VYPR

rpm package

suse/kernel-source&distro=SUSE Linux Enterprise Server 11 SP4 LTSS EXTREME CORE

pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4%20LTSS%20EXTREME%20CORE

Vulnerabilities (253)

  • CVE-2022-49733Mar 2, 2025
    affected < 3.0.101-108.180.1fixed 3.0.101-108.180.1

    In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: oss: Fix race at SNDCTL_DSP_SYNC There is a small race window at snd_pcm_oss_sync() that is called from OSS PCM SNDCTL_DSP_SYNC ioctl; namely the function calls snd_pcm_oss_make_ready() at first, the

  • CVE-2025-21772HigFeb 27, 2025
    affected < 3.0.101-108.180.1fixed 3.0.101-108.180.1

    In the Linux kernel, the following vulnerability has been resolved: partitions: mac: fix handling of bogus partition table Fix several issues in partition probing: - The bailout for a bad partoffset must use put_dev_sector(), since the preceding read_part_sector() succeede

  • CVE-2024-57996MedFeb 27, 2025
    affected < 3.0.101-108.180.1fixed 3.0.101-108.180.1

    In the Linux kernel, the following vulnerability has been resolved: net_sched: sch_sfq: don't allow 1 packet limit The current implementation does not work correctly with a limit of 1. iproute2 actually checks for this and this patch adds the check in kernel as well. This fixe

  • CVE-2025-21738Feb 27, 2025
    affected < 3.0.101-108.204.1fixed 3.0.101-108.204.1

    In the Linux kernel, the following vulnerability has been resolved: ata: libata-sff: Ensure that we cannot write outside the allocated buffer reveliofuzzing reported that a SCSI_IOCTL_SEND_COMMAND ioctl with out_len set to 0xd42, SCSI command set to ATA_16 PASS-THROUGH, ATA com

  • CVE-2025-21718Feb 27, 2025
    affected < 3.0.101-108.180.1fixed 3.0.101-108.180.1

    In the Linux kernel, the following vulnerability has been resolved: net: rose: fix timer races against user threads Rose timers only acquire the socket spinlock, without checking if the socket is owned by one user thread. Add a check and rearm the timers if needed. BUG: KASAN

  • CVE-2022-49545Feb 26, 2025
    affected < 3.0.101-108.180.1fixed 3.0.101-108.180.1

    In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Cancel pending work at closing a MIDI substream At closing a USB MIDI output substream, there might be still a pending work, which would eventually access the rawmidi runtime object that is bei

  • CVE-2022-49291Feb 26, 2025
    affected < 3.0.101-108.180.1fixed 3.0.101-108.180.1

    In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Fix races among concurrent hw_params and hw_free calls Currently we have neither proper check nor protection against the concurrent calls of PCM hw_params and hw_free ioctls, which may result in a UA

  • CVE-2022-49288Feb 26, 2025
    affected < 3.0.101-108.180.1fixed 3.0.101-108.180.1

    In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Fix races among concurrent prealloc proc writes We have no protection against concurrent PCM buffer preallocation changes via proc files, and it may potentially lead to UAF or some weird problem. Th

  • CVE-2022-49272Feb 26, 2025
    affected < 3.0.101-108.180.1fixed 3.0.101-108.180.1

    In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock syzbot caught a potential deadlock between the PCM runtime->buffer_mutex and the mm->mmap_lock. It was brought by the recent fix to cover the

  • CVE-2021-47633Feb 26, 2025
    affected < 3.0.101-108.180.1fixed 3.0.101-108.180.1

    In the Linux kernel, the following vulnerability has been resolved: ath5k: fix OOB in ath5k_eeprom_read_pcal_info_5111 The bug was found during fuzzing. Stacktrace locates it in ath5k_eeprom_convert_pcal_info_5111. When none of the curve is selected in the loop, idx can go up t

  • CVE-2025-21702HigFeb 18, 2025
    affected < 3.0.101-108.183.1fixed 3.0.101-108.183.1

    In the Linux kernel, the following vulnerability has been resolved: pfifo_tail_enqueue: Drop new packet when sch->limit == 0 Expected behaviour: In case we reach scheduler's limit, pfifo_tail_enqueue() will drop a packet in scheduler's queue and decrease scheduler's qlen by one

  • CVE-2025-21700Feb 13, 2025
    affected < 3.0.101-108.183.1fixed 3.0.101-108.183.1

    In the Linux kernel, the following vulnerability has been resolved: net: sched: Disallow replacing of child qdisc from one parent to another Lion Ackermann was able to create a UAF which can be abused for privilege escalation with the following script Step 1. create root qdisc

  • CVE-2024-57893Jan 15, 2025
    affected < 3.0.101-108.177.1fixed 3.0.101-108.177.1

    In the Linux kernel, the following vulnerability has been resolved: ALSA: seq: oss: Fix races at processing SysEx messages OSS sequencer handles the SysEx messages split in 6 bytes packets, and ALSA sequencer OSS layer tries to combine those. It stores the data in the internal

  • CVE-2024-57850Jan 11, 2025
    affected < 3.0.101-108.177.1fixed 3.0.101-108.177.1

    In the Linux kernel, the following vulnerability has been resolved: jffs2: Prevent rtime decompress memory corruption The rtime decompression routine does not fully check bounds during the entirety of the decompression pass and can corrupt memory outside the decompression buffe

  • CVE-2024-56759Jan 6, 2025
    affected < 3.0.101-108.177.1fixed 3.0.101-108.177.1

    In the Linux kernel, the following vulnerability has been resolved: btrfs: fix use-after-free when COWing tree bock and tracing is enabled When a COWing a tree block, at btrfs_cow_block(), and we have the tracepoint trace_btrfs_cow_block() enabled and preemption is also enabled

  • CVE-2024-56658Dec 27, 2024
    affected < 3.0.101-108.180.1fixed 3.0.101-108.180.1

    In the Linux kernel, the following vulnerability has been resolved: net: defer final 'struct net' free in netns dismantle Ilya reported a slab-use-after-free in dst_destroy [1] Issue is in xfrm6_net_init() and xfrm4_net_init() : They copy xfrm[46]_dst_ops_template into net->x

  • CVE-2024-56650Dec 27, 2024
    affected < 3.0.101-108.177.1fixed 3.0.101-108.177.1

    In the Linux kernel, the following vulnerability has been resolved: netfilter: x_tables: fix LED ID check in led_tg_check() Syzbot has reported the following BUG detected by KASAN: BUG: KASAN: slab-out-of-bounds in strlen+0x58/0x70 Read of size 1 at addr ffff8881022da0c8 by ta

  • CVE-2024-56619Dec 27, 2024
    affected < 3.0.101-108.174.1fixed 3.0.101-108.174.1

    In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential out-of-bounds memory access in nilfs_find_entry() Syzbot reported that when searching for records in a directory where the inode's i_size is corrupted and has a large value, memory access

  • CVE-2024-56605Dec 27, 2024
    affected < 3.0.101-108.174.1fixed 3.0.101-108.174.1

    In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: do not leave dangling sk pointer on error in l2cap_sock_create() bt_sock_alloc() allocates the sk object and attaches it to the provided sock object. On error l2cap_sock_alloc() frees the sk o

  • CVE-2024-56604Dec 27, 2024
    affected < 3.0.101-108.174.1fixed 3.0.101-108.174.1

    In the Linux kernel, the following vulnerability has been resolved: Bluetooth: RFCOMM: avoid leaving dangling sk pointer in rfcomm_sock_alloc() bt_sock_alloc() attaches allocated sk object to the provided sock object. If rfcomm_dlc_alloc() fails, we release the sk object, but l

Page 3 of 13