suse/kernel-source&distro=SUSE Linux Enterprise Server 15 SP4-LTSS

Vulnerabilities (2,830)

• CVE-2023-52789May 21, 2024
  affected < 5.14.21-150400.24.122.1fixed 5.14.21-150400.24.122.1

  In the Linux kernel, the following vulnerability has been resolved: tty: vcc: Add check for kstrdup() in vcc_probe() Add check for the return value of kstrdup() and return the error, if it fails in order to avoid NULL pointer dereference.

• CVE-2023-52788May 21, 2024
  affected < 5.14.21-150400.24.122.1fixed 5.14.21-150400.24.122.1

  In the Linux kernel, the following vulnerability has been resolved: i915/perf: Fix NULL deref bugs with drm_dbg() calls When i915 perf interface is not available dereferencing it will lead to NULL dereferences. As returning -ENOTSUPP is pretty clear return when perf interface

• CVE-2023-52781May 21, 2024
  affected < 5.14.21-150400.24.122.1fixed 5.14.21-150400.24.122.1

  In the Linux kernel, the following vulnerability has been resolved: usb: config: fix iteration issue in 'usb_get_bos_descriptor()' The BOS descriptor defines a root descriptor and is the base descriptor for accessing a family of related descriptors. Function 'usb_get_bos_descr

• CVE-2023-52774May 21, 2024
  affected < 5.14.21-150400.24.122.1fixed 5.14.21-150400.24.122.1

  In the Linux kernel, the following vulnerability has been resolved: s390/dasd: protect device queue against concurrent access In dasd_profile_start() the amount of requests on the device queue are counted. The access to the device queue is unprotected against concurrent access.

• CVE-2023-52766May 21, 2024
  affected < 5.14.21-150400.24.122.1fixed 5.14.21-150400.24.122.1

  In the Linux kernel, the following vulnerability has been resolved: i3c: mipi-i3c-hci: Fix out of bounds access in hci_dma_irq_handler Do not loop over ring headers in hci_dma_irq_handler() that are not allocated and enabled in hci_dma_init(). Otherwise out of bounds access wil

• CVE-2023-52764May 21, 2024
  affected < 5.14.21-150400.24.122.1fixed 5.14.21-150400.24.122.1

  In the Linux kernel, the following vulnerability has been resolved: media: gspca: cpia1: shift-out-of-bounds in set_flicker Syzkaller reported the following issue: UBSAN: shift-out-of-bounds in drivers/media/usb/gspca/cpia1.c:1031:27 shift exponent 245 is too large for 32-bit t

• CVE-2023-52763May 21, 2024
  affected < 5.14.21-150400.24.122.1fixed 5.14.21-150400.24.122.1

  In the Linux kernel, the following vulnerability has been resolved: i3c: master: mipi-i3c-hci: Fix a kernel panic for accessing DAT_data. The `i3c_master_bus_init` function may attach the I2C devices before the I3C bus initialization. In this flow, the DAT `alloc_entry`` will b

• CVE-2023-52762May 21, 2024
  affected < 5.14.21-150400.24.128.1fixed 5.14.21-150400.24.128.1

  In the Linux kernel, the following vulnerability has been resolved: virtio-blk: fix implicit overflow on virtio_max_dma_size The following codes have an implicit conversion from size_t to u32: (u32)max_size = (size_t)virtio_max_dma_size(vdev); This may lead overflow, Ex (size_

• CVE-2023-52754May 21, 2024
  affected < 5.14.21-150400.24.122.1fixed 5.14.21-150400.24.122.1

  In the Linux kernel, the following vulnerability has been resolved: media: imon: fix access to invalid resource for the second interface imon driver probes two USB interfaces, and at the probe of the second interface, the driver assumes blindly that the first interface got boun

• CVE-2023-52753May 21, 2024
  affected < 5.14.21-150400.24.122.1fixed 5.14.21-150400.24.122.1

  In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Avoid NULL dereference of timing generator [Why & How] Check whether assigned timing generator is NULL or not before accessing its funcs to prevent NULL dereference.

• CVE-2023-52752May 21, 2024
  affected < 5.14.21-150400.24.125.1fixed 5.14.21-150400.24.125.1

  In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() Skip SMB sessions that are being teared down (e.g. @ses->ses_status == SES_EXITING) in cifs_debug_data_proc_show() to avoid use-after-free in @

• CVE-2022-48710May 21, 2024
  affected < 5.14.21-150400.24.122.1fixed 5.14.21-150400.24.122.1

  In the Linux kernel, the following vulnerability has been resolved: drm/radeon: fix a possible null pointer dereference In radeon_fp_native_mode(), the return value of drm_mode_duplicate() is assigned to mode, which will lead to a NULL pointer dereference on failure of drm_mode

• CVE-2023-52747May 21, 2024
  affected < 5.14.21-150400.24.122.1fixed 5.14.21-150400.24.122.1

  In the Linux kernel, the following vulnerability has been resolved: IB/hfi1: Restore allocated resources on failed copyout Fix a resource leak if an error occurs.

• CVE-2023-52745May 21, 2024
  affected < 5.14.21-150400.24.122.1fixed 5.14.21-150400.24.122.1

  In the Linux kernel, the following vulnerability has been resolved: IB/IPoIB: Fix legacy IPoIB due to wrong number of queues The cited commit creates child PKEY interfaces over netlink will multiple tx and rx queues, but some devices doesn't support more than 1 tx and 1 rx queu

• CVE-2023-52744May 21, 2024
  affected < 5.14.21-150400.24.122.1fixed 5.14.21-150400.24.122.1

  In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Fix potential NULL-ptr-dereference in_dev_get() can return NULL which will cause a failure once idev is dereferenced in in_dev_for_each_ifa_rtnl(). This patch adds a check for NULL value in idev bef

• CVE-2023-52743May 21, 2024
  affected < 5.14.21-150400.24.122.1fixed 5.14.21-150400.24.122.1

  In the Linux kernel, the following vulnerability has been resolved: ice: Do not use WQ_MEM_RECLAIM flag for workqueue When both ice and the irdma driver are loaded, a warning in check_flush_dependency is being triggered. This is due to ice driver workqueue being allocated with

• CVE-2023-52742May 21, 2024
  affected < 5.14.21-150400.24.122.1fixed 5.14.21-150400.24.122.1

  In the Linux kernel, the following vulnerability has been resolved: net: USB: Fix wrong-direction WARNING in plusb.c The syzbot fuzzer detected a bug in the plusb network driver: A zero-length control-OUT transfer was treated as a read instead of a write. In modern kernels thi

• CVE-2023-52741May 21, 2024
  affected < 5.14.21-150400.24.122.1fixed 5.14.21-150400.24.122.1

  In the Linux kernel, the following vulnerability has been resolved: cifs: Fix use-after-free in rdata->read_into_pages() When the network status is unstable, use-after-free may occur when read data from the server. BUG: KASAN: use-after-free in readpages_fill_pages+0x14c/0x7

• CVE-2023-52740May 21, 2024
  affected < 5.14.21-150400.24.122.1fixed 5.14.21-150400.24.122.1

  In the Linux kernel, the following vulnerability has been resolved: powerpc/64s/interrupt: Fix interrupt exit race with security mitigation switch The RFI and STF security mitigation options can flip the interrupt_exit_not_reentrant static branch condition concurrently with the

• CVE-2023-52739May 21, 2024
  affected < 5.14.21-150400.24.122.1fixed 5.14.21-150400.24.122.1

  In the Linux kernel, the following vulnerability has been resolved: Fix page corruption caused by racy check in __free_pages When we upgraded our kernel, we started seeing some page corruption like the following consistently: BUG: Bad page state in process ganesha.nfsd pfn: