rpm package

suse/kernel-source&distro=SUSE Linux Enterprise Server LTSS Extended Security 12 SP5

pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5

Vulnerabilities (1,794)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2023-52919		—	< 4.12.14-122.234.1	4.12.14-122.234.1	Oct 22, 2024	In the Linux kernel, the following vulnerability has been resolved: nfc: nci: fix possible NULL pointer dereference in send_acknowledge() Handle memory allocation failure from nci_skb_alloc() (calling alloc_skb()) to avoid possible NULL pointer dereference.
CVE-2023-52918		—	< 4.12.14-122.234.1	4.12.14-122.234.1	Oct 22, 2024	In the Linux kernel, the following vulnerability has been resolved: media: pci: cx23885: check cx23885_vdev_init() return cx23885_vdev_init() can return a NULL pointer, but that pointer is used in the next line without a check. Add a NULL pointer check and go to the error unwi
CVE-2024-50058	Med	5.5	< 4.12.14-122.234.1	4.12.14-122.234.1	Oct 21, 2024	In the Linux kernel, the following vulnerability has been resolved: serial: protect uart_port_dtr_rts() in uart_shutdown() too Commit af224ca2df29 (serial: core: Prevent unsafe uart port access, part 3) added few uport == NULL checks. It added one to uart_shutdown(), so the com
CVE-2024-50045	Med	5.5	< 4.12.14-122.234.1	4.12.14-122.234.1	Oct 21, 2024	In the Linux kernel, the following vulnerability has been resolved: netfilter: br_netfilter: fix panic with metadata_dst skb Fix a kernel panic in the br_netfilter module when sending untagged traffic via a VxLAN device. This happens during the check for fragmentation in br_nf_
CVE-2024-50044	Low	3.3	< 4.12.14-122.237.1	4.12.14-122.237.1	Oct 21, 2024	In the Linux kernel, the following vulnerability has been resolved: Bluetooth: RFCOMM: FIX possible deadlock in rfcomm_sk_state_change rfcomm_sk_state_change attempts to use sock_lock so it must never be called with it locked but rfcomm_sock_ioctl always attempt to lock it caus
CVE-2024-50040	Med	5.5	< 4.12.14-122.293.1	4.12.14-122.293.1	Oct 21, 2024	In the Linux kernel, the following vulnerability has been resolved: igb: Do not bring the device up after non-fatal error Commit 004d25060c78 ("igb: Fix igb_down hung on surprise removal") changed igb_io_error_detected() to ignore non-fatal pcie errors in order to avoid hung ta
CVE-2024-50039	Med	5.5	< 4.12.14-122.244.1	4.12.14-122.244.1	Oct 21, 2024	In the Linux kernel, the following vulnerability has been resolved: net/sched: accept TCA_STAB only for root qdisc Most qdiscs maintain their backlog using qdisc_pkt_len(skb) on the assumption it is invariant between the enqueue() and dequeue() handlers. Unfortunately syzbot c
CVE-2024-50035	Hig	7.1	< 4.12.14-122.234.1	4.12.14-122.234.1	Oct 21, 2024	In the Linux kernel, the following vulnerability has been resolved: ppp: fix ppp_async_encode() illegal access syzbot reported an issue in ppp_async_encode() [1] In this case, pppoe_sendmsg() is called with a zero size. Then ppp_async_encode() is called with an empty skb. BUG
CVE-2024-50033	Hig	7.1	< 4.12.14-122.234.1	4.12.14-122.234.1	Oct 21, 2024	In the Linux kernel, the following vulnerability has been resolved: slip: make slhc_remember() more robust against malicious packets syzbot found that slhc_remember() was missing checks against malicious packets [1]. slhc_remember() only checked the size of the packet was at l
CVE-2022-49033		—	< 4.12.14-122.244.1	4.12.14-122.244.1	Oct 21, 2024	In the Linux kernel, the following vulnerability has been resolved: btrfs: qgroup: fix sleep from invalid context bug in btrfs_qgroup_inherit() Syzkaller reported BUG as follows: BUG: sleeping function called from invalid context at include/linux/sched/mm.h:274 Call
CVE-2022-49029		—	< 4.12.14-122.234.1	4.12.14-122.234.1	Oct 21, 2024	In the Linux kernel, the following vulnerability has been resolved: hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails Smatch report warning as follows: drivers/hwmon/ibmpex.c:509 ibmpex_register_bmc() warn: '&data->list' not removed from list If ibmpex_find_
CVE-2022-49028		—	< 4.12.14-122.234.1	4.12.14-122.234.1	Oct 21, 2024	In the Linux kernel, the following vulnerability has been resolved: ixgbevf: Fix resource leak in ixgbevf_init_module() ixgbevf_init_module() won't destroy the workqueue created by create_singlethread_workqueue() when pci_register_driver() failed. Add destroy_workqueue() in fai
CVE-2022-49027		—	< 4.12.14-122.234.1	4.12.14-122.234.1	Oct 21, 2024	In the Linux kernel, the following vulnerability has been resolved: iavf: Fix error handling in iavf_init_module() The iavf_init_module() won't destroy workqueue when pci_register_driver() failed. Call destroy_workqueue() when pci_register_driver() failed to prevent the resourc
CVE-2022-49026		—	< 4.12.14-122.234.1	4.12.14-122.234.1	Oct 21, 2024	In the Linux kernel, the following vulnerability has been resolved: e100: Fix possible use after free in e100_xmit_prepare In e100_xmit_prepare(), if we can't map the skb, then return -ENOMEM, so e100_xmit_frame() will return NETDEV_TX_BUSY and the upper layer will resend the s
CVE-2022-49021		—	< 4.12.14-122.234.1	4.12.14-122.234.1	Oct 21, 2024	In the Linux kernel, the following vulnerability has been resolved: net: phy: fix null-ptr-deref while probe() failed I got a null-ptr-deref report as following when doing fault injection test: BUG: kernel NULL pointer dereference, address: 0000000000000058 Oops: 0000 [#1] PRE
CVE-2022-49020		—	< 4.12.14-122.234.1	4.12.14-122.234.1	Oct 21, 2024	In the Linux kernel, the following vulnerability has been resolved: net/9p: Fix a potential socket leak in p9_socket_open Both p9_fd_create_tcp() and p9_fd_create_unix() will call p9_socket_open(). If the creation of p9_trans_fd fails, p9_fd_create_tcp() and p9_fd_create_unix()
CVE-2022-49015		—	< 4.12.14-122.234.1	4.12.14-122.234.1	Oct 21, 2024	In the Linux kernel, the following vulnerability has been resolved: net: hsr: Fix potential use-after-free The skb is delivered to netif_rx() which may free it, after calling this, dereferencing skb may trigger use-after-free.
CVE-2022-49014		—	< 4.12.14-122.234.1	4.12.14-122.234.1	Oct 21, 2024	In the Linux kernel, the following vulnerability has been resolved: net: tun: Fix use-after-free in tun_detach() syzbot reported use-after-free in tun_detach() [1]. This causes call trace like below: ================================================================== BUG: KASA
CVE-2022-49011		—	< 4.12.14-122.234.1	4.12.14-122.234.1	Oct 21, 2024	In the Linux kernel, the following vulnerability has been resolved: hwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new() As comment of pci_get_domain_bus_and_slot() says, it returns a pci device with refcount increment, when finish using it, the caller must decremen
CVE-2022-49010		—	< 4.12.14-122.234.1	4.12.14-122.234.1	Oct 21, 2024	In the Linux kernel, the following vulnerability has been resolved: hwmon: (coretemp) Check for null before removing sysfs attrs If coretemp_add_core() gets an error then pdata->core_data[indx] is already NULL and has been kfreed. Don't pass that to sysfs_remove_group() as that

CVE-2023-52919Oct 22, 2024
affected < 4.12.14-122.234.1fixed 4.12.14-122.234.1
In the Linux kernel, the following vulnerability has been resolved: nfc: nci: fix possible NULL pointer dereference in send_acknowledge() Handle memory allocation failure from nci_skb_alloc() (calling alloc_skb()) to avoid possible NULL pointer dereference.
CVE-2023-52918Oct 22, 2024
affected < 4.12.14-122.234.1fixed 4.12.14-122.234.1
In the Linux kernel, the following vulnerability has been resolved: media: pci: cx23885: check cx23885_vdev_init() return cx23885_vdev_init() can return a NULL pointer, but that pointer is used in the next line without a check. Add a NULL pointer check and go to the error unwi
CVE-2024-50058MedOct 21, 2024
affected < 4.12.14-122.234.1fixed 4.12.14-122.234.1
In the Linux kernel, the following vulnerability has been resolved: serial: protect uart_port_dtr_rts() in uart_shutdown() too Commit af224ca2df29 (serial: core: Prevent unsafe uart port access, part 3) added few uport == NULL checks. It added one to uart_shutdown(), so the com
CVE-2024-50045MedOct 21, 2024
affected < 4.12.14-122.234.1fixed 4.12.14-122.234.1
In the Linux kernel, the following vulnerability has been resolved: netfilter: br_netfilter: fix panic with metadata_dst skb Fix a kernel panic in the br_netfilter module when sending untagged traffic via a VxLAN device. This happens during the check for fragmentation in br_nf_
CVE-2024-50044LowOct 21, 2024
affected < 4.12.14-122.237.1fixed 4.12.14-122.237.1
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: RFCOMM: FIX possible deadlock in rfcomm_sk_state_change rfcomm_sk_state_change attempts to use sock_lock so it must never be called with it locked but rfcomm_sock_ioctl always attempt to lock it caus
CVE-2024-50040MedOct 21, 2024
affected < 4.12.14-122.293.1fixed 4.12.14-122.293.1
In the Linux kernel, the following vulnerability has been resolved: igb: Do not bring the device up after non-fatal error Commit 004d25060c78 ("igb: Fix igb_down hung on surprise removal") changed igb_io_error_detected() to ignore non-fatal pcie errors in order to avoid hung ta
CVE-2024-50039MedOct 21, 2024
affected < 4.12.14-122.244.1fixed 4.12.14-122.244.1
In the Linux kernel, the following vulnerability has been resolved: net/sched: accept TCA_STAB only for root qdisc Most qdiscs maintain their backlog using qdisc_pkt_len(skb) on the assumption it is invariant between the enqueue() and dequeue() handlers. Unfortunately syzbot c
CVE-2024-50035HigOct 21, 2024
affected < 4.12.14-122.234.1fixed 4.12.14-122.234.1
In the Linux kernel, the following vulnerability has been resolved: ppp: fix ppp_async_encode() illegal access syzbot reported an issue in ppp_async_encode() [1] In this case, pppoe_sendmsg() is called with a zero size. Then ppp_async_encode() is called with an empty skb. BUG
CVE-2024-50033HigOct 21, 2024
affected < 4.12.14-122.234.1fixed 4.12.14-122.234.1
In the Linux kernel, the following vulnerability has been resolved: slip: make slhc_remember() more robust against malicious packets syzbot found that slhc_remember() was missing checks against malicious packets [1]. slhc_remember() only checked the size of the packet was at l
CVE-2022-49033Oct 21, 2024
affected < 4.12.14-122.244.1fixed 4.12.14-122.244.1
In the Linux kernel, the following vulnerability has been resolved: btrfs: qgroup: fix sleep from invalid context bug in btrfs_qgroup_inherit() Syzkaller reported BUG as follows: BUG: sleeping function called from invalid context at include/linux/sched/mm.h:274 Call
CVE-2022-49029Oct 21, 2024
affected < 4.12.14-122.234.1fixed 4.12.14-122.234.1
In the Linux kernel, the following vulnerability has been resolved: hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails Smatch report warning as follows: drivers/hwmon/ibmpex.c:509 ibmpex_register_bmc() warn: '&data->list' not removed from list If ibmpex_find_
CVE-2022-49028Oct 21, 2024
affected < 4.12.14-122.234.1fixed 4.12.14-122.234.1
In the Linux kernel, the following vulnerability has been resolved: ixgbevf: Fix resource leak in ixgbevf_init_module() ixgbevf_init_module() won't destroy the workqueue created by create_singlethread_workqueue() when pci_register_driver() failed. Add destroy_workqueue() in fai
CVE-2022-49027Oct 21, 2024
affected < 4.12.14-122.234.1fixed 4.12.14-122.234.1
In the Linux kernel, the following vulnerability has been resolved: iavf: Fix error handling in iavf_init_module() The iavf_init_module() won't destroy workqueue when pci_register_driver() failed. Call destroy_workqueue() when pci_register_driver() failed to prevent the resourc
CVE-2022-49026Oct 21, 2024
affected < 4.12.14-122.234.1fixed 4.12.14-122.234.1
In the Linux kernel, the following vulnerability has been resolved: e100: Fix possible use after free in e100_xmit_prepare In e100_xmit_prepare(), if we can't map the skb, then return -ENOMEM, so e100_xmit_frame() will return NETDEV_TX_BUSY and the upper layer will resend the s
CVE-2022-49021Oct 21, 2024
affected < 4.12.14-122.234.1fixed 4.12.14-122.234.1
In the Linux kernel, the following vulnerability has been resolved: net: phy: fix null-ptr-deref while probe() failed I got a null-ptr-deref report as following when doing fault injection test: BUG: kernel NULL pointer dereference, address: 0000000000000058 Oops: 0000 [#1] PRE
CVE-2022-49020Oct 21, 2024
affected < 4.12.14-122.234.1fixed 4.12.14-122.234.1
In the Linux kernel, the following vulnerability has been resolved: net/9p: Fix a potential socket leak in p9_socket_open Both p9_fd_create_tcp() and p9_fd_create_unix() will call p9_socket_open(). If the creation of p9_trans_fd fails, p9_fd_create_tcp() and p9_fd_create_unix()
CVE-2022-49015Oct 21, 2024
affected < 4.12.14-122.234.1fixed 4.12.14-122.234.1
In the Linux kernel, the following vulnerability has been resolved: net: hsr: Fix potential use-after-free The skb is delivered to netif_rx() which may free it, after calling this, dereferencing skb may trigger use-after-free.
CVE-2022-49014Oct 21, 2024
affected < 4.12.14-122.234.1fixed 4.12.14-122.234.1
In the Linux kernel, the following vulnerability has been resolved: net: tun: Fix use-after-free in tun_detach() syzbot reported use-after-free in tun_detach() [1]. This causes call trace like below: ================================================================== BUG: KASA
CVE-2022-49011Oct 21, 2024
affected < 4.12.14-122.234.1fixed 4.12.14-122.234.1
In the Linux kernel, the following vulnerability has been resolved: hwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new() As comment of pci_get_domain_bus_and_slot() says, it returns a pci device with refcount increment, when finish using it, the caller must decremen
CVE-2022-49010Oct 21, 2024
affected < 4.12.14-122.234.1fixed 4.12.14-122.234.1
In the Linux kernel, the following vulnerability has been resolved: hwmon: (coretemp) Check for null before removing sysfs attrs If coretemp_add_core() gets an error then pdata->core_data[indx] is already NULL and has been kfreed. Don't pass that to sysfs_remove_group() as that

Page 77 of 90