rpm package
suse/kernel-source&distro=SUSE Linux Enterprise Server 15 SP3-LTSS
pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP3-LTSS
Vulnerabilities (1,483)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-47505 | — | < 5.3.18-150300.59.164.1 | 5.3.18-150300.59.164.1 | May 24, 2024 | In the Linux kernel, the following vulnerability has been resolved: aio: fix use-after-free due to missing POLLFREE handling signalfd_poll() and binder_poll() are special in that they use a waitqueue whose lifetime is the current task, rather than the struct file as is normally | ||
| CVE-2021-47503 | — | < 5.3.18-150300.59.164.1 | 5.3.18-150300.59.164.1 | May 24, 2024 | In the Linux kernel, the following vulnerability has been resolved: scsi: pm80xx: Do not call scsi_remove_host() in pm8001_alloc() Calling scsi_remove_host() before scsi_add_host() results in a crash: BUG: kernel NULL pointer dereference, address: 0000000000000108 RIP: 0010: | ||
| CVE-2021-47502 | — | < 5.3.18-150300.59.164.1 | 5.3.18-150300.59.164.1 | May 24, 2024 | In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: wcd934x: handle channel mappping list correctly Currently each channel is added as list to dai channel list, however there is danger of adding same channel to multiple dai channel list which endup | ||
| CVE-2021-47501 | — | < 5.3.18-150300.59.164.1 | 5.3.18-150300.59.164.1 | May 24, 2024 | In the Linux kernel, the following vulnerability has been resolved: i40e: Fix NULL pointer dereference in i40e_dbg_dump_desc When trying to dump VFs VSI RX/TX descriptors using debugfs there was a crash due to NULL pointer dereference in i40e_dbg_dump_desc. Added a check to i40 | ||
| CVE-2021-47500 | — | < 5.3.18-150300.59.164.1 | 5.3.18-150300.59.164.1 | May 24, 2024 | In the Linux kernel, the following vulnerability has been resolved: iio: mma8452: Fix trigger reference couting The mma8452 driver directly assigns a trigger to the struct iio_dev. The IIO core when done using this trigger will call `iio_trigger_put()` to drop the reference cou | ||
| CVE-2021-47499 | — | < 5.3.18-150300.59.164.1 | 5.3.18-150300.59.164.1 | May 24, 2024 | In the Linux kernel, the following vulnerability has been resolved: iio: accel: kxcjk-1013: Fix possible memory leak in probe and remove When ACPI type is ACPI_SMO8500, the data->dready_trig will not be set, the memory allocated by iio_triggered_buffer_setup() will not be freed | ||
| CVE-2021-47498 | — | < 5.3.18-150300.59.164.1 | 5.3.18-150300.59.164.1 | May 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: dm rq: don't queue request to blk-mq during DM suspend DM uses blk-mq's quiesce/unquiesce to stop/start device mapper queue. But blk-mq's unquiesce may come from outside events, such as elevator switch, updati | ||
| CVE-2021-47497 | — | < 5.3.18-150300.59.164.1 | 5.3.18-150300.59.164.1 | May 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: nvmem: Fix shift-out-of-bound (UBSAN) with byte size cells If a cell has 'nbits' equal to a multiple of BITS_PER_BYTE the logic *p &= GENMASK((cell->nbits%BITS_PER_BYTE) - 1, 0); will become undefined behavi | ||
| CVE-2021-47496 | — | < 5.3.18-150300.59.164.1 | 5.3.18-150300.59.164.1 | May 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: net/tls: Fix flipped sign in tls_err_abort() calls sk->sk_err appears to expect a positive value, a convention that ktls doesn't always follow and that leads to memory corruption in other code. For instance, | ||
| CVE-2021-47495 | — | < 5.3.18-150300.59.164.1 | 5.3.18-150300.59.164.1 | May 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: usbnet: sanity check for maxpacket maxpacket of 0 makes no sense and oopses as we need to divide by it. Give up. V2: fixed typo in log and stylistic issues | ||
| CVE-2021-47494 | — | < 5.3.18-150300.59.164.1 | 5.3.18-150300.59.164.1 | May 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: cfg80211: fix management registrations locking The management registrations locking was broken, the list was locked for each wdev, but cfg80211_mgmt_registrations_update() iterated it without holding all the co | ||
| CVE-2021-47493 | — | < 5.3.18-150300.59.164.1 | 5.3.18-150300.59.164.1 | May 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix race between searching chunks and release journal_head from buffer_head Encountered a race between ocfs2_test_bg_bit_allocatable() and jbd2_journal_put_journal_head() resulting in the below vmcore. | ||
| CVE-2021-47485 | — | < 5.3.18-150300.59.164.1 | 5.3.18-150300.59.164.1 | May 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields Overflowing either addrlimit or bytes_togo can allow userspace to trigger a buffer overflow of kernel memory. Check for overflows in all t | ||
| CVE-2021-47483 | — | < 5.3.18-150300.59.164.1 | 5.3.18-150300.59.164.1 | May 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: regmap: Fix possible double-free in regcache_rbtree_exit() In regcache_rbtree_insert_to_block(), when 'present' realloc failed, the 'blk' which is supposed to assign to 'rbnode->block' will be freed, so 'rbnode | ||
| CVE-2021-47482 | — | < 5.3.18-150300.59.164.1 | 5.3.18-150300.59.164.1 | May 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: batman-adv: fix error handling Syzbot reported ODEBUG warning in batadv_nc_mesh_free(). The problem was in wrong error handling in batadv_mesh_init(). Before this patch batadv_mesh_init() was calling bata | ||
| CVE-2021-47480 | — | < 5.3.18-150300.59.164.1 | 5.3.18-150300.59.164.1 | May 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: scsi: core: Put LLD module refcnt after SCSI device is released SCSI host release is triggered when SCSI device is freed. We have to make sure that the low-level device driver module won't be unloaded before SC | ||
| CVE-2021-47478 | — | < 5.3.18-150300.59.164.1 | 5.3.18-150300.59.164.1 | May 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: isofs: Fix out of bound access for corrupted isofs image When isofs image is suitably corrupted isofs_read_inode() can read data beyond the end of buffer. Sanity-check the directory entry length before using it | ||
| CVE-2021-47473 | — | < 5.3.18-150300.59.164.1 | 5.3.18-150300.59.164.1 | May 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix a memory leak in an error path of qla2x00_process_els() Commit 8c0eb596baa5 ("[SCSI] qla2xxx: Fix a memory leak in an error path of qla2x00_process_els()"), intended to change: bsg_j | ||
| CVE-2021-47468 | — | < 5.3.18-150300.59.164.1 | 5.3.18-150300.59.164.1 | May 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: isdn: mISDN: Fix sleeping function called from invalid context The driver can call card->isac.release() function from an atomic context. Fix this by calling this function after releasing the lock. The followi | ||
| CVE-2021-47465 | — | < 5.3.18-150300.59.164.1 | 5.3.18-150300.59.164.1 | May 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: KVM: PPC: Book3S HV: Fix stack handling in idle_kvm_start_guest() In commit 10d91611f426 ("powerpc/64s: Reimplement book3s idle code in C") kvm_start_guest() became idle_kvm_start_guest(). The old code allocate |
- CVE-2021-47505May 24, 2024affected < 5.3.18-150300.59.164.1fixed 5.3.18-150300.59.164.1
In the Linux kernel, the following vulnerability has been resolved: aio: fix use-after-free due to missing POLLFREE handling signalfd_poll() and binder_poll() are special in that they use a waitqueue whose lifetime is the current task, rather than the struct file as is normally
- CVE-2021-47503May 24, 2024affected < 5.3.18-150300.59.164.1fixed 5.3.18-150300.59.164.1
In the Linux kernel, the following vulnerability has been resolved: scsi: pm80xx: Do not call scsi_remove_host() in pm8001_alloc() Calling scsi_remove_host() before scsi_add_host() results in a crash: BUG: kernel NULL pointer dereference, address: 0000000000000108 RIP: 0010:
- CVE-2021-47502May 24, 2024affected < 5.3.18-150300.59.164.1fixed 5.3.18-150300.59.164.1
In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: wcd934x: handle channel mappping list correctly Currently each channel is added as list to dai channel list, however there is danger of adding same channel to multiple dai channel list which endup
- CVE-2021-47501May 24, 2024affected < 5.3.18-150300.59.164.1fixed 5.3.18-150300.59.164.1
In the Linux kernel, the following vulnerability has been resolved: i40e: Fix NULL pointer dereference in i40e_dbg_dump_desc When trying to dump VFs VSI RX/TX descriptors using debugfs there was a crash due to NULL pointer dereference in i40e_dbg_dump_desc. Added a check to i40
- CVE-2021-47500May 24, 2024affected < 5.3.18-150300.59.164.1fixed 5.3.18-150300.59.164.1
In the Linux kernel, the following vulnerability has been resolved: iio: mma8452: Fix trigger reference couting The mma8452 driver directly assigns a trigger to the struct iio_dev. The IIO core when done using this trigger will call `iio_trigger_put()` to drop the reference cou
- CVE-2021-47499May 24, 2024affected < 5.3.18-150300.59.164.1fixed 5.3.18-150300.59.164.1
In the Linux kernel, the following vulnerability has been resolved: iio: accel: kxcjk-1013: Fix possible memory leak in probe and remove When ACPI type is ACPI_SMO8500, the data->dready_trig will not be set, the memory allocated by iio_triggered_buffer_setup() will not be freed
- CVE-2021-47498May 22, 2024affected < 5.3.18-150300.59.164.1fixed 5.3.18-150300.59.164.1
In the Linux kernel, the following vulnerability has been resolved: dm rq: don't queue request to blk-mq during DM suspend DM uses blk-mq's quiesce/unquiesce to stop/start device mapper queue. But blk-mq's unquiesce may come from outside events, such as elevator switch, updati
- CVE-2021-47497May 22, 2024affected < 5.3.18-150300.59.164.1fixed 5.3.18-150300.59.164.1
In the Linux kernel, the following vulnerability has been resolved: nvmem: Fix shift-out-of-bound (UBSAN) with byte size cells If a cell has 'nbits' equal to a multiple of BITS_PER_BYTE the logic *p &= GENMASK((cell->nbits%BITS_PER_BYTE) - 1, 0); will become undefined behavi
- CVE-2021-47496May 22, 2024affected < 5.3.18-150300.59.164.1fixed 5.3.18-150300.59.164.1
In the Linux kernel, the following vulnerability has been resolved: net/tls: Fix flipped sign in tls_err_abort() calls sk->sk_err appears to expect a positive value, a convention that ktls doesn't always follow and that leads to memory corruption in other code. For instance,
- CVE-2021-47495May 22, 2024affected < 5.3.18-150300.59.164.1fixed 5.3.18-150300.59.164.1
In the Linux kernel, the following vulnerability has been resolved: usbnet: sanity check for maxpacket maxpacket of 0 makes no sense and oopses as we need to divide by it. Give up. V2: fixed typo in log and stylistic issues
- CVE-2021-47494May 22, 2024affected < 5.3.18-150300.59.164.1fixed 5.3.18-150300.59.164.1
In the Linux kernel, the following vulnerability has been resolved: cfg80211: fix management registrations locking The management registrations locking was broken, the list was locked for each wdev, but cfg80211_mgmt_registrations_update() iterated it without holding all the co
- CVE-2021-47493May 22, 2024affected < 5.3.18-150300.59.164.1fixed 5.3.18-150300.59.164.1
In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix race between searching chunks and release journal_head from buffer_head Encountered a race between ocfs2_test_bg_bit_allocatable() and jbd2_journal_put_journal_head() resulting in the below vmcore.
- CVE-2021-47485May 22, 2024affected < 5.3.18-150300.59.164.1fixed 5.3.18-150300.59.164.1
In the Linux kernel, the following vulnerability has been resolved: IB/qib: Protect from buffer overflow in struct qib_user_sdma_pkt fields Overflowing either addrlimit or bytes_togo can allow userspace to trigger a buffer overflow of kernel memory. Check for overflows in all t
- CVE-2021-47483May 22, 2024affected < 5.3.18-150300.59.164.1fixed 5.3.18-150300.59.164.1
In the Linux kernel, the following vulnerability has been resolved: regmap: Fix possible double-free in regcache_rbtree_exit() In regcache_rbtree_insert_to_block(), when 'present' realloc failed, the 'blk' which is supposed to assign to 'rbnode->block' will be freed, so 'rbnode
- CVE-2021-47482May 22, 2024affected < 5.3.18-150300.59.164.1fixed 5.3.18-150300.59.164.1
In the Linux kernel, the following vulnerability has been resolved: net: batman-adv: fix error handling Syzbot reported ODEBUG warning in batadv_nc_mesh_free(). The problem was in wrong error handling in batadv_mesh_init(). Before this patch batadv_mesh_init() was calling bata
- CVE-2021-47480May 22, 2024affected < 5.3.18-150300.59.164.1fixed 5.3.18-150300.59.164.1
In the Linux kernel, the following vulnerability has been resolved: scsi: core: Put LLD module refcnt after SCSI device is released SCSI host release is triggered when SCSI device is freed. We have to make sure that the low-level device driver module won't be unloaded before SC
- CVE-2021-47478May 22, 2024affected < 5.3.18-150300.59.164.1fixed 5.3.18-150300.59.164.1
In the Linux kernel, the following vulnerability has been resolved: isofs: Fix out of bound access for corrupted isofs image When isofs image is suitably corrupted isofs_read_inode() can read data beyond the end of buffer. Sanity-check the directory entry length before using it
- CVE-2021-47473May 22, 2024affected < 5.3.18-150300.59.164.1fixed 5.3.18-150300.59.164.1
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix a memory leak in an error path of qla2x00_process_els() Commit 8c0eb596baa5 ("[SCSI] qla2xxx: Fix a memory leak in an error path of qla2x00_process_els()"), intended to change: bsg_j
- CVE-2021-47468May 22, 2024affected < 5.3.18-150300.59.164.1fixed 5.3.18-150300.59.164.1
In the Linux kernel, the following vulnerability has been resolved: isdn: mISDN: Fix sleeping function called from invalid context The driver can call card->isac.release() function from an atomic context. Fix this by calling this function after releasing the lock. The followi
- CVE-2021-47465May 22, 2024affected < 5.3.18-150300.59.164.1fixed 5.3.18-150300.59.164.1
In the Linux kernel, the following vulnerability has been resolved: KVM: PPC: Book3S HV: Fix stack handling in idle_kvm_start_guest() In commit 10d91611f426 ("powerpc/64s: Reimplement book3s idle code in C") kvm_start_guest() became idle_kvm_start_guest(). The old code allocate
Page 42 of 75