rpm package
suse/kernel-source&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP5
pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5
Vulnerabilities (1,486)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-52639 | — | < 4.12.14-122.216.1 | 4.12.14-122.216.1 | Apr 3, 2024 | In the Linux kernel, the following vulnerability has been resolved: KVM: s390: vsie: fix race during shadow creation Right now it is possible to see gmap->private being zero in kvm_s390_vsie_gmap_notifier resulting in a crash. This is due to the fact that we add gmap->private | ||
| CVE-2024-26659 | Med | 5.5 | < 4.12.14-122.225.1 | 4.12.14-122.225.1 | Apr 2, 2024 | In the Linux kernel, the following vulnerability has been resolved: xhci: handle isoc Babble and Buffer Overrun events properly xHCI 4.9 explicitly forbids assuming that the xHC has released its ownership of a multi-TRB TD when it reports an error on one of the early TRBs. Yet | |
| CVE-2024-26679 | — | < 4.12.14-122.222.1 | 4.12.14-122.222.1 | Apr 2, 2024 | In the Linux kernel, the following vulnerability has been resolved: inet: read sk->sk_family once in inet_recv_error() inet_recv_error() is called without holding the socket lock. IPv6 socket could mutate to IPv4 with IPV6_ADDRFORM socket option and trigger a KCSAN warning. | ||
| CVE-2024-26677 | — | < 4.12.14-122.228.1 | 4.12.14-122.228.1 | Apr 2, 2024 | In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix delayed ACKs to not set the reference serial number Fix the construction of delayed ACKs to not set the reference serial number as they can't be used as an RTT reference. | ||
| CVE-2024-26675 | — | < 4.12.14-122.216.1 | 4.12.14-122.216.1 | Apr 2, 2024 | In the Linux kernel, the following vulnerability has been resolved: ppp_async: limit MRU to 64K syzbot triggered a warning [1] in __alloc_pages(): WARN_ON_ONCE_GFP(order > MAX_PAGE_ORDER, gfp) Willem fixed a similar issue in commit c0a2a1b0d631 ("ppp: limit MRU to 64K") Adop | ||
| CVE-2024-26671 | — | < 4.12.14-122.216.1 | 4.12.14-122.216.1 | Apr 2, 2024 | In the Linux kernel, the following vulnerability has been resolved: blk-mq: fix IO hang from sbitmap wakeup race In blk_mq_mark_tag_wait(), __add_wait_queue() may be re-ordered with the following blk_mq_get_driver_tag() in case of getting driver tag failure. Then in __sbitmap_ | ||
| CVE-2023-52635 | — | < 4.12.14-122.216.1 | 4.12.14-122.216.1 | Apr 2, 2024 | In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: Synchronize devfreq_monitor_[start/stop] There is a chance if a frequent switch of the governor done in a loop result in timer list corruption where timer cancel being done from two place one from | ||
| CVE-2024-26668 | — | < 4.12.14-122.228.1 | 4.12.14-122.228.1 | Apr 2, 2024 | In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_limit: reject configurations that cause integer overflow Reject bogus configs where internal token counter wraps around. This only occurs with very very large requests, such as 17gbyte/s. Its be | ||
| CVE-2024-26663 | — | < 4.12.14-122.225.1 | 4.12.14-122.225.1 | Apr 2, 2024 | In the Linux kernel, the following vulnerability has been resolved: tipc: Check the bearer type before calling tipc_udp_nl_bearer_add() syzbot reported the following general protection fault [1]: general protection fault, probably for non-canonical address 0xdffffc0000000010: | ||
| CVE-2023-52628 | — | < 4.12.14-122.216.1 | 4.12.14-122.216.1 | Mar 28, 2024 | In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: exthdr: fix 4-byte stack OOB write If priv->len is a multiple of 4, then dst[len / 4] can write past the destination array which leads to stack corruption. This construct is necessary to c | ||
| CVE-2024-26651 | Med | 5.5 | < 4.12.14-122.216.1 | 4.12.14-122.216.1 | Mar 27, 2024 | In the Linux kernel, the following vulnerability has been resolved: sr9800: Add check for usbnet_get_endpoints Add check for usbnet_get_endpoints() and return the error if it fails in order to transfer the error. | |
| CVE-2023-52623 | — | < 4.12.14-122.225.1 | 4.12.14-122.225.1 | Mar 26, 2024 | In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix a suspicious RCU usage warning I received the following warning while running cthon against an ontap server running pNFS: [ 57.202521] ============================= [ 57.202522] WARNING: suspic | ||
| CVE-2023-52622 | — | < 4.12.14-122.222.1 | 4.12.14-122.222.1 | Mar 26, 2024 | In the Linux kernel, the following vulnerability has been resolved: ext4: avoid online resizing failures due to oversized flex bg When we online resize an ext4 filesystem with a oversized flexbg_size, mkfs.ext4 -F -G 67108864 $dev -b 4096 100M mount $dev $dir re | ||
| CVE-2021-47180 | — | < 4.12.14-122.216.1 | 4.12.14-122.216.1 | Mar 25, 2024 | In the Linux kernel, the following vulnerability has been resolved: NFC: nci: fix memory leak in nci_allocate_device nfcmrvl_disconnect fails to free the hci_dev field in struct nci_dev. Fix this by freeing hci_dev in nci_free_device. BUG: memory leak unreferenced object 0xfff | ||
| CVE-2021-47179 | — | < 4.12.14-122.216.1 | 4.12.14-122.216.1 | Mar 25, 2024 | In the Linux kernel, the following vulnerability has been resolved: NFSv4: Fix a NULL pointer dereference in pnfs_mark_matching_lsegs_return() Commit de144ff4234f changes _pnfs_return_layout() to call pnfs_mark_matching_lsegs_return() passing NULL as the struct pnfs_layout_rang | ||
| CVE-2021-47177 | — | < 4.12.14-122.216.1 | 4.12.14-122.216.1 | Mar 25, 2024 | In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix sysfs leak in alloc_iommu() iommu_device_sysfs_add() is called before, so is has to be cleaned on subsequent errors. | ||
| CVE-2021-47173 | — | < 4.12.14-122.216.1 | 4.12.14-122.216.1 | Mar 25, 2024 | In the Linux kernel, the following vulnerability has been resolved: misc/uss720: fix memory leak in uss720_probe uss720_probe forgets to decrease the refcount of usbdev in uss720_probe. Fix this by decreasing the refcount of usbdev by usb_put_dev. BUG: memory leak unreferenced | ||
| CVE-2021-47171 | — | < 4.12.14-122.216.1 | 4.12.14-122.216.1 | Mar 25, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: usb: fix memory leak in smsc75xx_bind Syzbot reported memory leak in smsc75xx_bind(). The problem was is non-freed memory in case of errors after memory allocation. backtrace: [] kmall | ||
| CVE-2021-47169 | — | < 4.12.14-122.216.1 | 4.12.14-122.216.1 | Mar 25, 2024 | In the Linux kernel, the following vulnerability has been resolved: serial: rp2: use 'request_firmware' instead of 'request_firmware_nowait' In 'rp2_probe', the driver registers 'rp2_uart_interrupt' then calls 'rp2_fw_cb' through 'request_firmware_nowait'. In 'rp2_fw_cb', if th | ||
| CVE-2021-47168 | — | < 4.12.14-122.216.1 | 4.12.14-122.216.1 | Mar 25, 2024 | In the Linux kernel, the following vulnerability has been resolved: NFS: fix an incorrect limit in filelayout_decode_layout() The "sizeof(struct nfs_fh)" is two bytes too large and could lead to memory corruption. It should be NFS_MAXFHSIZE because that's the size of the ->dat |
- CVE-2023-52639Apr 3, 2024affected < 4.12.14-122.216.1fixed 4.12.14-122.216.1
In the Linux kernel, the following vulnerability has been resolved: KVM: s390: vsie: fix race during shadow creation Right now it is possible to see gmap->private being zero in kvm_s390_vsie_gmap_notifier resulting in a crash. This is due to the fact that we add gmap->private
- affected < 4.12.14-122.225.1fixed 4.12.14-122.225.1
In the Linux kernel, the following vulnerability has been resolved: xhci: handle isoc Babble and Buffer Overrun events properly xHCI 4.9 explicitly forbids assuming that the xHC has released its ownership of a multi-TRB TD when it reports an error on one of the early TRBs. Yet
- CVE-2024-26679Apr 2, 2024affected < 4.12.14-122.222.1fixed 4.12.14-122.222.1
In the Linux kernel, the following vulnerability has been resolved: inet: read sk->sk_family once in inet_recv_error() inet_recv_error() is called without holding the socket lock. IPv6 socket could mutate to IPv4 with IPV6_ADDRFORM socket option and trigger a KCSAN warning.
- CVE-2024-26677Apr 2, 2024affected < 4.12.14-122.228.1fixed 4.12.14-122.228.1
In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix delayed ACKs to not set the reference serial number Fix the construction of delayed ACKs to not set the reference serial number as they can't be used as an RTT reference.
- CVE-2024-26675Apr 2, 2024affected < 4.12.14-122.216.1fixed 4.12.14-122.216.1
In the Linux kernel, the following vulnerability has been resolved: ppp_async: limit MRU to 64K syzbot triggered a warning [1] in __alloc_pages(): WARN_ON_ONCE_GFP(order > MAX_PAGE_ORDER, gfp) Willem fixed a similar issue in commit c0a2a1b0d631 ("ppp: limit MRU to 64K") Adop
- CVE-2024-26671Apr 2, 2024affected < 4.12.14-122.216.1fixed 4.12.14-122.216.1
In the Linux kernel, the following vulnerability has been resolved: blk-mq: fix IO hang from sbitmap wakeup race In blk_mq_mark_tag_wait(), __add_wait_queue() may be re-ordered with the following blk_mq_get_driver_tag() in case of getting driver tag failure. Then in __sbitmap_
- CVE-2023-52635Apr 2, 2024affected < 4.12.14-122.216.1fixed 4.12.14-122.216.1
In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: Synchronize devfreq_monitor_[start/stop] There is a chance if a frequent switch of the governor done in a loop result in timer list corruption where timer cancel being done from two place one from
- CVE-2024-26668Apr 2, 2024affected < 4.12.14-122.228.1fixed 4.12.14-122.228.1
In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_limit: reject configurations that cause integer overflow Reject bogus configs where internal token counter wraps around. This only occurs with very very large requests, such as 17gbyte/s. Its be
- CVE-2024-26663Apr 2, 2024affected < 4.12.14-122.225.1fixed 4.12.14-122.225.1
In the Linux kernel, the following vulnerability has been resolved: tipc: Check the bearer type before calling tipc_udp_nl_bearer_add() syzbot reported the following general protection fault [1]: general protection fault, probably for non-canonical address 0xdffffc0000000010:
- CVE-2023-52628Mar 28, 2024affected < 4.12.14-122.216.1fixed 4.12.14-122.216.1
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: exthdr: fix 4-byte stack OOB write If priv->len is a multiple of 4, then dst[len / 4] can write past the destination array which leads to stack corruption. This construct is necessary to c
- affected < 4.12.14-122.216.1fixed 4.12.14-122.216.1
In the Linux kernel, the following vulnerability has been resolved: sr9800: Add check for usbnet_get_endpoints Add check for usbnet_get_endpoints() and return the error if it fails in order to transfer the error.
- CVE-2023-52623Mar 26, 2024affected < 4.12.14-122.225.1fixed 4.12.14-122.225.1
In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix a suspicious RCU usage warning I received the following warning while running cthon against an ontap server running pNFS: [ 57.202521] ============================= [ 57.202522] WARNING: suspic
- CVE-2023-52622Mar 26, 2024affected < 4.12.14-122.222.1fixed 4.12.14-122.222.1
In the Linux kernel, the following vulnerability has been resolved: ext4: avoid online resizing failures due to oversized flex bg When we online resize an ext4 filesystem with a oversized flexbg_size, mkfs.ext4 -F -G 67108864 $dev -b 4096 100M mount $dev $dir re
- CVE-2021-47180Mar 25, 2024affected < 4.12.14-122.216.1fixed 4.12.14-122.216.1
In the Linux kernel, the following vulnerability has been resolved: NFC: nci: fix memory leak in nci_allocate_device nfcmrvl_disconnect fails to free the hci_dev field in struct nci_dev. Fix this by freeing hci_dev in nci_free_device. BUG: memory leak unreferenced object 0xfff
- CVE-2021-47179Mar 25, 2024affected < 4.12.14-122.216.1fixed 4.12.14-122.216.1
In the Linux kernel, the following vulnerability has been resolved: NFSv4: Fix a NULL pointer dereference in pnfs_mark_matching_lsegs_return() Commit de144ff4234f changes _pnfs_return_layout() to call pnfs_mark_matching_lsegs_return() passing NULL as the struct pnfs_layout_rang
- CVE-2021-47177Mar 25, 2024affected < 4.12.14-122.216.1fixed 4.12.14-122.216.1
In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix sysfs leak in alloc_iommu() iommu_device_sysfs_add() is called before, so is has to be cleaned on subsequent errors.
- CVE-2021-47173Mar 25, 2024affected < 4.12.14-122.216.1fixed 4.12.14-122.216.1
In the Linux kernel, the following vulnerability has been resolved: misc/uss720: fix memory leak in uss720_probe uss720_probe forgets to decrease the refcount of usbdev in uss720_probe. Fix this by decreasing the refcount of usbdev by usb_put_dev. BUG: memory leak unreferenced
- CVE-2021-47171Mar 25, 2024affected < 4.12.14-122.216.1fixed 4.12.14-122.216.1
In the Linux kernel, the following vulnerability has been resolved: net: usb: fix memory leak in smsc75xx_bind Syzbot reported memory leak in smsc75xx_bind(). The problem was is non-freed memory in case of errors after memory allocation. backtrace: [] kmall
- CVE-2021-47169Mar 25, 2024affected < 4.12.14-122.216.1fixed 4.12.14-122.216.1
In the Linux kernel, the following vulnerability has been resolved: serial: rp2: use 'request_firmware' instead of 'request_firmware_nowait' In 'rp2_probe', the driver registers 'rp2_uart_interrupt' then calls 'rp2_fw_cb' through 'request_firmware_nowait'. In 'rp2_fw_cb', if th
- CVE-2021-47168Mar 25, 2024affected < 4.12.14-122.216.1fixed 4.12.14-122.216.1
In the Linux kernel, the following vulnerability has been resolved: NFS: fix an incorrect limit in filelayout_decode_layout() The "sizeof(struct nfs_fh)" is two bytes too large and could lead to memory corruption. It should be NFS_MAXFHSIZE because that's the size of the ->dat
Page 36 of 75