VYPR

rpm package

suse/kernel-source&distro=SUSE Linux Enterprise Server 15 SP3-LTSS

pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSS

Vulnerabilities (1,483)

  • CVE-2024-40937Jul 12, 2024
    affected < 5.3.18-150300.59.170.1fixed 5.3.18-150300.59.170.1

    In the Linux kernel, the following vulnerability has been resolved: gve: Clear napi->skb before dev_kfree_skb_any() gve_rx_free_skb incorrectly leaves napi->skb referencing an skb after it is freed with dev_kfree_skb_any(). This can result in a subsequent call to napi_get_frags

  • CVE-2024-40910Jul 12, 2024
    affected < 5.3.18-150300.59.174.1fixed 5.3.18-150300.59.174.1

    In the Linux kernel, the following vulnerability has been resolved: ax25: Fix refcount imbalance on inbound connections When releasing a socket in ax25_release(), we call netdev_put() to decrease the refcount on the associated ax.25 device. However, the execution path for accep

  • CVE-2024-39494Jul 12, 2024
    affected < 5.3.18-150300.59.170.1fixed 5.3.18-150300.59.170.1

    In the Linux kernel, the following vulnerability has been resolved: ima: Fix use-after-free on a dentry's dname.name ->d_name.name can change on rename and the earlier value can be freed; there are conditions sufficient to stabilize it (->d_lock on dentry, ->d_lock on its paren

  • CVE-2023-52340Jul 5, 2024
    affected < 5.3.18-150300.59.153.2fixed 5.3.18-150300.59.153.2

    The IPv6 implementation in the Linux kernel before 6.3 has a net/ipv6/route.c max_size threshold that can be consumed easily, e.g., leading to a denial of service (network is unreachable errors) when IPv6 packets are sent in a loop via a raw socket.

  • CVE-2021-4439Jun 20, 2024
    affected < 5.3.18-150300.59.167.1fixed 5.3.18-150300.59.167.1

    In the Linux kernel, the following vulnerability has been resolved: isdn: cpai: check ctr->cnr to avoid array index out of bound The cmtp_add_connection() would add a cmtp session to a controller and run a kernel thread to process cmtp. __module_get(THIS_MODULE); session->ta

  • CVE-2022-48771Jun 20, 2024
    affected < 5.3.18-150300.59.167.1fixed 5.3.18-150300.59.167.1

    In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix stale file descriptors on failed usercopy A failing usercopy of the fence_rep object will lead to a stale entry in the file descriptor table as put_unused_fd() won't release it. This enables use

  • CVE-2022-48768Jun 20, 2024
    affected < 5.3.18-150300.59.167.1fixed 5.3.18-150300.59.167.1

    In the Linux kernel, the following vulnerability has been resolved: tracing/histogram: Fix a potential memory leak for kstrdup() kfree() is missing on an error path to free the memory allocated by kstrdup(): p = param = kstrdup(data->params[i], GFP_KERNEL); So it is better

  • CVE-2022-48767Jun 20, 2024
    affected < 5.3.18-150300.59.167.1fixed 5.3.18-150300.59.167.1

    In the Linux kernel, the following vulnerability has been resolved: ceph: properly put ceph_string reference after async create attempt The reference acquired by try_prep_async_create is currently leaked. Ensure we put it.

  • CVE-2022-48760Jun 20, 2024
    affected < 5.3.18-150300.59.167.1fixed 5.3.18-150300.59.167.1

    In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix hang in usb_kill_urb by adding memory barriers The syzbot fuzzer has identified a bug in which processes hang waiting for usb_kill_urb() to return. It turns out the issue is not unlinking the UR

  • CVE-2022-48759Jun 20, 2024
    affected < 5.3.18-150300.59.167.1fixed 5.3.18-150300.59.167.1

    In the Linux kernel, the following vulnerability has been resolved: rpmsg: char: Fix race between the release of rpmsg_ctrldev and cdev struct rpmsg_ctrldev contains a struct cdev. The current code frees the rpmsg_ctrldev struct in rpmsg_ctrldev_release_device(), but the cdev i

  • CVE-2022-48758Jun 20, 2024
    affected < 5.3.18-150300.59.167.1fixed 5.3.18-150300.59.167.1

    In the Linux kernel, the following vulnerability has been resolved: scsi: bnx2fc: Flush destroy_work queue before calling bnx2fc_interface_put() The bnx2fc_destroy() functions are removing the interface before calling destroy_work. This results multiple WARNings from sysfs_remo

  • CVE-2022-48756Jun 20, 2024
    affected < 5.3.18-150300.59.167.1fixed 5.3.18-150300.59.167.1

    In the Linux kernel, the following vulnerability has been resolved: drm/msm/dsi: invalid parameter check in msm_dsi_phy_enable The function performs a check on the "phy" input parameter, however, it is used before the check. Initialize the "dev" variable after the sanity check

  • CVE-2022-48754Jun 20, 2024
    affected < 5.3.18-150300.59.167.1fixed 5.3.18-150300.59.167.1

    In the Linux kernel, the following vulnerability has been resolved: phylib: fix potential use-after-free Commit bafbdd527d56 ("phylib: Add device reset GPIO support") added call to phy_device_reset(phydev) after the put_device() call in phy_detach(). The comment before the put

  • CVE-2022-48752Jun 20, 2024
    affected < 5.3.18-150300.59.167.1fixed 5.3.18-150300.59.167.1

    In the Linux kernel, the following vulnerability has been resolved: powerpc/perf: Fix power_pmu_disable to call clear_pmi_irq_pending only if PMI is pending Running selftest with CONFIG_PPC_IRQ_SOFT_MASK_DEBUG enabled in kernel triggered below warning: [ 172.851380] ---------

  • CVE-2022-48749Jun 20, 2024
    affected < 5.3.18-150300.59.167.1fixed 5.3.18-150300.59.167.1

    In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: invalid parameter check in dpu_setup_dspp_pcc The function performs a check on the "ctx" input parameter, however, it is used before the check. Initialize the "base" variable after the sanity chec

  • CVE-2022-48748Jun 20, 2024
    affected < 5.3.18-150300.59.167.1fixed 5.3.18-150300.59.167.1

    In the Linux kernel, the following vulnerability has been resolved: net: bridge: vlan: fix memory leak in __allowed_ingress When using per-vlan state, if vlan snooping and stats are disabled, untagged or priority-tagged ingress frame will go to check pvid state. If the port sta

  • CVE-2022-48747Jun 20, 2024
    affected < 5.3.18-150300.59.167.1fixed 5.3.18-150300.59.167.1

    In the Linux kernel, the following vulnerability has been resolved: block: Fix wrong offset in bio_truncate() bio_truncate() clears the buffer outside of last block of bdev, however current bio_truncate() is using the wrong offset of page. So it can return the uninitialized dat

  • CVE-2022-48746Jun 20, 2024
    affected < 5.3.18-150300.59.167.1fixed 5.3.18-150300.59.167.1

    In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix handling of wrong devices during bond netevent Current implementation of bond netevent handler only check if the handled netdev is VF representor and it missing a check if the VF representor is o

  • CVE-2022-48738Jun 20, 2024
    affected < 5.3.18-150300.59.167.1fixed 5.3.18-150300.59.167.1

    In the Linux kernel, the following vulnerability has been resolved: ASoC: ops: Reject out of bounds values in snd_soc_put_volsw() We don't currently validate that the values being set are within the range we advertised to userspace as being valid, do so and reject any values th

  • CVE-2022-48732Jun 20, 2024
    affected < 5.3.18-150300.59.167.1fixed 5.3.18-150300.59.167.1

    In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fix off by one in BIOS boundary checking Bounds checking when parsing init scripts embedded in the BIOS reject access to the last byte. This causes driver initialization to fail on Apple eMac's wit

Page 38 of 75