suse/kernel-source&distro=SUSE Linux Enterprise High Performance Computing 15 SP5-LTSS

Vulnerabilities (2,318)

• CVE-2023-53356Sep 17, 2025
  affected < 5.14.21-150500.55.124.1fixed 5.14.21-150500.55.124.1

  In the Linux kernel, the following vulnerability has been resolved: usb: gadget: u_serial: Add null pointer check in gserial_suspend Consider a case where gserial_disconnect has already cleared gser->ioport. And if gserial_suspend gets called afterwards, it will lead to accessi

• CVE-2023-53352Sep 17, 2025
  affected < 5.14.21-150500.55.124.1fixed 5.14.21-150500.55.124.1

  In the Linux kernel, the following vulnerability has been resolved: drm/ttm: check null pointer before accessing when swapping Add a check to avoid null pointer dereference as below: [ 90.002283] general protection fault, probably for non-canonical address 0xdffffc0000000000

• CVE-2023-53349Sep 17, 2025
  affected < 5.14.21-150500.55.124.1fixed 5.14.21-150500.55.124.1

  In the Linux kernel, the following vulnerability has been resolved: media: ov2740: Fix memleak in ov2740_init_controls() There is a kmemleak when testing the media/i2c/ov2740.c with bpf mock device: unreferenced object 0xffff8881090e19e0 (size 16): comm "51-i2c-ov2740", pid

• CVE-2023-53347Sep 17, 2025
  affected < 5.14.21-150500.55.124.1fixed 5.14.21-150500.55.124.1

  In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Handle pairing of E-switch via uplink un/load APIs In case user switch a device from switchdev mode to legacy mode, mlx5 first unpair the E-switch and afterwards unload the uplink vport. From the othe

• CVE-2023-53344Sep 17, 2025
  affected < 5.14.21-150500.55.124.1fixed 5.14.21-150500.55.124.1

  In the Linux kernel, the following vulnerability has been resolved: can: bcm: bcm_tx_setup(): fix KMSAN uninit-value in vfs_write Syzkaller reported the following issue: ===================================================== BUG: KMSAN: uninit-value in aio_rw_done fs/aio.c:1520

• CVE-2023-53340Sep 17, 2025
  affected < 5.14.21-150500.55.124.1fixed 5.14.21-150500.55.124.1

  In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Collect command failures data only for known commands DEVX can issue a general command, which is not used by mlx5 driver. In case such command is failed, mlx5 is trying to collect the failure data, Ho

• CVE-2023-53337Sep 17, 2025
  affected < 5.14.21-150500.55.124.1fixed 5.14.21-150500.55.124.1

  In the Linux kernel, the following vulnerability has been resolved: nilfs2: do not write dirty data after degenerating to read-only According to syzbot's report, mark_buffer_dirty() called from nilfs_segctor_do_construct() outputs a warning with some patterns after nilfs2 detec

• CVE-2023-53335Sep 17, 2025
  affected < 5.14.21-150500.55.124.1fixed 5.14.21-150500.55.124.1

  In the Linux kernel, the following vulnerability has been resolved: RDMA/cxgb4: Fix potential null-ptr-deref in pass_establish() If get_ep_from_tid() fails to lookup non-NULL value for ep, ep is dereferenced later regardless of whether it is empty. This patch adds a simple sani

• CVE-2022-50374Sep 17, 2025
  affected < 5.14.21-150500.55.124.1fixed 5.14.21-150500.55.124.1

  In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_{ldisc,serdev}: check percpu_init_rwsem() failure syzbot is reporting NULL pointer dereference at hci_uart_tty_close() [1], for rcu_sync_enter() is called without rcu_sync_init() due to hci_uart_

• CVE-2022-50373Sep 17, 2025
  affected < 5.14.21-150500.55.124.1fixed 5.14.21-150500.55.124.1

  In the Linux kernel, the following vulnerability has been resolved: fs: dlm: fix race in lowcomms This patch fixes a race between queue_work() in _dlm_lowcomms_commit_msg() and srcu_read_unlock(). The queue_work() can take the final reference of a dlm_msg and so msg->idx can co

• CVE-2022-50372Sep 17, 2025
  affected < 5.14.21-150500.55.124.1fixed 5.14.21-150500.55.124.1

  In the Linux kernel, the following vulnerability has been resolved: cifs: Fix memory leak when build ntlmssp negotiate blob failed There is a memory leak when mount cifs: unreferenced object 0xffff888166059600 (size 448): comm "mount.cifs", pid 51391, jiffies 4295596373 (

• CVE-2022-50370Sep 17, 2025
  affected < 5.14.21-150500.55.124.1fixed 5.14.21-150500.55.124.1

  In the Linux kernel, the following vulnerability has been resolved: i2c: designware: Fix handling of real but unexpected device interrupts Commit c7b79a752871 ("mfd: intel-lpss: Add Intel Alder Lake PCH-S PCI IDs") caused a regression on certain Gigabyte motherboards for Intel

• CVE-2022-50369Sep 17, 2025
  affected < 5.14.21-150500.55.124.1fixed 5.14.21-150500.55.124.1

  In the Linux kernel, the following vulnerability has been resolved: drm/vkms: Fix null-ptr-deref in vkms_release() A null-ptr-deref is triggered when it tries to destroy the workqueue in vkms->output.composer_workq in vkms_release(). KASAN: null-ptr-deref in range [0x00000000

• CVE-2022-50368Sep 17, 2025
  affected < 5.14.21-150500.55.124.1fixed 5.14.21-150500.55.124.1

  In the Linux kernel, the following vulnerability has been resolved: drm/msm/dsi: fix memory corruption with too many bridges Add the missing sanity check on the bridge counter to avoid corrupting data beyond the fixed-sized bridge array in case there are ever more than eight br

• CVE-2022-50367Sep 17, 2025
  affected < 5.14.21-150500.55.124.1fixed 5.14.21-150500.55.124.1

  In the Linux kernel, the following vulnerability has been resolved: fs: fix UAF/GPF bug in nilfs_mdt_destroy In alloc_inode, inode_init_always() could return -ENOMEM if security_inode_alloc() fails, which causes inode->i_private uninitialized. Then nilfs_is_metadata_file_inode(

• CVE-2022-50364Sep 17, 2025
  affected < 5.14.21-150500.55.124.1fixed 5.14.21-150500.55.124.1

  In the Linux kernel, the following vulnerability has been resolved: i2c: mux: reg: check return value after calling platform_get_resource() It will cause null-ptr-deref in resource_size(), if platform_get_resource() returns NULL, move calling resource_size() after devm_ioremap_

• CVE-2022-50362Sep 17, 2025
  affected < 5.14.21-150500.55.124.1fixed 5.14.21-150500.55.124.1

  In the Linux kernel, the following vulnerability has been resolved: dmaengine: hisilicon: Add multi-thread support for a DMA channel When we get a DMA channel and try to use it in multiple threads it will cause oops and hanging the system. % echo 100 > /sys/module/dmatest/para

• CVE-2022-50360Sep 17, 2025
  affected < 5.14.21-150500.55.124.1fixed 5.14.21-150500.55.124.1

  In the Linux kernel, the following vulnerability has been resolved: drm/msm/dp: fix aux-bus EP lifetime Device-managed resources allocated post component bind must be tied to the lifetime of the aggregate DRM device or they will not necessarily be released when binding of the a

• CVE-2022-50359Sep 17, 2025
  affected < 5.14.21-150500.55.124.1fixed 5.14.21-150500.55.124.1

  In the Linux kernel, the following vulnerability has been resolved: media: cx88: Fix a null-ptr-deref bug in buffer_prepare() When the driver calls cx88_risc_buffer() to prepare the buffer, the function call may fail, resulting in a empty buffer and null-ptr-deref later in buff

• CVE-2022-50358Sep 17, 2025
  affected < 5.14.21-150500.55.124.1fixed 5.14.21-150500.55.124.1

  In the Linux kernel, the following vulnerability has been resolved: brcmfmac: return error when getting invalid max_flowrings from dongle When firmware hit trap at initialization, host will read abnormal max_flowrings number from dongle, and it will cause kernel panic when doin