suse/kernel-source&distro=SUSE Linux Enterprise High Performance Computing 15 SP4-ESPOS

Vulnerabilities (2,830)

• CVE-2021-47671Apr 17, 2025
  affected < 5.14.21-150400.24.164.1fixed 5.14.21-150400.24.164.1

  In the Linux kernel, the following vulnerability has been resolved: can: etas_es58x: es58x_rx_err_msg(): fix memory leak in error path In es58x_rx_err_msg(), if can->do_set_mode() fails, the function directly returns without calling netif_rx(skb). This means that the skb previo

• CVE-2025-23138Apr 16, 2025
  affected < 5.14.21-150400.24.167.1fixed 5.14.21-150400.24.167.1

  In the Linux kernel, the following vulnerability has been resolved: watch_queue: fix pipe accounting mismatch Currently, watch_queue_set_size() modifies the pipe buffers charged to user->pipe_bufs without updating the pipe->nr_accounted on the pipe itself, due to the if (!pipe_

• CVE-2025-22097Apr 16, 2025
  affected < 5.14.21-150400.24.164.1fixed 5.14.21-150400.24.164.1

  In the Linux kernel, the following vulnerability has been resolved: drm/vkms: Fix use after free and double free on init error If the driver initialization fails, the vkms_exit() function might access an uninitialized or freed default_config pointer and it might double free it.

• CVE-2025-22060Apr 16, 2025
  affected < 5.14.21-150400.24.167.1fixed 5.14.21-150400.24.167.1

  In the Linux kernel, the following vulnerability has been resolved: net: mvpp2: Prevent parser TCAM memory corruption Protect the parser TCAM/SRAM memory, and the cached (shadow) SRAM information, from concurrent modifications. Both the TCAM and SRAM tables are indirectly acce

• CVE-2025-22056Apr 16, 2025
  affected < 5.14.21-150400.24.167.1fixed 5.14.21-150400.24.167.1

  In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_tunnel: fix geneve_opt type confusion addition When handling multiple NFTA_TUNNEL_KEY_OPTS_GENEVE attributes, the parsing logic should place every geneve_opt structure one by one compactly. Hence

• CVE-2025-22055Apr 16, 2025
  affected < 5.14.21-150400.24.164.1fixed 5.14.21-150400.24.164.1

  In the Linux kernel, the following vulnerability has been resolved: net: fix geneve_opt length integer overflow struct geneve_opt uses 5 bit length for each single option, which means every vary size option should be smaller than 128 bytes. However, all current related Netlink

• CVE-2025-22045Apr 16, 2025
  affected < 5.14.21-150400.24.164.1fixed 5.14.21-150400.24.164.1

  In the Linux kernel, the following vulnerability has been resolved: x86/mm: Fix flush_tlb_range() when used for zapping normal PMDs On the following path, flush_tlb_range() can be used for zapping normal PMD entries (PMD entries that point to page tables) together with the PTE

• CVE-2025-22020Apr 16, 2025
  affected < 5.14.21-150400.24.164.1fixed 5.14.21-150400.24.164.1

  In the Linux kernel, the following vulnerability has been resolved: memstick: rtsx_usb_ms: Fix slab-use-after-free in rtsx_usb_ms_drv_remove This fixes the following crash: ================================================================== BUG: KASAN: slab-use-after-free in rt

• CVE-2025-22004Apr 3, 2025
  affected < 5.14.21-150400.24.164.1fixed 5.14.21-150400.24.164.1

  In the Linux kernel, the following vulnerability has been resolved: net: atm: fix use after free in lec_send() The ->send() operation frees skb so save the length before calling ->send() to avoid a use after free.

• CVE-2025-21999Apr 3, 2025
  affected < 5.14.21-150400.24.167.1fixed 5.14.21-150400.24.167.1

  In the Linux kernel, the following vulnerability has been resolved: proc: fix UAF in proc_get_inode() Fix race between rmmod and /proc/XXX's inode instantiation. The bug is that pde->proc_ops don't belong to /proc, it belongs to a module, therefore dereferencing it after /proc

• CVE-2025-21971Apr 1, 2025
  affected < 5.14.21-150400.24.173.1fixed 5.14.21-150400.24.173.1

  In the Linux kernel, the following vulnerability has been resolved: net_sched: Prevent creation of classes with TC_H_ROOT The function qdisc_tree_reduce_backlog() uses TC_H_ROOT as a termination condition when traversing up the qdisc tree to update parent backlog counters. Howe

• CVE-2023-52975HigMar 27, 2025
  affected < 5.14.21-150400.24.161.1fixed 5.14.21-150400.24.161.1

  In the Linux kernel, the following vulnerability has been resolved: scsi: iscsi_tcp: Fix UAF during logout when accessing the shost ipaddress Bug report and analysis from Ding Hui. During iSCSI session logout, if another task accesses the shost ipaddress attr, we can get a KAS

• CVE-2023-53033Mar 27, 2025
  affected < 5.14.21-150400.24.161.1fixed 5.14.21-150400.24.161.1

  In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_payload: incorrect arithmetics when fetching VLAN header bits If the offset + length goes over the ethernet + vlan header, then the length is adjusted to copy the bytes that are within the bounda

• CVE-2023-53030Mar 27, 2025
  affected < 5.14.21-150400.24.161.1fixed 5.14.21-150400.24.161.1

  In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: Avoid use of GFP_KERNEL in atomic context Using GFP_KERNEL in preemption disable context, causing below warning when CONFIG_DEBUG_ATOMIC_SLEEP is enabled. [ 32.542271] BUG: sleeping function ca

• CVE-2023-53029Mar 27, 2025
  affected < 5.14.21-150400.24.161.1fixed 5.14.21-150400.24.161.1

  In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: Fix the use of GFP_KERNEL in atomic context on rt The commit 4af1b64f80fb ("octeontx2-pf: Fix lmtst ID used in aura free") uses the get/put_cpu() to protect the usage of percpu pointer in ->aura_f

• CVE-2023-53028Mar 27, 2025
  affected < 5.14.21-150400.24.161.1fixed 5.14.21-150400.24.161.1

  In the Linux kernel, the following vulnerability has been resolved: Revert "wifi: mac80211: fix memory leak in ieee80211_if_add()" This reverts commit 13e5afd3d773c6fc6ca2b89027befaaaa1ea7293. ieee80211_if_free() is already called from free_netdev(ndev) because ndev->priv_dest

• CVE-2023-53026Mar 27, 2025
  affected < 5.14.21-150400.24.161.1fixed 5.14.21-150400.24.161.1

  In the Linux kernel, the following vulnerability has been resolved: RDMA/core: Fix ib block iterator counter overflow When registering a new DMA MR after selecting the best aligned page size for it, we iterate over the given sglist to split each entry to smaller, aligned to the

• CVE-2023-53024Mar 27, 2025
  affected < 5.14.21-150400.24.161.1fixed 5.14.21-150400.24.161.1

  In the Linux kernel, the following vulnerability has been resolved: bpf: Fix pointer-leak due to insufficient speculative store bypass mitigation To mitigate Spectre v4, 2039f26f3aca ("bpf: Fix leakage due to insufficient speculative store bypass mitigation") inserts lfence ins

• CVE-2023-53023Mar 27, 2025
  affected < 5.14.21-150400.24.161.1fixed 5.14.21-150400.24.161.1

  In the Linux kernel, the following vulnerability has been resolved: net: nfc: Fix use-after-free in local_cleanup() Fix a use-after-free that occurs in kfree_skb() called from local_cleanup(). This could happen when killing nfc daemon (e.g. neard) after detaching an nfc device.

• CVE-2023-53019Mar 27, 2025
  affected < 5.14.21-150400.24.161.1fixed 5.14.21-150400.24.161.1

  In the Linux kernel, the following vulnerability has been resolved: net: mdio: validate parameter addr in mdiobus_get_phy() The caller may pass any value as addr, what may result in an out-of-bounds access to array mdio_map. One existing case is stmmac_init_phy() that may pass