rpm package

suse/kernel-source&distro=SUSE Linux Enterprise Server 12 SP5-LTSS

pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSS

Vulnerabilities (1,794)

CVE	CVSS	Affected versions	Fixed in	Published	Description
CVE-2022-49111	—	< 4.12.14-122.258.1	4.12.14-122.258.1	Feb 26, 2025	In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix use after free in hci_send_acl This fixes the following trace caused by receiving HCI_EV_DISCONN_PHY_LINK_COMPLETE which does call hci_conn_del without first checking if conn->type is in fact AMP
CVE-2022-49109	—	< 4.12.14-122.255.1	4.12.14-122.255.1	Feb 26, 2025	In the Linux kernel, the following vulnerability has been resolved: ceph: fix inode reference leakage in ceph_get_snapdir() The ceph_get_inode() will search for or insert a new inode into the hash for the given vino, and return a reference to it. If new is non-NULL, its referen
CVE-2022-49107	—	< 4.12.14-122.255.1	4.12.14-122.255.1	Feb 26, 2025	In the Linux kernel, the following vulnerability has been resolved: ceph: fix memory leak in ceph_readdir when note_last_dentry returns error Reset the last_readdir at the same time, and add a comment explaining why we don't free last_readdir when dir_emit returns false.
CVE-2022-49100	—	< 4.12.14-122.255.1	4.12.14-122.255.1	Feb 26, 2025	In the Linux kernel, the following vulnerability has been resolved: virtio_console: eliminate anonymous module_init & module_exit Eliminate anonymous module_init() and module_exit(), which can lead to confusion or ambiguity when reading System.map, crashes/oops/bugs, or an init
CVE-2022-49098	—	< 4.12.14-122.255.1	4.12.14-122.255.1	Feb 26, 2025	In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Fix potential crash on module unload The vmbus driver relies on the panic notifier infrastructure to perform some operations when a panic event is detected. Since vmbus can be built as modul
CVE-2022-49095	—	< 4.12.14-122.255.1	4.12.14-122.255.1	Feb 26, 2025	In the Linux kernel, the following vulnerability has been resolved: scsi: zorro7xx: Fix a resource leak in zorro7xx_remove_one() The error handling path of the probe releases a resource that is not freed in the remove function. In some cases, a ioremap() must be undone. Add th
CVE-2022-49089	—	< 4.12.14-122.250.1	4.12.14-122.250.1	Feb 26, 2025	In the Linux kernel, the following vulnerability has been resolved: IB/rdmavt: add lock to call to rvt_error_qp to prevent a race condition The documentation of the function rvt_error_qp says both r_lock and s_lock need to be held when calling that function. It also asserts us
CVE-2022-49086	—	< 4.12.14-122.258.1	4.12.14-122.258.1	Feb 26, 2025	In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix leak of nested actions While parsing user-provided actions, openvswitch module may dynamically allocate memory and store pointers in the internal copy of the actions. So this memory has to
CVE-2022-49085	—	< 4.12.14-122.255.1	4.12.14-122.255.1	Feb 26, 2025	In the Linux kernel, the following vulnerability has been resolved: drbd: Fix five use after free bugs in get_initial_state In get_initial_state, it calls notify_initial_state_done(skb,..) if cb->args[5]==1. If genlmsg_put() failed in notify_initial_state_done(), the skb will b
CVE-2022-49084	—	< 4.12.14-122.255.1	4.12.14-122.255.1	Feb 26, 2025	In the Linux kernel, the following vulnerability has been resolved: qede: confirm skb is allocated before using qede_build_skb() assumes build_skb() always works and goes straight to skb_reserve(). However, build_skb() can fail under memory pressure. This results in a kernel pa
CVE-2022-49080	—	< 4.12.14-122.250.1	4.12.14-122.250.1	Feb 26, 2025	In the Linux kernel, the following vulnerability has been resolved: mm/mempolicy: fix mpol_new leak in shared_policy_replace If mpol_new is allocated but not used in restart loop, mpol_new will be freed via mpol_put before returning to the caller. But refcnt is not initialized
CVE-2022-49076	—	< 4.12.14-122.250.1	4.12.14-122.250.1	Feb 26, 2025	In the Linux kernel, the following vulnerability has been resolved: RDMA/hfi1: Fix use-after-free bug for mm struct Under certain conditions, such as MPI_Abort, the hfi1 cleanup code may represent the last reference held on the task mm. hfi1_mmu_rb_unregister() then drops the l
CVE-2022-49075	—	< 4.12.14-122.255.1	4.12.14-122.255.1	Feb 26, 2025	In the Linux kernel, the following vulnerability has been resolved: btrfs: fix qgroup reserve overflow the qgroup limit We use extent_changeset->bytes_changed in qgroup_reserve_data() to record how many bytes we set for EXTENT_QGROUP_RESERVED state. Currently the bytes_changed
CVE-2022-49074	—	< 4.12.14-122.255.1	4.12.14-122.255.1	Feb 26, 2025	In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v3: Fix GICR_CTLR.RWP polling It turns out that our polling of RWP is totally wrong when checking for it in the redistributors, as we test the distributor bit index, whereas it is a different bit
CVE-2022-49066	—	< 4.12.14-122.255.1	4.12.14-122.255.1	Feb 26, 2025	In the Linux kernel, the following vulnerability has been resolved: veth: Ensure eth header is in skb's linear part After feeding a decapsulated packet to a veth device with act_mirred, skb_headlen() may be 0. But veth_xmit() calls __dev_forward_skb(), which expects at least ET
CVE-2022-49065	—	< 4.12.14-122.255.1	4.12.14-122.255.1	Feb 26, 2025	In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix the svc_deferred_event trace class Fix a NULL deref crash that occurs when an svc_rqst is deferred while the sunrpc tracing subsystem is enabled. svc_revisit() sets dr->xprt to NULL, so it can't be
CVE-2022-49060	—	< 4.12.14-122.258.1	4.12.14-122.258.1	Feb 26, 2025	In the Linux kernel, the following vulnerability has been resolved: net/smc: Fix NULL pointer dereference in smc_pnet_find_ib() dev_name() was called with dev.parent as argument but without to NULL-check it before. Solve this by checking the pointer before the call to dev_name(
CVE-2022-49059	—	< 4.12.14-122.255.1	4.12.14-122.255.1	Feb 26, 2025	In the Linux kernel, the following vulnerability has been resolved: nfc: nci: add flush_workqueue to prevent uaf Our detector found a concurrent use-after-free bug when detaching an NCI device. The main reason for this bug is the unexpected scheduling between the used delayed m
CVE-2022-49058	—	< 4.12.14-122.255.1	4.12.14-122.255.1	Feb 26, 2025	In the Linux kernel, the following vulnerability has been resolved: cifs: potential buffer overflow in handling symlinks Smatch printed a warning: arch/x86/crypto/poly1305_glue.c:198 poly1305_update_arch() error: __memcpy() 'dctx->buf' too small (16 vs u32max) It's caused be
CVE-2022-49055	—	< 4.12.14-122.258.1	4.12.14-122.258.1	Feb 26, 2025	In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Check for potential null return of kmalloc_array() As the kmalloc_array() may return null, the 'event_waiters[i].wait' would lead to null-pointer dereference. Therefore, it is better to check the re

CVE-2022-49111Feb 26, 2025
affected < 4.12.14-122.258.1fixed 4.12.14-122.258.1
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix use after free in hci_send_acl This fixes the following trace caused by receiving HCI_EV_DISCONN_PHY_LINK_COMPLETE which does call hci_conn_del without first checking if conn->type is in fact AMP
CVE-2022-49109Feb 26, 2025
affected < 4.12.14-122.255.1fixed 4.12.14-122.255.1
In the Linux kernel, the following vulnerability has been resolved: ceph: fix inode reference leakage in ceph_get_snapdir() The ceph_get_inode() will search for or insert a new inode into the hash for the given vino, and return a reference to it. If new is non-NULL, its referen
CVE-2022-49107Feb 26, 2025
affected < 4.12.14-122.255.1fixed 4.12.14-122.255.1
In the Linux kernel, the following vulnerability has been resolved: ceph: fix memory leak in ceph_readdir when note_last_dentry returns error Reset the last_readdir at the same time, and add a comment explaining why we don't free last_readdir when dir_emit returns false.
CVE-2022-49100Feb 26, 2025
affected < 4.12.14-122.255.1fixed 4.12.14-122.255.1
In the Linux kernel, the following vulnerability has been resolved: virtio_console: eliminate anonymous module_init & module_exit Eliminate anonymous module_init() and module_exit(), which can lead to confusion or ambiguity when reading System.map, crashes/oops/bugs, or an init
CVE-2022-49098Feb 26, 2025
affected < 4.12.14-122.255.1fixed 4.12.14-122.255.1
In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Fix potential crash on module unload The vmbus driver relies on the panic notifier infrastructure to perform some operations when a panic event is detected. Since vmbus can be built as modul
CVE-2022-49095Feb 26, 2025
affected < 4.12.14-122.255.1fixed 4.12.14-122.255.1
In the Linux kernel, the following vulnerability has been resolved: scsi: zorro7xx: Fix a resource leak in zorro7xx_remove_one() The error handling path of the probe releases a resource that is not freed in the remove function. In some cases, a ioremap() must be undone. Add th
CVE-2022-49089Feb 26, 2025
affected < 4.12.14-122.250.1fixed 4.12.14-122.250.1
In the Linux kernel, the following vulnerability has been resolved: IB/rdmavt: add lock to call to rvt_error_qp to prevent a race condition The documentation of the function rvt_error_qp says both r_lock and s_lock need to be held when calling that function. It also asserts us
CVE-2022-49086Feb 26, 2025
affected < 4.12.14-122.258.1fixed 4.12.14-122.258.1
In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix leak of nested actions While parsing user-provided actions, openvswitch module may dynamically allocate memory and store pointers in the internal copy of the actions. So this memory has to
CVE-2022-49085Feb 26, 2025
affected < 4.12.14-122.255.1fixed 4.12.14-122.255.1
In the Linux kernel, the following vulnerability has been resolved: drbd: Fix five use after free bugs in get_initial_state In get_initial_state, it calls notify_initial_state_done(skb,..) if cb->args[5]==1. If genlmsg_put() failed in notify_initial_state_done(), the skb will b
CVE-2022-49084Feb 26, 2025
affected < 4.12.14-122.255.1fixed 4.12.14-122.255.1
In the Linux kernel, the following vulnerability has been resolved: qede: confirm skb is allocated before using qede_build_skb() assumes build_skb() always works and goes straight to skb_reserve(). However, build_skb() can fail under memory pressure. This results in a kernel pa
CVE-2022-49080Feb 26, 2025
affected < 4.12.14-122.250.1fixed 4.12.14-122.250.1
In the Linux kernel, the following vulnerability has been resolved: mm/mempolicy: fix mpol_new leak in shared_policy_replace If mpol_new is allocated but not used in restart loop, mpol_new will be freed via mpol_put before returning to the caller. But refcnt is not initialized
CVE-2022-49076Feb 26, 2025
affected < 4.12.14-122.250.1fixed 4.12.14-122.250.1
In the Linux kernel, the following vulnerability has been resolved: RDMA/hfi1: Fix use-after-free bug for mm struct Under certain conditions, such as MPI_Abort, the hfi1 cleanup code may represent the last reference held on the task mm. hfi1_mmu_rb_unregister() then drops the l
CVE-2022-49075Feb 26, 2025
affected < 4.12.14-122.255.1fixed 4.12.14-122.255.1
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix qgroup reserve overflow the qgroup limit We use extent_changeset->bytes_changed in qgroup_reserve_data() to record how many bytes we set for EXTENT_QGROUP_RESERVED state. Currently the bytes_changed
CVE-2022-49074Feb 26, 2025
affected < 4.12.14-122.255.1fixed 4.12.14-122.255.1
In the Linux kernel, the following vulnerability has been resolved: irqchip/gic-v3: Fix GICR_CTLR.RWP polling It turns out that our polling of RWP is totally wrong when checking for it in the redistributors, as we test the *distributor* bit index, whereas it is a different bit
CVE-2022-49066Feb 26, 2025
affected < 4.12.14-122.255.1fixed 4.12.14-122.255.1
In the Linux kernel, the following vulnerability has been resolved: veth: Ensure eth header is in skb's linear part After feeding a decapsulated packet to a veth device with act_mirred, skb_headlen() may be 0. But veth_xmit() calls __dev_forward_skb(), which expects at least ET
CVE-2022-49065Feb 26, 2025
affected < 4.12.14-122.255.1fixed 4.12.14-122.255.1
In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix the svc_deferred_event trace class Fix a NULL deref crash that occurs when an svc_rqst is deferred while the sunrpc tracing subsystem is enabled. svc_revisit() sets dr->xprt to NULL, so it can't be
CVE-2022-49060Feb 26, 2025
affected < 4.12.14-122.258.1fixed 4.12.14-122.258.1
In the Linux kernel, the following vulnerability has been resolved: net/smc: Fix NULL pointer dereference in smc_pnet_find_ib() dev_name() was called with dev.parent as argument but without to NULL-check it before. Solve this by checking the pointer before the call to dev_name(
CVE-2022-49059Feb 26, 2025
affected < 4.12.14-122.255.1fixed 4.12.14-122.255.1
In the Linux kernel, the following vulnerability has been resolved: nfc: nci: add flush_workqueue to prevent uaf Our detector found a concurrent use-after-free bug when detaching an NCI device. The main reason for this bug is the unexpected scheduling between the used delayed m
CVE-2022-49058Feb 26, 2025
affected < 4.12.14-122.255.1fixed 4.12.14-122.255.1
In the Linux kernel, the following vulnerability has been resolved: cifs: potential buffer overflow in handling symlinks Smatch printed a warning: arch/x86/crypto/poly1305_glue.c:198 poly1305_update_arch() error: __memcpy() 'dctx->buf' too small (16 vs u32max) It's caused be
CVE-2022-49055Feb 26, 2025
affected < 4.12.14-122.258.1fixed 4.12.14-122.258.1
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Check for potential null return of kmalloc_array() As the kmalloc_array() may return null, the 'event_waiters[i].wait' would lead to null-pointer dereference. Therefore, it is better to check the re

Page 66 of 90