VYPR

rpm package

suse/kernel-source&distro=SUSE Linux Enterprise Server 15 SP3-LTSS

pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSS

Vulnerabilities (1,483)

  • CVE-2024-50208Nov 8, 2024
    affected < 5.3.18-150300.59.185.1fixed 5.3.18-150300.59.185.1

    In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages Avoid memory corruption while setting up Level-2 PBL pages for the non MR resources when num_pages > 256K. There will be a single PDE page address (co

  • CVE-2024-50199Nov 8, 2024
    affected < 5.3.18-150300.59.195.1fixed 5.3.18-150300.59.195.1

    In the Linux kernel, the following vulnerability has been resolved: mm/swapfile: skip HugeTLB pages for unuse_vma I got a bad pud error and lost a 1GB HugeTLB when calling swapoff. The problem can be reproduced by the following steps: 1. Allocate an anonymous 1GB HugeTLB and

  • CVE-2024-50154Nov 7, 2024
    affected < 5.3.18-150300.59.185.1fixed 5.3.18-150300.59.185.1

    In the Linux kernel, the following vulnerability has been resolved: tcp/dccp: Don't use timer_pending() in reqsk_queue_unlink(). Martin KaFai Lau reported use-after-free [0] in reqsk_timer_handler(). """ We are seeing a use-after-free from a bpf prog attached to trace_tc

  • CVE-2024-50127HigNov 5, 2024
    affected < 5.3.18-150300.59.185.1fixed 5.3.18-150300.59.185.1

    In the Linux kernel, the following vulnerability has been resolved: net: sched: fix use-after-free in taprio_change() In 'taprio_change()', 'admin' pointer may become dangling due to sched switch / removal caused by 'advance_sched()', and critical section protected by 'q->curre

  • CVE-2024-50125Nov 5, 2024
    affected < 5.3.18-150300.59.185.1fixed 5.3.18-150300.59.185.1

    In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SCO: Fix UAF on sco_sock_timeout conn->sk maybe have been unlinked/freed while waiting for sco_conn_lock so this checks if the conn->sk is still valid by checking if it part of sco_sk_list.

  • CVE-2024-50115Nov 5, 2024
    affected < 5.3.18-150300.59.185.1fixed 5.3.18-150300.59.185.1

    In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory Ignore nCR3[4:0] when loading PDPTEs from memory for nested SVM, as bits 4:0 of CR3 are ignored when PAE paging is used, and thus VMRUN doesn't enforc

  • CVE-2023-52919Oct 22, 2024
    affected < 5.3.18-150300.59.182.1fixed 5.3.18-150300.59.182.1

    In the Linux kernel, the following vulnerability has been resolved: nfc: nci: fix possible NULL pointer dereference in send_acknowledge() Handle memory allocation failure from nci_skb_alloc() (calling alloc_skb()) to avoid possible NULL pointer dereference.

  • CVE-2022-49032Oct 21, 2024
    affected < 5.3.18-150300.59.185.1fixed 5.3.18-150300.59.185.1

    In the Linux kernel, the following vulnerability has been resolved: iio: health: afe4404: Fix oob read in afe4404_[read|write]_raw KASAN report out-of-bounds read as follows: BUG: KASAN: global-out-of-bounds in afe4404_read_raw+0x2ce/0x380 Read of size 4 at addr ffffffffc00e46

  • CVE-2022-49031Oct 21, 2024
    affected < 5.3.18-150300.59.185.1fixed 5.3.18-150300.59.185.1

    In the Linux kernel, the following vulnerability has been resolved: iio: health: afe4403: Fix oob read in afe4403_read_raw KASAN report out-of-bounds read as follows: BUG: KASAN: global-out-of-bounds in afe4403_read_raw+0x42e/0x4c0 Read of size 4 at addr ffffffffc02ac638 by ta

  • CVE-2022-49029Oct 21, 2024
    affected < 5.3.18-150300.59.185.1fixed 5.3.18-150300.59.185.1

    In the Linux kernel, the following vulnerability has been resolved: hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails Smatch report warning as follows: drivers/hwmon/ibmpex.c:509 ibmpex_register_bmc() warn: '&data->list' not removed from list If ibmpex_find_

  • CVE-2022-49025Oct 21, 2024
    affected < 5.3.18-150300.59.182.1fixed 5.3.18-150300.59.182.1

    In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix use-after-free when reverting termination table When having multiple dests with termination tables and second one or afterwards fails the driver reverts usage of term tables but doesn't reset the

  • CVE-2022-49023Oct 21, 2024
    affected < 5.3.18-150300.59.182.1fixed 5.3.18-150300.59.182.1

    In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: fix buffer overflow in elem comparison For vendor elements, the code here assumes that 5 octets are present without checking. Since the element itself is already checked to fit, we only need to

  • CVE-2022-49022Oct 21, 2024
    affected < 5.3.18-150300.59.185.1fixed 5.3.18-150300.59.185.1

    In the Linux kernel, the following vulnerability has been resolved: wifi: mac8021: fix possible oob access in ieee80211_get_rate_duration Fix possible out-of-bound access in ieee80211_get_rate_duration routine as reported by the following UBSAN report: UBSAN: array-index-out-o

  • CVE-2022-49021Oct 21, 2024
    affected < 5.3.18-150300.59.185.1fixed 5.3.18-150300.59.185.1

    In the Linux kernel, the following vulnerability has been resolved: net: phy: fix null-ptr-deref while probe() failed I got a null-ptr-deref report as following when doing fault injection test: BUG: kernel NULL pointer dereference, address: 0000000000000058 Oops: 0000 [#1] PRE

  • CVE-2022-49019Oct 21, 2024
    affected < 5.3.18-150300.59.185.1fixed 5.3.18-150300.59.185.1

    In the Linux kernel, the following vulnerability has been resolved: net: ethernet: nixge: fix NULL dereference In function nixge_hw_dma_bd_release() dereference of NULL pointer priv->rx_bd_v is possible for the case of its allocation failure in nixge_hw_dma_bd_init(). Move for

  • CVE-2022-49015Oct 21, 2024
    affected < 5.3.18-150300.59.182.1fixed 5.3.18-150300.59.182.1

    In the Linux kernel, the following vulnerability has been resolved: net: hsr: Fix potential use-after-free The skb is delivered to netif_rx() which may free it, after calling this, dereferencing skb may trigger use-after-free.

  • CVE-2022-49014Oct 21, 2024
    affected < 5.3.18-150300.59.182.1fixed 5.3.18-150300.59.182.1

    In the Linux kernel, the following vulnerability has been resolved: net: tun: Fix use-after-free in tun_detach() syzbot reported use-after-free in tun_detach() [1]. This causes call trace like below: ================================================================== BUG: KASA

  • CVE-2022-49011Oct 21, 2024
    affected < 5.3.18-150300.59.185.1fixed 5.3.18-150300.59.185.1

    In the Linux kernel, the following vulnerability has been resolved: hwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new() As comment of pci_get_domain_bus_and_slot() says, it returns a pci device with refcount increment, when finish using it, the caller must decremen

  • CVE-2022-49010Oct 21, 2024
    affected < 5.3.18-150300.59.185.1fixed 5.3.18-150300.59.185.1

    In the Linux kernel, the following vulnerability has been resolved: hwmon: (coretemp) Check for null before removing sysfs attrs If coretemp_add_core() gets an error then pdata->core_data[indx] is already NULL and has been kfreed. Don't pass that to sysfs_remove_group() as that

  • CVE-2022-49006Oct 21, 2024
    affected < 5.3.18-150300.59.185.1fixed 5.3.18-150300.59.185.1

    In the Linux kernel, the following vulnerability has been resolved: tracing: Free buffers when a used dynamic event is removed After 65536 dynamic events have been added and removed, the "type" field of the event then uses the first type number that is available (not currently

Page 32 of 75