rpm package

suse/kernel-source&distro=SUSE Linux Enterprise Server LTSS Extended Security 12 SP5

pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5

Vulnerabilities (1,794)

CVE	CVSS	Affected versions	Fixed in	Published	Description
CVE-2022-49291	—	< 4.12.14-122.255.1	4.12.14-122.255.1	Feb 26, 2025	In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Fix races among concurrent hw_params and hw_free calls Currently we have neither proper check nor protection against the concurrent calls of PCM hw_params and hw_free ioctls, which may result in a UA
CVE-2022-49290	—	< 4.12.14-122.258.1	4.12.14-122.258.1	Feb 26, 2025	In the Linux kernel, the following vulnerability has been resolved: mac80211: fix potential double free on mesh join While commit 6a01afcf8468 ("mac80211: mesh: Free ie data when leaving mesh") fixed a memory leak on mesh leave / teardown it introduced a potential memory corrup
CVE-2022-49288	—	< 4.12.14-122.255.1	4.12.14-122.255.1	Feb 26, 2025	In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Fix races among concurrent prealloc proc writes We have no protection against concurrent PCM buffer preallocation changes via proc files, and it may potentially lead to UAF or some weird problem. Th
CVE-2022-49287	—	< 4.12.14-122.255.1	4.12.14-122.255.1	Feb 26, 2025	In the Linux kernel, the following vulnerability has been resolved: tpm: fix reference counting for struct tpm_chip The following sequence of operations results in a refcount warning: 1. Open device /dev/tpmrm. 2. Remove module tpm_tis_spi. 3. Write a TPM command to the file d
CVE-2022-49286	—	< 4.12.14-122.255.1	4.12.14-122.255.1	Feb 26, 2025	In the Linux kernel, the following vulnerability has been resolved: tpm: use try_get_ops() in tpm-space.c As part of the series conversion to remove nested TPM operations: https://lore.kernel.org/all/20190205224723.19671-1-jarkko.sakkinen@linux.intel.com/ exposure of the chip
CVE-2022-49281	—	< 4.12.14-122.255.1	4.12.14-122.255.1	Feb 26, 2025	In the Linux kernel, the following vulnerability has been resolved: cifs: fix handlecache and multiuser In multiuser each individual user has their own tcon structure for the share and thus their own handle for a cached directory. When we umount such a share we much make sure t
CVE-2022-49280	—	< 4.12.14-122.255.1	4.12.14-122.255.1	Feb 26, 2025	In the Linux kernel, the following vulnerability has been resolved: NFSD: prevent underflow in nfssvc_decode_writeargs() Smatch complains: fs/nfsd/nfsxdr.c:341 nfssvc_decode_writeargs() warn: no lower bound on 'args->len' Change the type to unsigned to prevent this issue.
CVE-2022-49275	—	< 4.12.14-122.255.1	4.12.14-122.255.1	Feb 26, 2025	In the Linux kernel, the following vulnerability has been resolved: can: m_can: m_can_tx_handler(): fix use after free of skb can_put_echo_skb() will clone skb then free the skb. Move the can_put_echo_skb() for the m_can version 3.0.x directly before the start of the xmit in ha
CVE-2022-49272	—	< 4.12.14-122.255.1	4.12.14-122.255.1	Feb 26, 2025	In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock syzbot caught a potential deadlock between the PCM runtime->buffer_mutex and the mm->mmap_lock. It was brought by the recent fix to cover the
CVE-2022-49271	—	< 4.12.14-122.255.1	4.12.14-122.255.1	Feb 26, 2025	In the Linux kernel, the following vulnerability has been resolved: cifs: prevent bad output lengths in smb2_ioctl_query_info() When calling smb2_ioctl_query_info() with smb_query_info::flags=PASSTHRU_FSCTL and smb_query_info::output_buffer_length=0, the following would return
CVE-2022-49264	—	< 4.12.14-122.255.1	4.12.14-122.255.1	Feb 26, 2025	In the Linux kernel, the following vulnerability has been resolved: exec: Force single empty string when argv is empty Quoting[1] Ariadne Conill: "In several other operating systems, it is a hard requirement that the second argument to execve(2) be the name of a program, thus
CVE-2022-49259	—	< 4.12.14-122.255.1	4.12.14-122.255.1	Feb 26, 2025	In the Linux kernel, the following vulnerability has been resolved: block: don't delete queue kobject before its children kobjects aren't supposed to be deleted before their child kobjects are deleted. Apparently this is usually benign; however, a WARN will be triggered if one
CVE-2022-49253	—	< 4.12.14-122.261.1	4.12.14-122.261.1	Feb 26, 2025	In the Linux kernel, the following vulnerability has been resolved: media: usb: go7007: s2250-board: fix leak in probe() Call i2c_unregister_device(audio) on this error path.
CVE-2022-49248	—	< 4.12.14-122.261.1	4.12.14-122.261.1	Feb 26, 2025	In the Linux kernel, the following vulnerability has been resolved: ALSA: firewire-lib: fix uninitialized flag for AV/C deferred transaction AV/C deferred transaction was supported at a commit 00a7bb81c20f ("ALSA: firewire-lib: Add support for deferred transaction") while 'defe
CVE-2022-49247	—	< 4.12.14-122.250.1	4.12.14-122.250.1	Feb 26, 2025	In the Linux kernel, the following vulnerability has been resolved: media: stk1160: If start stream fails, return buffers with VB2_BUF_STATE_QUEUED If the callback 'start_streaming' fails, then all queued buffers in the driver should be returned with state 'VB2_BUF_STATE_QUEUED
CVE-2022-49235	—	< 4.12.14-122.261.1	4.12.14-122.261.1	Feb 26, 2025	In the Linux kernel, the following vulnerability has been resolved: ath9k_htc: fix uninit value bugs Syzbot reported 2 KMSAN bugs in ath9k. All of them are caused by missing field initialization. In htc_connect_service() svc_meta_len and pad are not initialized. Based on code
CVE-2022-49232	—	< 4.12.14-122.258.1	4.12.14-122.258.1	Feb 26, 2025	In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix a NULL pointer dereference in amdgpu_dm_connector_add_common_modes() In amdgpu_dm_connector_add_common_modes(), amdgpu_dm_create_common_mode() is assigned to mode and is passed to drm_mode_
CVE-2022-49226	—	< 4.12.14-122.255.1	4.12.14-122.255.1	Feb 26, 2025	In the Linux kernel, the following vulnerability has been resolved: net: asix: add proper error handling of usb read errors Syzbot once again hit uninit value in asix driver. The problem still the same -- asix_read_cmd() reads less bytes, than was requested by caller. Since al
CVE-2022-49220	—	< 4.12.14-122.255.1	4.12.14-122.255.1	Feb 26, 2025	In the Linux kernel, the following vulnerability has been resolved: dax: make sure inodes are flushed before destroy cache A bug can be triggered by following command $ modprobe nd_pmem && modprobe -r nd_pmem [ 10.060014] BUG dax_cache (Not tainted): Objects remaining in da
CVE-2022-49217	—	< 4.12.14-122.255.1	4.12.14-122.255.1	Feb 26, 2025	In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fix abort all task initialization In pm80xx_send_abort_all(), the n_elem field of the ccb used is not initialized to 0. This missing initialization sometimes lead to the task completion path seein

CVE-2022-49291Feb 26, 2025
affected < 4.12.14-122.255.1fixed 4.12.14-122.255.1
In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Fix races among concurrent hw_params and hw_free calls Currently we have neither proper check nor protection against the concurrent calls of PCM hw_params and hw_free ioctls, which may result in a UA
CVE-2022-49290Feb 26, 2025
affected < 4.12.14-122.258.1fixed 4.12.14-122.258.1
In the Linux kernel, the following vulnerability has been resolved: mac80211: fix potential double free on mesh join While commit 6a01afcf8468 ("mac80211: mesh: Free ie data when leaving mesh") fixed a memory leak on mesh leave / teardown it introduced a potential memory corrup
CVE-2022-49288Feb 26, 2025
affected < 4.12.14-122.255.1fixed 4.12.14-122.255.1
In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Fix races among concurrent prealloc proc writes We have no protection against concurrent PCM buffer preallocation changes via proc files, and it may potentially lead to UAF or some weird problem. Th
CVE-2022-49287Feb 26, 2025
affected < 4.12.14-122.255.1fixed 4.12.14-122.255.1
In the Linux kernel, the following vulnerability has been resolved: tpm: fix reference counting for struct tpm_chip The following sequence of operations results in a refcount warning: 1. Open device /dev/tpmrm. 2. Remove module tpm_tis_spi. 3. Write a TPM command to the file d
CVE-2022-49286Feb 26, 2025
affected < 4.12.14-122.255.1fixed 4.12.14-122.255.1
In the Linux kernel, the following vulnerability has been resolved: tpm: use try_get_ops() in tpm-space.c As part of the series conversion to remove nested TPM operations: https://lore.kernel.org/all/20190205224723.19671-1-jarkko.sakkinen@linux.intel.com/ exposure of the chip
CVE-2022-49281Feb 26, 2025
affected < 4.12.14-122.255.1fixed 4.12.14-122.255.1
In the Linux kernel, the following vulnerability has been resolved: cifs: fix handlecache and multiuser In multiuser each individual user has their own tcon structure for the share and thus their own handle for a cached directory. When we umount such a share we much make sure t
CVE-2022-49280Feb 26, 2025
affected < 4.12.14-122.255.1fixed 4.12.14-122.255.1
In the Linux kernel, the following vulnerability has been resolved: NFSD: prevent underflow in nfssvc_decode_writeargs() Smatch complains: fs/nfsd/nfsxdr.c:341 nfssvc_decode_writeargs() warn: no lower bound on 'args->len' Change the type to unsigned to prevent this issue.
CVE-2022-49275Feb 26, 2025
affected < 4.12.14-122.255.1fixed 4.12.14-122.255.1
In the Linux kernel, the following vulnerability has been resolved: can: m_can: m_can_tx_handler(): fix use after free of skb can_put_echo_skb() will clone skb then free the skb. Move the can_put_echo_skb() for the m_can version 3.0.x directly before the start of the xmit in ha
CVE-2022-49272Feb 26, 2025
affected < 4.12.14-122.255.1fixed 4.12.14-122.255.1
In the Linux kernel, the following vulnerability has been resolved: ALSA: pcm: Fix potential AB/BA lock with buffer_mutex and mmap_lock syzbot caught a potential deadlock between the PCM runtime->buffer_mutex and the mm->mmap_lock. It was brought by the recent fix to cover the
CVE-2022-49271Feb 26, 2025
affected < 4.12.14-122.255.1fixed 4.12.14-122.255.1
In the Linux kernel, the following vulnerability has been resolved: cifs: prevent bad output lengths in smb2_ioctl_query_info() When calling smb2_ioctl_query_info() with smb_query_info::flags=PASSTHRU_FSCTL and smb_query_info::output_buffer_length=0, the following would return
CVE-2022-49264Feb 26, 2025
affected < 4.12.14-122.255.1fixed 4.12.14-122.255.1
In the Linux kernel, the following vulnerability has been resolved: exec: Force single empty string when argv is empty Quoting[1] Ariadne Conill: "In several other operating systems, it is a hard requirement that the second argument to execve(2) be the name of a program, thus
CVE-2022-49259Feb 26, 2025
affected < 4.12.14-122.255.1fixed 4.12.14-122.255.1
In the Linux kernel, the following vulnerability has been resolved: block: don't delete queue kobject before its children kobjects aren't supposed to be deleted before their child kobjects are deleted. Apparently this is usually benign; however, a WARN will be triggered if one
CVE-2022-49253Feb 26, 2025
affected < 4.12.14-122.261.1fixed 4.12.14-122.261.1
In the Linux kernel, the following vulnerability has been resolved: media: usb: go7007: s2250-board: fix leak in probe() Call i2c_unregister_device(audio) on this error path.
CVE-2022-49248Feb 26, 2025
affected < 4.12.14-122.261.1fixed 4.12.14-122.261.1
In the Linux kernel, the following vulnerability has been resolved: ALSA: firewire-lib: fix uninitialized flag for AV/C deferred transaction AV/C deferred transaction was supported at a commit 00a7bb81c20f ("ALSA: firewire-lib: Add support for deferred transaction") while 'defe
CVE-2022-49247Feb 26, 2025
affected < 4.12.14-122.250.1fixed 4.12.14-122.250.1
In the Linux kernel, the following vulnerability has been resolved: media: stk1160: If start stream fails, return buffers with VB2_BUF_STATE_QUEUED If the callback 'start_streaming' fails, then all queued buffers in the driver should be returned with state 'VB2_BUF_STATE_QUEUED
CVE-2022-49235Feb 26, 2025
affected < 4.12.14-122.261.1fixed 4.12.14-122.261.1
In the Linux kernel, the following vulnerability has been resolved: ath9k_htc: fix uninit value bugs Syzbot reported 2 KMSAN bugs in ath9k. All of them are caused by missing field initialization. In htc_connect_service() svc_meta_len and pad are not initialized. Based on code
CVE-2022-49232Feb 26, 2025
affected < 4.12.14-122.258.1fixed 4.12.14-122.258.1
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix a NULL pointer dereference in amdgpu_dm_connector_add_common_modes() In amdgpu_dm_connector_add_common_modes(), amdgpu_dm_create_common_mode() is assigned to mode and is passed to drm_mode_
CVE-2022-49226Feb 26, 2025
affected < 4.12.14-122.255.1fixed 4.12.14-122.255.1
In the Linux kernel, the following vulnerability has been resolved: net: asix: add proper error handling of usb read errors Syzbot once again hit uninit value in asix driver. The problem still the same -- asix_read_cmd() reads less bytes, than was requested by caller. Since al
CVE-2022-49220Feb 26, 2025
affected < 4.12.14-122.255.1fixed 4.12.14-122.255.1
In the Linux kernel, the following vulnerability has been resolved: dax: make sure inodes are flushed before destroy cache A bug can be triggered by following command $ modprobe nd_pmem && modprobe -r nd_pmem [ 10.060014] BUG dax_cache (Not tainted): Objects remaining in da
CVE-2022-49217Feb 26, 2025
affected < 4.12.14-122.255.1fixed 4.12.14-122.255.1
In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fix abort all task initialization In pm80xx_send_abort_all(), the n_elem field of the ccb used is not initialized to 0. This missing initialization sometimes lead to the task completion path seein

Page 63 of 90