rpm package
suse/kernel-source&distro=SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS
pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-ESPOS
Vulnerabilities (2,843)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-53035 | Hig | 7.1 | < 5.14.21-150400.24.167.1 | 5.14.21-150400.24.167.1 | May 2, 2025 | In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix kernel-infoleak in nilfs_ioctl_wrap_copy() The ioctl helper function nilfs_ioctl_wrap_copy(), which exchanges a metadata array to/from user space, may copy uninitialized buffer regions to user space | |
| CVE-2025-37798 | Hig | 7.8 | < 5.14.21-150400.24.170.1 | 5.14.21-150400.24.170.1 | May 2, 2025 | In the Linux kernel, the following vulnerability has been resolved: codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog() After making all ->qlen_notify() callbacks idempotent, now it is safe to remove the check of qlen!=0 from both fq_codel_dequeue() and codel_qdi | |
| CVE-2025-37797 | Hig | 7.8 | < 5.14.21-150400.24.170.1 | 5.14.21-150400.24.170.1 | May 2, 2025 | In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Fix a UAF vulnerability in class handling This patch fixes a Use-After-Free vulnerability in the HFSC qdisc class handling. The issue occurs due to a time-of-check/time-of-use condition in hfsc | |
| CVE-2022-49931 | Med | 5.5 | < 5.14.21-150400.24.167.1 | 5.14.21-150400.24.167.1 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: IB/hfi1: Correctly move list in sc_disable() Commit 13bac861952a ("IB/hfi1: Fix abba locking issue with sc_disable()") incorrectly tries to move a list from one list head to another. The result is a kernel cra | |
| CVE-2022-49928 | Med | 5.5 | < 5.14.21-150400.24.167.1 | 5.14.21-150400.24.167.1 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix null-ptr-deref when xps sysfs alloc failed There is a null-ptr-deref when xps sysfs alloc failed: BUG: KASAN: null-ptr-deref in sysfs_do_create_link_sd+0x40/0xd0 Read of size 8 at addr 000000000 | |
| CVE-2022-49927 | Med | 5.5 | < 5.14.21-150400.24.167.1 | 5.14.21-150400.24.167.1 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: nfs4: Fix kmemleak when allocate slot failed If one of the slot allocate failed, should cleanup all the other allocated slots, otherwise, the allocated slots will leak: unreferenced object 0xffff8881115aa100 | |
| CVE-2022-49925 | Med | 5.5 | < 5.14.21-150400.24.167.1 | 5.14.21-150400.24.167.1 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Fix null-ptr-deref in ib_core_cleanup() KASAN reported a null-ptr-deref error: KASAN: null-ptr-deref in range [0x0000000000000118-0x000000000000011f] CPU: 1 PID: 379 Hardware name: QEMU Standa | |
| CVE-2022-49924 | Med | 5.5 | < 5.14.21-150400.24.167.1 | 5.14.21-150400.24.167.1 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: nfc: fdp: Fix potential memory leak in fdp_nci_send() fdp_nci_send() will call fdp_nci_i2c_write that will not free skb in the function. As a result, when fdp_nci_i2c_write() finished, the skb will memleak. fdp | |
| CVE-2022-49923 | Med | 5.5 | < 5.14.21-150400.24.167.1 | 5.14.21-150400.24.167.1 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: nfc: nxp-nci: Fix potential memory leak in nxp_nci_send() nxp_nci_send() will call nxp_nci_i2c_write(), and only free skb when nxp_nci_i2c_write() failed. However, even if the nxp_nci_i2c_write() run succeeds, | |
| CVE-2022-49922 | Med | 5.5 | < 5.14.21-150400.24.167.1 | 5.14.21-150400.24.167.1 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: nfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send() nfcmrvl_i2c_nci_send() will be called by nfcmrvl_nci_send(), and skb should be freed in nfcmrvl_i2c_nci_send(). However, nfcmrvl_nci_send() will | |
| CVE-2022-49916 | Med | 5.5 | < 5.14.21-150400.24.167.1 | 5.14.21-150400.24.167.1 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: rose: Fix NULL pointer dereference in rose_send_frame() The syzkaller reported an issue: KASAN: null-ptr-deref in range [0x0000000000000380-0x0000000000000387] CPU: 0 PID: 4069 Comm: kworker/0:15 Not tainted 6 | |
| CVE-2022-49915 | Med | 5.5 | < 5.14.21-150400.24.167.1 | 5.14.21-150400.24.167.1 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: mISDN: fix possible memory leak in mISDN_register_device() Afer commit 1fa5ae857bb1 ("driver core: get rid of struct device's bus_id string array"), the name of device is allocated dynamically, add put_device() | |
| CVE-2022-49910 | Hig | 7.8 | < 5.14.21-150400.24.167.1 | 5.14.21-150400.24.167.1 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu Fix the race condition between the following two flows that run in parallel: 1. l2cap_reassemble_sdu -> chan->ops->recv (l2cap_sock_recv_cb) | |
| CVE-2022-49908 | Med | 5.5 | < 5.14.21-150400.24.167.1 | 5.14.21-150400.24.167.1 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix memory leak in vhci_write Syzkaller reports a memory leak as follows: ==================================== BUG: memory leak unreferenced object 0xffff88810d81ac00 (size 240): [...] hex | |
| CVE-2022-49906 | Med | 5.5 | < 5.14.21-150400.24.167.1 | 5.14.21-150400.24.167.1 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: ibmvnic: Free rwi on reset success Free the rwi structure in the event that the last rwi in the list processed successfully. The logic in commit 4f408e1fa6e1 ("ibmvnic: retry reset if there are no other resets" | |
| CVE-2022-49905 | Med | 5.5 | < 5.14.21-150400.24.167.1 | 5.14.21-150400.24.167.1 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: net/smc: Fix possible leaked pernet namespace in smc_init() In smc_init(), register_pernet_subsys(&smc_net_stat_ops) is called without any error handling. If it fails, registering of &smc_net_ops won't be rever | |
| CVE-2022-49900 | Hig | 7.8 | < 5.14.21-150400.24.167.1 | 5.14.21-150400.24.167.1 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: i2c: piix4: Fix adapter not be removed in piix4_remove() In piix4_probe(), the piix4 adapter will be registered in: piix4_probe() piix4_add_adapters_sb800() / piix4_add_adapter() i2c_add_adapter | |
| CVE-2022-49892 | Hig | 7.8 | < 5.14.21-150400.24.167.1 | 5.14.21-150400.24.167.1 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix use-after-free for dynamic ftrace_ops KASAN reported a use-after-free with ftrace ops [1]. It was found from vmcore that perf had registered two ops with the same content successively, both dynamic. | |
| CVE-2022-49891 | Med | 5.5 | < 5.14.21-150400.24.167.1 | 5.14.21-150400.24.167.1 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: tracing: kprobe: Fix memory leak in test_gen_kprobe/kretprobe_cmd() test_gen_kprobe_cmd() only free buf in fail path, hence buf will leak when there is no failure. Move kfree(buf) from fail path to common path | |
| CVE-2022-49890 | Med | 5.5 | < 5.14.21-150400.24.167.1 | 5.14.21-150400.24.167.1 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: capabilities: fix potential memleak on error path from vfs_getxattr_alloc() In cap_inode_getsecurity(), we will use vfs_getxattr_alloc() to complete the memory allocation of tmpbuf, if we have completed the mem |
- affected < 5.14.21-150400.24.167.1fixed 5.14.21-150400.24.167.1
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix kernel-infoleak in nilfs_ioctl_wrap_copy() The ioctl helper function nilfs_ioctl_wrap_copy(), which exchanges a metadata array to/from user space, may copy uninitialized buffer regions to user space
- affected < 5.14.21-150400.24.170.1fixed 5.14.21-150400.24.170.1
In the Linux kernel, the following vulnerability has been resolved: codel: remove sch->q.qlen check before qdisc_tree_reduce_backlog() After making all ->qlen_notify() callbacks idempotent, now it is safe to remove the check of qlen!=0 from both fq_codel_dequeue() and codel_qdi
- affected < 5.14.21-150400.24.170.1fixed 5.14.21-150400.24.170.1
In the Linux kernel, the following vulnerability has been resolved: net_sched: hfsc: Fix a UAF vulnerability in class handling This patch fixes a Use-After-Free vulnerability in the HFSC qdisc class handling. The issue occurs due to a time-of-check/time-of-use condition in hfsc
- affected < 5.14.21-150400.24.167.1fixed 5.14.21-150400.24.167.1
In the Linux kernel, the following vulnerability has been resolved: IB/hfi1: Correctly move list in sc_disable() Commit 13bac861952a ("IB/hfi1: Fix abba locking issue with sc_disable()") incorrectly tries to move a list from one list head to another. The result is a kernel cra
- affected < 5.14.21-150400.24.167.1fixed 5.14.21-150400.24.167.1
In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix null-ptr-deref when xps sysfs alloc failed There is a null-ptr-deref when xps sysfs alloc failed: BUG: KASAN: null-ptr-deref in sysfs_do_create_link_sd+0x40/0xd0 Read of size 8 at addr 000000000
- affected < 5.14.21-150400.24.167.1fixed 5.14.21-150400.24.167.1
In the Linux kernel, the following vulnerability has been resolved: nfs4: Fix kmemleak when allocate slot failed If one of the slot allocate failed, should cleanup all the other allocated slots, otherwise, the allocated slots will leak: unreferenced object 0xffff8881115aa100
- affected < 5.14.21-150400.24.167.1fixed 5.14.21-150400.24.167.1
In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Fix null-ptr-deref in ib_core_cleanup() KASAN reported a null-ptr-deref error: KASAN: null-ptr-deref in range [0x0000000000000118-0x000000000000011f] CPU: 1 PID: 379 Hardware name: QEMU Standa
- affected < 5.14.21-150400.24.167.1fixed 5.14.21-150400.24.167.1
In the Linux kernel, the following vulnerability has been resolved: nfc: fdp: Fix potential memory leak in fdp_nci_send() fdp_nci_send() will call fdp_nci_i2c_write that will not free skb in the function. As a result, when fdp_nci_i2c_write() finished, the skb will memleak. fdp
- affected < 5.14.21-150400.24.167.1fixed 5.14.21-150400.24.167.1
In the Linux kernel, the following vulnerability has been resolved: nfc: nxp-nci: Fix potential memory leak in nxp_nci_send() nxp_nci_send() will call nxp_nci_i2c_write(), and only free skb when nxp_nci_i2c_write() failed. However, even if the nxp_nci_i2c_write() run succeeds,
- affected < 5.14.21-150400.24.167.1fixed 5.14.21-150400.24.167.1
In the Linux kernel, the following vulnerability has been resolved: nfc: nfcmrvl: Fix potential memory leak in nfcmrvl_i2c_nci_send() nfcmrvl_i2c_nci_send() will be called by nfcmrvl_nci_send(), and skb should be freed in nfcmrvl_i2c_nci_send(). However, nfcmrvl_nci_send() will
- affected < 5.14.21-150400.24.167.1fixed 5.14.21-150400.24.167.1
In the Linux kernel, the following vulnerability has been resolved: rose: Fix NULL pointer dereference in rose_send_frame() The syzkaller reported an issue: KASAN: null-ptr-deref in range [0x0000000000000380-0x0000000000000387] CPU: 0 PID: 4069 Comm: kworker/0:15 Not tainted 6
- affected < 5.14.21-150400.24.167.1fixed 5.14.21-150400.24.167.1
In the Linux kernel, the following vulnerability has been resolved: mISDN: fix possible memory leak in mISDN_register_device() Afer commit 1fa5ae857bb1 ("driver core: get rid of struct device's bus_id string array"), the name of device is allocated dynamically, add put_device()
- affected < 5.14.21-150400.24.167.1fixed 5.14.21-150400.24.167.1
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix use-after-free caused by l2cap_reassemble_sdu Fix the race condition between the following two flows that run in parallel: 1. l2cap_reassemble_sdu -> chan->ops->recv (l2cap_sock_recv_cb)
- affected < 5.14.21-150400.24.167.1fixed 5.14.21-150400.24.167.1
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix memory leak in vhci_write Syzkaller reports a memory leak as follows: ==================================== BUG: memory leak unreferenced object 0xffff88810d81ac00 (size 240): [...] hex
- affected < 5.14.21-150400.24.167.1fixed 5.14.21-150400.24.167.1
In the Linux kernel, the following vulnerability has been resolved: ibmvnic: Free rwi on reset success Free the rwi structure in the event that the last rwi in the list processed successfully. The logic in commit 4f408e1fa6e1 ("ibmvnic: retry reset if there are no other resets"
- affected < 5.14.21-150400.24.167.1fixed 5.14.21-150400.24.167.1
In the Linux kernel, the following vulnerability has been resolved: net/smc: Fix possible leaked pernet namespace in smc_init() In smc_init(), register_pernet_subsys(&smc_net_stat_ops) is called without any error handling. If it fails, registering of &smc_net_ops won't be rever
- affected < 5.14.21-150400.24.167.1fixed 5.14.21-150400.24.167.1
In the Linux kernel, the following vulnerability has been resolved: i2c: piix4: Fix adapter not be removed in piix4_remove() In piix4_probe(), the piix4 adapter will be registered in: piix4_probe() piix4_add_adapters_sb800() / piix4_add_adapter() i2c_add_adapter
- affected < 5.14.21-150400.24.167.1fixed 5.14.21-150400.24.167.1
In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix use-after-free for dynamic ftrace_ops KASAN reported a use-after-free with ftrace ops [1]. It was found from vmcore that perf had registered two ops with the same content successively, both dynamic.
- affected < 5.14.21-150400.24.167.1fixed 5.14.21-150400.24.167.1
In the Linux kernel, the following vulnerability has been resolved: tracing: kprobe: Fix memory leak in test_gen_kprobe/kretprobe_cmd() test_gen_kprobe_cmd() only free buf in fail path, hence buf will leak when there is no failure. Move kfree(buf) from fail path to common path
- affected < 5.14.21-150400.24.167.1fixed 5.14.21-150400.24.167.1
In the Linux kernel, the following vulnerability has been resolved: capabilities: fix potential memleak on error path from vfs_getxattr_alloc() In cap_inode_getsecurity(), we will use vfs_getxattr_alloc() to complete the memory allocation of tmpbuf, if we have completed the mem
Page 58 of 143