VYPR

rpm package

suse/kernel-source&distro=SUSE Linux Enterprise Server 12 SP5-LTSS

pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSS

Vulnerabilities (1,794)

  • CVE-2024-44931Aug 26, 2024
    affected < 4.12.14-122.234.1fixed 4.12.14-122.234.1

    In the Linux kernel, the following vulnerability has been resolved: gpio: prevent potential speculation leaks in gpio_device_get_desc() Userspace may trigger a speculative read of an address outside the gpio descriptor array. Users can do that by calling gpio_ioctl() with an of

  • CVE-2023-52898Aug 21, 2024
    affected < 4.12.14-122.234.1fixed 4.12.14-122.234.1

    In the Linux kernel, the following vulnerability has been resolved: xhci: Fix null pointer dereference when host dies Make sure xhci_free_dev() and xhci_kill_endpoint_urbs() do not race and cause null pointer dereference when host suddenly dies. Usb core may call xhci_free_dev

  • CVE-2022-48875Aug 21, 2024
    affected < 4.12.14-122.261.1fixed 4.12.14-122.261.1

    In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: sdata can be NULL during AMPDU start ieee80211_tx_ba_session_handle_start() may get NULL for sdata when a deauthentication is ongoing. Here a trace triggering the race with the hostapd test mul

  • CVE-2024-42253Aug 8, 2024
    affected < 4.12.14-122.234.1fixed 4.12.14-122.234.1

    In the Linux kernel, the following vulnerability has been resolved: gpio: pca953x: fix pca953x_irq_bus_sync_unlock race Ensure that `i2c_lock' is held when setting interrupt latch and mask in pca953x_irq_bus_sync_unlock() in order to avoid races. The other (non-probe) call sit

  • CVE-2024-42114MedJul 30, 2024
    affected < 4.12.14-122.234.1fixed 4.12.14-122.234.1

    In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values syzbot is able to trigger softlockups, setting NL80211_ATTR_TXQ_QUANTUM to 2^31. We had a similar issue in sch_fq, fixed with commit d9e15a273306 ("pkt_

  • CVE-2024-42229Jul 30, 2024
    affected < 4.12.14-122.237.1fixed 4.12.14-122.237.1

    In the Linux kernel, the following vulnerability has been resolved: crypto: aead,cipher - zeroize key buffer after use I.G 9.7.B for FIPS 140-3 specifies that variables temporarily holding cryptographic information should be zeroized once they are no longer needed. Accomplish t

  • CVE-2024-42145Jul 30, 2024
    affected < 4.12.14-122.234.1fixed 4.12.14-122.234.1

    In the Linux kernel, the following vulnerability has been resolved: IB/core: Implement a limit on UMAD receive List The existing behavior of ib_umad, which maintains received MAD packets in an unbounded list, poses a risk of uncontrolled growth. As user-space applications extra

  • CVE-2024-42131Jul 30, 2024
    affected < 4.12.14-122.237.1fixed 4.12.14-122.237.1

    In the Linux kernel, the following vulnerability has been resolved: mm: avoid overflows in dirty throttling logic The dirty throttling logic is interspersed with assumptions that dirty limits in PAGE_SIZE units fit into 32-bit (so that various multiplications fit into 64-bits).

  • CVE-2024-42098Jul 29, 2024
    affected < 4.12.14-122.237.1fixed 4.12.14-122.237.1

    In the Linux kernel, the following vulnerability has been resolved: crypto: ecdh - explicitly zeroize private_key private_key is overwritten with the key parameter passed in by the caller (if present), or alternatively a newly generated private key. However, it is possible that

  • CVE-2024-41082Jul 29, 2024
    affected < 4.12.14-122.234.1fixed 4.12.14-122.234.1

    In the Linux kernel, the following vulnerability has been resolved: nvme-fabrics: use reserved tag for reg read/write command In some scenarios, if too many commands are issued by nvme command in the same time by user tasks, this may exhaust all tags of admin_q. If a reset (nvm

  • CVE-2024-41016MedJul 29, 2024
    affected < 4.12.14-122.234.1fixed 4.12.14-122.234.1

    In the Linux kernel, the following vulnerability has been resolved: ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry() xattr in ocfs2 maybe 'non-indexed', which saved with additional space requested. It's better to check if the memory is out of bound before me

  • CVE-2024-41013Jul 29, 2024
    affected < 4.12.14-122.244.1fixed 4.12.14-122.244.1

    In the Linux kernel, the following vulnerability has been resolved: xfs: don't walk off the end of a directory data block This adds sanity checks for xfs_dir2_data_unused and xfs_dir2_data_entry to make sure don't stray beyond valid memory region. Before patching, the loop simp

  • CVE-2022-48853Jul 16, 2024
    affected < 4.12.14-122.237.1fixed 4.12.14-122.237.1

    In the Linux kernel, the following vulnerability has been resolved: swiotlb: fix info leak with DMA_FROM_DEVICE The problem I'm addressing was discovered by the LTP test covering cve-2018-1000204. A short description of what happens follows: 1) The test case issues a command c

  • CVE-2022-48838Jul 16, 2024
    affected < 4.12.14-122.293.1fixed 4.12.14-122.293.1

    In the Linux kernel, the following vulnerability has been resolved: usb: gadget: Fix use-after-free bug by not setting udc->dev.driver The syzbot fuzzer found a use-after-free bug: BUG: KASAN: use-after-free in dev_uevent+0x712/0x780 drivers/base/core.c:2320 Read of size 8 at

  • CVE-2022-48809Jul 16, 2024
    affected < 4.12.14-122.234.1fixed 4.12.14-122.234.1

    In the Linux kernel, the following vulnerability has been resolved: net: fix a memleak when uncloning an skb dst and its metadata When uncloning an skb dst and its associated metadata, a new dst+metadata is allocated and later replaces the old one in the skb. This is helpful to

  • CVE-2022-48790Jul 16, 2024
    affected < 4.12.14-122.234.1fixed 4.12.14-122.234.1

    In the Linux kernel, the following vulnerability has been resolved: nvme: fix a possible use-after-free in controller reset during load Unlike .queue_rq, in .submit_async_event drivers may not check the ctrl readiness for AER submission. This may lead to a use-after-free condit

  • CVE-2022-48789Jul 16, 2024
    affected < 4.12.14-122.234.1fixed 4.12.14-122.234.1

    In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: fix possible use-after-free in transport error_recovery work While nvme_tcp_submit_async_event_work is checking the ctrl and queue state before preparing the AER command and scheduling io_work, in ord

  • CVE-2022-48788Jul 16, 2024
    affected < 4.12.14-122.234.1fixed 4.12.14-122.234.1

    In the Linux kernel, the following vulnerability has been resolved: nvme-rdma: fix possible use-after-free in transport error_recovery work While nvme_rdma_submit_async_event_work is checking the ctrl and queue state before preparing the AER command and scheduling io_work, in o

  • CVE-2024-41007Jul 15, 2024
    affected < 4.12.14-122.293.1fixed 4.12.14-122.293.1

    In the Linux kernel, the following vulnerability has been resolved: tcp: avoid too many retransmit packets If a TCP socket is using TCP_USER_TIMEOUT, and the other peer retracted its window to zero, tcp_retransmit_timer() can retransmit a packet every two jiffies (2 ms for HZ=1

  • CVE-2024-41005MedJul 12, 2024
    affected < 4.12.14-122.255.1fixed 4.12.14-122.255.1

    In the Linux kernel, the following vulnerability has been resolved: netpoll: Fix race condition in netpoll_owner_active KCSAN detected a race condition in netpoll: BUG: KCSAN: data-race in net_rx_action / netpoll_send_skb write (marked) to 0xffff8881164168b0 of 4 bytes by in

Page 84 of 90