rpm package
suse/kernel-source&distro=SUSE Linux Enterprise High Performance Computing 15 SP4-LTSS
pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP4-LTSS
Vulnerabilities (2,830)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-52873 | — | < 5.14.21-150400.24.122.1 | 5.14.21-150400.24.122.1 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: clk-mt6779: Add check for mtk_alloc_clk_data Add the check for the return value of mtk_alloc_clk_data() in order to avoid NULL pointer dereference. | ||
| CVE-2023-52872 | — | < 5.14.21-150400.24.122.1 | 5.14.21-150400.24.122.1 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: tty: n_gsm: fix race condition in status line change on dead connections gsm_cleanup_mux() cleans up the gsm by closing all DLCIs, stopping all timers, removing the virtual tty devices and clearing the data que | ||
| CVE-2023-52871 | — | < 5.14.21-150400.24.122.1 | 5.14.21-150400.24.122.1 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: soc: qcom: llcc: Handle a second device without data corruption Usually there is only one llcc device. But if there were a second, even a failed probe call would modify the global drv_data pointer. So check if | ||
| CVE-2023-52870 | — | < 5.14.21-150400.24.122.1 | 5.14.21-150400.24.122.1 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: clk-mt6765: Add check for mtk_alloc_clk_data Add the check for the return value of mtk_alloc_clk_data() in order to avoid NULL pointer dereference. | ||
| CVE-2023-52868 | — | < 5.14.21-150400.24.122.1 | 5.14.21-150400.24.122.1 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: thermal: core: prevent potential string overflow The dev->id value comes from ida_alloc() so it's a number between zero and INT_MAX. If it's too high then these sprintf()s will overflow. | ||
| CVE-2023-52867 | — | < 5.14.21-150400.24.122.1 | 5.14.21-150400.24.122.1 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/radeon: possible buffer overflow Buffer 'afmt_status' of size 6 could overflow, since index 'afmt_idx' is checked after access. | ||
| CVE-2023-52865 | — | < 5.14.21-150400.24.122.1 | 5.14.21-150400.24.122.1 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: clk-mt6797: Add check for mtk_alloc_clk_data Add the check for the return value of mtk_alloc_clk_data() in order to avoid NULL pointer dereference. | ||
| CVE-2023-52864 | — | < 5.14.21-150400.24.122.1 | 5.14.21-150400.24.122.1 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: platform/x86: wmi: Fix opening of char device Since commit fa1f68db6ca7 ("drivers: misc: pass miscdevice pointer via file private data"), the miscdevice stores a pointer to itself inside filp->private_data, whi | ||
| CVE-2023-52858 | — | < 5.14.21-150400.24.122.1 | 5.14.21-150400.24.122.1 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: clk-mt7629: Add check for mtk_alloc_clk_data Add the check for the return value of mtk_alloc_clk_data() in order to avoid NULL pointer dereference. | ||
| CVE-2023-52856 | — | < 5.14.21-150400.24.122.1 | 5.14.21-150400.24.122.1 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/bridge: lt8912b: Fix crash on bridge detach The lt8912b driver, in its bridge detach function, calls drm_connector_unregister() and drm_connector_cleanup(). drm_connector_unregister() should be called only | ||
| CVE-2023-52855 | — | < 5.14.21-150400.24.122.1 | 5.14.21-150400.24.122.1 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: usb: dwc2: fix possible NULL pointer dereference caused by driver concurrency In _dwc2_hcd_urb_enqueue(), "urb->hcpriv = NULL" is executed without holding the lock "hsotg->lock". In _dwc2_hcd_urb_dequeue(): | ||
| CVE-2023-52854 | — | < 5.14.21-150400.24.122.1 | 5.14.21-150400.24.122.1 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: padata: Fix refcnt handling in padata_free_shell() In a high-load arm64 environment, the pcrypt_aead01 test in LTP can lead to system UAF (Use-After-Free) issues. Due to the lengthy analysis of the pcrypt_aead0 | ||
| CVE-2023-52853 | — | < 5.14.21-150400.24.122.1 | 5.14.21-150400.24.122.1 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: hid: cp2112: Fix duplicate workqueue initialization Previously the cp2112 driver called INIT_DELAYED_WORK within cp2112_gpio_irq_startup, resulting in duplicate initilizations of the workqueue on subsequent IRQ | ||
| CVE-2023-52847 | — | < 5.14.21-150400.24.122.1 | 5.14.21-150400.24.122.1 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: media: bttv: fix use after free error due to btv->timeout timer There may be some a race condition between timer function bttv_irq_timeout and bttv_remove. The timer is setup in probe and there is no timer_dele | ||
| CVE-2023-52846 | — | < 5.14.21-150400.24.125.1 | 5.14.21-150400.24.125.1 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: hsr: Prevent use after free in prp_create_tagged_frame() The prp_fill_rct() function can fail. In that situation, it frees the skb and returns NULL. Meanwhile on the success path, it returns the original skb. | ||
| CVE-2023-52844 | — | < 5.14.21-150400.24.122.1 | 5.14.21-150400.24.122.1 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: media: vidtv: psi: Add check for kstrdup Add check for the return value of kstrdup() and return the error if it fails in order to avoid NULL pointer dereference. | ||
| CVE-2023-52841 | — | < 5.14.21-150400.24.122.1 | 5.14.21-150400.24.122.1 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: media: vidtv: mux: Add check and kfree for kstrdup Add check for the return value of kstrdup() and return the error if it fails in order to avoid NULL pointer dereference. Moreover, use kfree() in the later err | ||
| CVE-2023-52840 | — | < 5.14.21-150400.24.122.1 | 5.14.21-150400.24.122.1 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: Input: synaptics-rmi4 - fix use after free in rmi_unregister_function() The put_device() calls rmi_release_function() which frees "fn" so the dereference on the next line "fn->num_of_irqs" is a use after free. | ||
| CVE-2023-52838 | — | < 5.14.21-150400.24.122.1 | 5.14.21-150400.24.122.1 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: fbdev: imsttfb: fix a resource leak in probe I've re-written the error handling but the bug is that if init_imstt() fails we need to call iounmap(par->cmap_regs). | ||
| CVE-2023-52837 | — | < 5.14.21-150400.24.125.1 | 5.14.21-150400.24.125.1 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: nbd: fix uaf in nbd_open Commit 4af5f2e03013 ("nbd: use blk_mq_alloc_disk and blk_cleanup_disk") cleans up disk by blk_cleanup_disk() and it won't set disk->private_data as NULL as before. UAF may be triggered |
- CVE-2023-52873May 21, 2024affected < 5.14.21-150400.24.122.1fixed 5.14.21-150400.24.122.1
In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: clk-mt6779: Add check for mtk_alloc_clk_data Add the check for the return value of mtk_alloc_clk_data() in order to avoid NULL pointer dereference.
- CVE-2023-52872May 21, 2024affected < 5.14.21-150400.24.122.1fixed 5.14.21-150400.24.122.1
In the Linux kernel, the following vulnerability has been resolved: tty: n_gsm: fix race condition in status line change on dead connections gsm_cleanup_mux() cleans up the gsm by closing all DLCIs, stopping all timers, removing the virtual tty devices and clearing the data que
- CVE-2023-52871May 21, 2024affected < 5.14.21-150400.24.122.1fixed 5.14.21-150400.24.122.1
In the Linux kernel, the following vulnerability has been resolved: soc: qcom: llcc: Handle a second device without data corruption Usually there is only one llcc device. But if there were a second, even a failed probe call would modify the global drv_data pointer. So check if
- CVE-2023-52870May 21, 2024affected < 5.14.21-150400.24.122.1fixed 5.14.21-150400.24.122.1
In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: clk-mt6765: Add check for mtk_alloc_clk_data Add the check for the return value of mtk_alloc_clk_data() in order to avoid NULL pointer dereference.
- CVE-2023-52868May 21, 2024affected < 5.14.21-150400.24.122.1fixed 5.14.21-150400.24.122.1
In the Linux kernel, the following vulnerability has been resolved: thermal: core: prevent potential string overflow The dev->id value comes from ida_alloc() so it's a number between zero and INT_MAX. If it's too high then these sprintf()s will overflow.
- CVE-2023-52867May 21, 2024affected < 5.14.21-150400.24.122.1fixed 5.14.21-150400.24.122.1
In the Linux kernel, the following vulnerability has been resolved: drm/radeon: possible buffer overflow Buffer 'afmt_status' of size 6 could overflow, since index 'afmt_idx' is checked after access.
- CVE-2023-52865May 21, 2024affected < 5.14.21-150400.24.122.1fixed 5.14.21-150400.24.122.1
In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: clk-mt6797: Add check for mtk_alloc_clk_data Add the check for the return value of mtk_alloc_clk_data() in order to avoid NULL pointer dereference.
- CVE-2023-52864May 21, 2024affected < 5.14.21-150400.24.122.1fixed 5.14.21-150400.24.122.1
In the Linux kernel, the following vulnerability has been resolved: platform/x86: wmi: Fix opening of char device Since commit fa1f68db6ca7 ("drivers: misc: pass miscdevice pointer via file private data"), the miscdevice stores a pointer to itself inside filp->private_data, whi
- CVE-2023-52858May 21, 2024affected < 5.14.21-150400.24.122.1fixed 5.14.21-150400.24.122.1
In the Linux kernel, the following vulnerability has been resolved: clk: mediatek: clk-mt7629: Add check for mtk_alloc_clk_data Add the check for the return value of mtk_alloc_clk_data() in order to avoid NULL pointer dereference.
- CVE-2023-52856May 21, 2024affected < 5.14.21-150400.24.122.1fixed 5.14.21-150400.24.122.1
In the Linux kernel, the following vulnerability has been resolved: drm/bridge: lt8912b: Fix crash on bridge detach The lt8912b driver, in its bridge detach function, calls drm_connector_unregister() and drm_connector_cleanup(). drm_connector_unregister() should be called only
- CVE-2023-52855May 21, 2024affected < 5.14.21-150400.24.122.1fixed 5.14.21-150400.24.122.1
In the Linux kernel, the following vulnerability has been resolved: usb: dwc2: fix possible NULL pointer dereference caused by driver concurrency In _dwc2_hcd_urb_enqueue(), "urb->hcpriv = NULL" is executed without holding the lock "hsotg->lock". In _dwc2_hcd_urb_dequeue():
- CVE-2023-52854May 21, 2024affected < 5.14.21-150400.24.122.1fixed 5.14.21-150400.24.122.1
In the Linux kernel, the following vulnerability has been resolved: padata: Fix refcnt handling in padata_free_shell() In a high-load arm64 environment, the pcrypt_aead01 test in LTP can lead to system UAF (Use-After-Free) issues. Due to the lengthy analysis of the pcrypt_aead0
- CVE-2023-52853May 21, 2024affected < 5.14.21-150400.24.122.1fixed 5.14.21-150400.24.122.1
In the Linux kernel, the following vulnerability has been resolved: hid: cp2112: Fix duplicate workqueue initialization Previously the cp2112 driver called INIT_DELAYED_WORK within cp2112_gpio_irq_startup, resulting in duplicate initilizations of the workqueue on subsequent IRQ
- CVE-2023-52847May 21, 2024affected < 5.14.21-150400.24.122.1fixed 5.14.21-150400.24.122.1
In the Linux kernel, the following vulnerability has been resolved: media: bttv: fix use after free error due to btv->timeout timer There may be some a race condition between timer function bttv_irq_timeout and bttv_remove. The timer is setup in probe and there is no timer_dele
- CVE-2023-52846May 21, 2024affected < 5.14.21-150400.24.125.1fixed 5.14.21-150400.24.125.1
In the Linux kernel, the following vulnerability has been resolved: hsr: Prevent use after free in prp_create_tagged_frame() The prp_fill_rct() function can fail. In that situation, it frees the skb and returns NULL. Meanwhile on the success path, it returns the original skb.
- CVE-2023-52844May 21, 2024affected < 5.14.21-150400.24.122.1fixed 5.14.21-150400.24.122.1
In the Linux kernel, the following vulnerability has been resolved: media: vidtv: psi: Add check for kstrdup Add check for the return value of kstrdup() and return the error if it fails in order to avoid NULL pointer dereference.
- CVE-2023-52841May 21, 2024affected < 5.14.21-150400.24.122.1fixed 5.14.21-150400.24.122.1
In the Linux kernel, the following vulnerability has been resolved: media: vidtv: mux: Add check and kfree for kstrdup Add check for the return value of kstrdup() and return the error if it fails in order to avoid NULL pointer dereference. Moreover, use kfree() in the later err
- CVE-2023-52840May 21, 2024affected < 5.14.21-150400.24.122.1fixed 5.14.21-150400.24.122.1
In the Linux kernel, the following vulnerability has been resolved: Input: synaptics-rmi4 - fix use after free in rmi_unregister_function() The put_device() calls rmi_release_function() which frees "fn" so the dereference on the next line "fn->num_of_irqs" is a use after free.
- CVE-2023-52838May 21, 2024affected < 5.14.21-150400.24.122.1fixed 5.14.21-150400.24.122.1
In the Linux kernel, the following vulnerability has been resolved: fbdev: imsttfb: fix a resource leak in probe I've re-written the error handling but the bug is that if init_imstt() fails we need to call iounmap(par->cmap_regs).
- CVE-2023-52837May 21, 2024affected < 5.14.21-150400.24.125.1fixed 5.14.21-150400.24.125.1
In the Linux kernel, the following vulnerability has been resolved: nbd: fix uaf in nbd_open Commit 4af5f2e03013 ("nbd: use blk_mq_alloc_disk and blk_cleanup_disk") cleans up disk by blk_cleanup_disk() and it won't set disk->private_data as NULL as before. UAF may be triggered
Page 117 of 142