rpm package
suse/kernel-source&distro=SUSE Linux Enterprise Server LTSS Extended Security 12 SP5
pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5
Vulnerabilities (1,794)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-49159 | — | < 4.12.14-122.255.1 | 4.12.14-122.255.1 | Feb 26, 2025 | In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Implement ref count for SRB The timeout handler and the done function are racing. When qla2x00_async_iocb_timeout() starts to run it can be preempted by the normal response path (via the firmware | ||
| CVE-2022-49158 | — | < 4.12.14-122.255.1 | 4.12.14-122.255.1 | Feb 26, 2025 | In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix warning message due to adisc being flushed Fix warning message due to adisc being flushed. Linux kernel triggered a warning message where a different error code type is not matching up with | ||
| CVE-2022-49157 | — | < 4.12.14-122.255.1 | 4.12.14-122.255.1 | Feb 26, 2025 | In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix premature hw access after PCI error After a recoverable PCI error has been detected and recovered, qla driver needs to check to see if the error condition still persist and/or wait for the OS | ||
| CVE-2022-49156 | — | < 4.12.14-122.255.1 | 4.12.14-122.255.1 | Feb 26, 2025 | In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix scheduling while atomic The driver makes a call into midlayer (fc_remote_port_delete) which can put the thread to sleep. The thread that originates the call is in interrupt context. The combi | ||
| CVE-2022-49155 | — | < 4.12.14-122.255.1 | 4.12.14-122.255.1 | Feb 26, 2025 | In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Suppress a kernel complaint in qla_create_qpair() [ 12.323788] BUG: using smp_processor_id() in preemptible [00000000] code: systemd-udevd/1020 [ 12.332297] caller is qla2xxx_create_qpair+0x3 | ||
| CVE-2022-49154 | — | < 4.12.14-122.266.1 | 4.12.14-122.266.1 | Feb 26, 2025 | In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: fix panic on out-of-bounds guest IRQ As guest_irq is coming from KVM_IRQFD API call, it may trigger crash in svm_update_pi_irte() due to out-of-bounds: crash> bt PID: 22218 TASK: ffff951a6ad74980 C | ||
| CVE-2022-49151 | — | < 4.12.14-122.250.1 | 4.12.14-122.250.1 | Feb 26, 2025 | In the Linux kernel, the following vulnerability has been resolved: can: mcba_usb: properly check endpoint type Syzbot reported warning in usb_submit_urb() which is caused by wrong endpoint type. We should check that in endpoint is actually present to prevent this warning. Fou | ||
| CVE-2022-49145 | — | < 4.12.14-122.261.1 | 4.12.14-122.261.1 | Feb 26, 2025 | In the Linux kernel, the following vulnerability has been resolved: ACPI: CPPC: Avoid out of bounds access when parsing _CPC data If the NumEntries field in the _CPC return package is less than 2, do not attempt to access the "Revision" element of that package, because it may n | ||
| CVE-2022-49139 | — | < 4.12.14-122.261.1 | 4.12.14-122.261.1 | Feb 26, 2025 | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: fix null ptr deref on hci_sync_conn_complete_evt This event is just specified for SCO and eSCO link types. On the reception of a HCI_Synchronous_Connection_Complete for a BDADDR of an existing LE con | ||
| CVE-2022-49138 | — | < 4.12.14-122.269.1 | 4.12.14-122.269.1 | Feb 26, 2025 | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: Ignore multiple conn complete events When one of the three connection complete events is received multiple times for the same handle, the device is registered multiple times which leads to | ||
| CVE-2022-49137 | — | < 4.12.14-122.258.1 | 4.12.14-122.258.1 | Feb 26, 2025 | In the Linux kernel, the following vulnerability has been resolved: drm/amd/amdgpu/amdgpu_cs: fix refcount leak of a dma_fence obj This issue takes place in an error path in amdgpu_cs_fence_to_handle_ioctl(). When `info->in.what` falls into default case, the function simply ret | ||
| CVE-2022-49135 | — | < 4.12.14-122.250.1 | 4.12.14-122.250.1 | Feb 26, 2025 | In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix memory leak [why] Resource release is needed on the error handling path to prevent memory leak. [how] Fix this by adding kfree on the error handling path. | ||
| CVE-2022-49134 | — | < 4.12.14-122.250.1 | 4.12.14-122.250.1 | Feb 26, 2025 | In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum: Guard against invalid local ports When processing events generated by the device's firmware, the driver protects itself from events reported for non-existent local ports, but not for the CPU po | ||
| CVE-2022-49124 | — | < 4.12.14-122.250.1 | 4.12.14-122.250.1 | Feb 26, 2025 | In the Linux kernel, the following vulnerability has been resolved: x86/mce: Work around an erratum on fast string copy instructions A rare kernel panic scenario can happen when the following conditions are met due to an erratum on fast string copy instructions: 1) An uncorrec | ||
| CVE-2022-49122 | — | < 4.12.14-122.255.1 | 4.12.14-122.255.1 | Feb 26, 2025 | In the Linux kernel, the following vulnerability has been resolved: dm ioctl: prevent potential spectre v1 gadget It appears like cmd could be a Spectre v1 gadget as it's supplied by a user and used as an array index. Prevent the contents of kernel memory from being leaked to u | ||
| CVE-2022-49121 | — | < 4.12.14-122.258.1 | 4.12.14-122.258.1 | Feb 26, 2025 | In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fix tag leaks on error In pm8001_chip_set_dev_state_req(), pm8001_chip_fw_flash_update_req(), pm80xx_chip_phy_ctl_req() and pm8001_chip_reg_dev_req() add missing calls to pm8001_tag_free() to free | ||
| CVE-2022-49120 | — | < 4.12.14-122.255.1 | 4.12.14-122.255.1 | Feb 26, 2025 | In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fix task leak in pm8001_send_abort_all() In pm8001_send_abort_all(), make sure to free the allocated sas task if pm8001_tag_alloc() or pm8001_mpi_build_cmd() fail. | ||
| CVE-2022-49119 | — | < 4.12.14-122.255.1 | 4.12.14-122.255.1 | Feb 26, 2025 | In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fix memory leak in pm8001_chip_fw_flash_update_req() In pm8001_chip_fw_flash_update_build(), if pm8001_chip_fw_flash_update_build() fails, the struct fw_control_ex allocated must be freed. | ||
| CVE-2022-49118 | — | < 4.12.14-122.258.1 | 4.12.14-122.258.1 | Feb 26, 2025 | In the Linux kernel, the following vulnerability has been resolved: scsi: hisi_sas: Free irq vectors in order for v3 HW If the driver probe fails to request the channel IRQ or fatal IRQ, the driver will free the IRQ vectors before freeing the IRQs in free_irq(), and this will c | ||
| CVE-2022-49114 | — | < 4.12.14-122.255.1 | 4.12.14-122.255.1 | Feb 26, 2025 | In the Linux kernel, the following vulnerability has been resolved: scsi: libfc: Fix use after free in fc_exch_abts_resp() fc_exch_release(ep) will decrease the ep's reference count. When the reference count reaches zero, it is freed. But ep is still used in the following code, |
- CVE-2022-49159Feb 26, 2025affected < 4.12.14-122.255.1fixed 4.12.14-122.255.1
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Implement ref count for SRB The timeout handler and the done function are racing. When qla2x00_async_iocb_timeout() starts to run it can be preempted by the normal response path (via the firmware
- CVE-2022-49158Feb 26, 2025affected < 4.12.14-122.255.1fixed 4.12.14-122.255.1
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix warning message due to adisc being flushed Fix warning message due to adisc being flushed. Linux kernel triggered a warning message where a different error code type is not matching up with
- CVE-2022-49157Feb 26, 2025affected < 4.12.14-122.255.1fixed 4.12.14-122.255.1
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix premature hw access after PCI error After a recoverable PCI error has been detected and recovered, qla driver needs to check to see if the error condition still persist and/or wait for the OS
- CVE-2022-49156Feb 26, 2025affected < 4.12.14-122.255.1fixed 4.12.14-122.255.1
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix scheduling while atomic The driver makes a call into midlayer (fc_remote_port_delete) which can put the thread to sleep. The thread that originates the call is in interrupt context. The combi
- CVE-2022-49155Feb 26, 2025affected < 4.12.14-122.255.1fixed 4.12.14-122.255.1
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Suppress a kernel complaint in qla_create_qpair() [ 12.323788] BUG: using smp_processor_id() in preemptible [00000000] code: systemd-udevd/1020 [ 12.332297] caller is qla2xxx_create_qpair+0x3
- CVE-2022-49154Feb 26, 2025affected < 4.12.14-122.266.1fixed 4.12.14-122.266.1
In the Linux kernel, the following vulnerability has been resolved: KVM: SVM: fix panic on out-of-bounds guest IRQ As guest_irq is coming from KVM_IRQFD API call, it may trigger crash in svm_update_pi_irte() due to out-of-bounds: crash> bt PID: 22218 TASK: ffff951a6ad74980 C
- CVE-2022-49151Feb 26, 2025affected < 4.12.14-122.250.1fixed 4.12.14-122.250.1
In the Linux kernel, the following vulnerability has been resolved: can: mcba_usb: properly check endpoint type Syzbot reported warning in usb_submit_urb() which is caused by wrong endpoint type. We should check that in endpoint is actually present to prevent this warning. Fou
- CVE-2022-49145Feb 26, 2025affected < 4.12.14-122.261.1fixed 4.12.14-122.261.1
In the Linux kernel, the following vulnerability has been resolved: ACPI: CPPC: Avoid out of bounds access when parsing _CPC data If the NumEntries field in the _CPC return package is less than 2, do not attempt to access the "Revision" element of that package, because it may n
- CVE-2022-49139Feb 26, 2025affected < 4.12.14-122.261.1fixed 4.12.14-122.261.1
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: fix null ptr deref on hci_sync_conn_complete_evt This event is just specified for SCO and eSCO link types. On the reception of a HCI_Synchronous_Connection_Complete for a BDADDR of an existing LE con
- CVE-2022-49138Feb 26, 2025affected < 4.12.14-122.269.1fixed 4.12.14-122.269.1
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci_event: Ignore multiple conn complete events When one of the three connection complete events is received multiple times for the same handle, the device is registered multiple times which leads to
- CVE-2022-49137Feb 26, 2025affected < 4.12.14-122.258.1fixed 4.12.14-122.258.1
In the Linux kernel, the following vulnerability has been resolved: drm/amd/amdgpu/amdgpu_cs: fix refcount leak of a dma_fence obj This issue takes place in an error path in amdgpu_cs_fence_to_handle_ioctl(). When `info->in.what` falls into default case, the function simply ret
- CVE-2022-49135Feb 26, 2025affected < 4.12.14-122.250.1fixed 4.12.14-122.250.1
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix memory leak [why] Resource release is needed on the error handling path to prevent memory leak. [how] Fix this by adding kfree on the error handling path.
- CVE-2022-49134Feb 26, 2025affected < 4.12.14-122.250.1fixed 4.12.14-122.250.1
In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum: Guard against invalid local ports When processing events generated by the device's firmware, the driver protects itself from events reported for non-existent local ports, but not for the CPU po
- CVE-2022-49124Feb 26, 2025affected < 4.12.14-122.250.1fixed 4.12.14-122.250.1
In the Linux kernel, the following vulnerability has been resolved: x86/mce: Work around an erratum on fast string copy instructions A rare kernel panic scenario can happen when the following conditions are met due to an erratum on fast string copy instructions: 1) An uncorrec
- CVE-2022-49122Feb 26, 2025affected < 4.12.14-122.255.1fixed 4.12.14-122.255.1
In the Linux kernel, the following vulnerability has been resolved: dm ioctl: prevent potential spectre v1 gadget It appears like cmd could be a Spectre v1 gadget as it's supplied by a user and used as an array index. Prevent the contents of kernel memory from being leaked to u
- CVE-2022-49121Feb 26, 2025affected < 4.12.14-122.258.1fixed 4.12.14-122.258.1
In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fix tag leaks on error In pm8001_chip_set_dev_state_req(), pm8001_chip_fw_flash_update_req(), pm80xx_chip_phy_ctl_req() and pm8001_chip_reg_dev_req() add missing calls to pm8001_tag_free() to free
- CVE-2022-49120Feb 26, 2025affected < 4.12.14-122.255.1fixed 4.12.14-122.255.1
In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fix task leak in pm8001_send_abort_all() In pm8001_send_abort_all(), make sure to free the allocated sas task if pm8001_tag_alloc() or pm8001_mpi_build_cmd() fail.
- CVE-2022-49119Feb 26, 2025affected < 4.12.14-122.255.1fixed 4.12.14-122.255.1
In the Linux kernel, the following vulnerability has been resolved: scsi: pm8001: Fix memory leak in pm8001_chip_fw_flash_update_req() In pm8001_chip_fw_flash_update_build(), if pm8001_chip_fw_flash_update_build() fails, the struct fw_control_ex allocated must be freed.
- CVE-2022-49118Feb 26, 2025affected < 4.12.14-122.258.1fixed 4.12.14-122.258.1
In the Linux kernel, the following vulnerability has been resolved: scsi: hisi_sas: Free irq vectors in order for v3 HW If the driver probe fails to request the channel IRQ or fatal IRQ, the driver will free the IRQ vectors before freeing the IRQs in free_irq(), and this will c
- CVE-2022-49114Feb 26, 2025affected < 4.12.14-122.255.1fixed 4.12.14-122.255.1
In the Linux kernel, the following vulnerability has been resolved: scsi: libfc: Fix use after free in fc_exch_abts_resp() fc_exch_release(ep) will decrease the ep's reference count. When the reference count reaches zero, it is freed. But ep is still used in the following code,
Page 65 of 90