.1
In the Linux kernel, the following vulnerability has been resolved: net: vlan: fix underflow for the real_dev refcnt Inject error before dev_hold(real_dev) in register_vlan_dev(), and execute the following testcase: ip link add dev dummy1 type dummy ip link add name dummy1.100
- CVE-2021-47554May 24, 2024affected < 5.14.21-150500.13.58.1fixed 5.14.21-150500.13.58.1
In the Linux kernel, the following vulnerability has been resolved: vdpa_sim: avoid putting an uninitialized iova_domain The system will crash if we put an uninitialized iova_domain, this could happen when an error occurs before initializing the iova_domain in vdpasim_create().
- CVE-2021-47553May 24, 2024affected < 5.14.21-150500.13.58.1fixed 5.14.21-150500.13.58.1
In the Linux kernel, the following vulnerability has been resolved: sched/scs: Reset task stack state in bringup_cpu() To hot unplug a CPU, the idle task on that CPU calls a few layers of C code before finally leaving the kernel. When KASAN is in use, poisoned shadow is left ar
- CVE-2021-47552May 24, 2024affected < 5.14.21-150500.13.58.1fixed 5.14.21-150500.13.58.1
In the Linux kernel, the following vulnerability has been resolved: blk-mq: cancel blk-mq dispatch work in both blk_cleanup_queue and disk_release() For avoiding to slow down queue destroy, we don't call blk_mq_quiesce_queue() in blk_cleanup_queue(), instead of delaying to canc
Page 61 of 123