rpm package
suse/kernel-source&distro=SUSE Linux Enterprise Server for SAP Applications 15 SP4
pkg:rpm/suse/kernel-source&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP4
Vulnerabilities (2,843)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-49850 | — | < 5.14.21-150400.24.167.1 | 5.14.21-150400.24.167.1 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix deadlock in nilfs_count_free_blocks() A semaphore deadlock can occur if nilfs_get_block() detects metadata corruption while locating data blocks and a superblock writeback occurs at the same time: | ||
| CVE-2022-49846 | — | < 5.14.21-150400.24.167.1 | 5.14.21-150400.24.167.1 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: udf: Fix a slab-out-of-bounds write bug in udf_find_entry() Syzbot reported a slab-out-of-bounds Write bug: loop0: detected capacity change from 0 to 2048 ====================================================== | ||
| CVE-2022-49845 | — | < 5.14.21-150400.24.167.1 | 5.14.21-150400.24.167.1 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: can: j1939: j1939_send_one(): fix missing CAN header initialization The read access to struct canxl_frame::len inside of a j1939 created skbuff revealed a missing initialization of reserved and later filled ele | ||
| CVE-2022-49842 | — | < 5.14.21-150400.24.167.1 | 5.14.21-150400.24.167.1 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: ASoC: core: Fix use-after-free in snd_soc_exit() KASAN reports a use-after-free: BUG: KASAN: use-after-free in device_del+0xb5b/0xc60 Read of size 8 at addr ffff888008655050 by task rmmod/387 CPU: 2 PID: 387 C | ||
| CVE-2022-49841 | — | < 5.14.21-150400.24.167.1 | 5.14.21-150400.24.167.1 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: serial: imx: Add missing .thaw_noirq hook The following warning is seen with non-console UART instance when system hibernates. [ 37.371969] ------------[ cut here ]------------ [ 37.376599] uart3_root_clk | ||
| CVE-2022-49839 | — | < 5.14.21-150400.24.167.1 | 5.14.21-150400.24.167.1 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: scsi: scsi_transport_sas: Fix error handling in sas_phy_add() If transport_add_device() fails in sas_phy_add(), the kernel will crash trying to delete the device in transport_remove_device() called from sas_rem | ||
| CVE-2022-49836 | — | < 5.14.21-150400.24.167.1 | 5.14.21-150400.24.167.1 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: siox: fix possible memory leak in siox_device_add() If device_register() returns error in siox_device_add(), the name allocated by dev_set_name() need be freed. As comment of device_register() says, it should u | ||
| CVE-2022-49835 | — | < 5.14.21-150400.24.167.1 | 5.14.21-150400.24.167.1 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: fix potential memleak in 'add_widget_node' As 'kobject_add' may allocated memory for 'kobject->name' when return error. And in this function, if call 'kobject_add' failed didn't free kobject. So call | ||
| CVE-2022-49834 | — | < 5.14.21-150400.24.167.1 | 5.14.21-150400.24.167.1 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix use-after-free bug of ns_writer on remount If a nilfs2 filesystem is downgraded to read-only due to metadata corruption on disk and is remounted read/write, or if emergency read-only remount is perf | ||
| CVE-2022-49832 | — | < 5.14.21-150400.24.167.1 | 5.14.21-150400.24.167.1 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map Here is the BUG report by KASAN about null pointer dereference: BUG: KASAN: null-ptr-deref in strcmp+0x2e/0x50 Read of size 1 at addr 00 | ||
| CVE-2022-49830 | — | < 5.14.21-150400.24.167.1 | 5.14.21-150400.24.167.1 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: drm/drv: Fix potential memory leak in drm_dev_init() drm_dev_init() will add drm_dev_init_release() as a callback. When drmm_add_action() failed, the release function won't be added. As the result, the ref cnt | ||
| CVE-2022-49827 | — | < 5.14.21-150400.24.167.1 | 5.14.21-150400.24.167.1 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: drm: Fix potential null-ptr-deref in drm_vblank_destroy_worker() drm_vblank_init() call drmm_add_action_or_reset() with drm_vblank_init_release() as action. If __drmm_add_action() failed, will directly call drm | ||
| CVE-2022-49826 | — | < 5.14.21-150400.24.167.1 | 5.14.21-150400.24.167.1 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: ata: libata-transport: fix double ata_host_put() in ata_tport_add() In the error path in ata_tport_add(), when calling put_device(), ata_tport_release() is called, it will put the refcount of 'ap->host'. And t | ||
| CVE-2022-49825 | — | < 5.14.21-150400.24.167.1 | 5.14.21-150400.24.167.1 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: ata: libata-transport: fix error handling in ata_tport_add() In ata_tport_add(), the return value of transport_add_device() is not checked. As a result, it causes null-ptr-deref while removing the module, becau | ||
| CVE-2022-49824 | — | < 5.14.21-150400.24.167.1 | 5.14.21-150400.24.167.1 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: ata: libata-transport: fix error handling in ata_tlink_add() In ata_tlink_add(), the return value of transport_add_device() is not checked. As a result, it causes null-ptr-deref while removing the module, becau | ||
| CVE-2022-49823 | — | < 5.14.21-150400.24.167.1 | 5.14.21-150400.24.167.1 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: ata: libata-transport: fix error handling in ata_tdev_add() In ata_tdev_add(), the return value of transport_add_device() is not checked. As a result, it causes null-ptr-deref while removing the module, because | ||
| CVE-2022-49821 | — | < 5.14.21-150400.24.167.1 | 5.14.21-150400.24.167.1 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: mISDN: fix possible memory leak in mISDN_dsp_element_register() Afer commit 1fa5ae857bb1 ("driver core: get rid of struct device's bus_id string array"), the name of device is allocated dynamically, use put_dev | ||
| CVE-2022-49818 | — | < 5.14.21-150400.24.167.1 | 5.14.21-150400.24.167.1 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: mISDN: fix misuse of put_device() in mISDN_register_device() We should not release reference by put_device() before calling device_initialize(). | ||
| CVE-2022-49813 | — | < 5.14.21-150400.24.167.1 | 5.14.21-150400.24.167.1 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: net: ena: Fix error handling in ena_init() The ena_init() won't destroy workqueue created by create_singlethread_workqueue() when pci_register_driver() failed. Call destroy_workqueue() when pci_register_driver( | ||
| CVE-2022-49812 | — | < 5.14.21-150400.24.167.1 | 5.14.21-150400.24.167.1 | May 1, 2025 | In the Linux kernel, the following vulnerability has been resolved: bridge: switchdev: Fix memory leaks when changing VLAN protocol The bridge driver can offload VLANs to the underlying hardware either via switchdev or the 8021q driver. When the former is used, the VLAN is mark |
- CVE-2022-49850May 1, 2025affected < 5.14.21-150400.24.167.1fixed 5.14.21-150400.24.167.1
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix deadlock in nilfs_count_free_blocks() A semaphore deadlock can occur if nilfs_get_block() detects metadata corruption while locating data blocks and a superblock writeback occurs at the same time:
- CVE-2022-49846May 1, 2025affected < 5.14.21-150400.24.167.1fixed 5.14.21-150400.24.167.1
In the Linux kernel, the following vulnerability has been resolved: udf: Fix a slab-out-of-bounds write bug in udf_find_entry() Syzbot reported a slab-out-of-bounds Write bug: loop0: detected capacity change from 0 to 2048 ======================================================
- CVE-2022-49845May 1, 2025affected < 5.14.21-150400.24.167.1fixed 5.14.21-150400.24.167.1
In the Linux kernel, the following vulnerability has been resolved: can: j1939: j1939_send_one(): fix missing CAN header initialization The read access to struct canxl_frame::len inside of a j1939 created skbuff revealed a missing initialization of reserved and later filled ele
- CVE-2022-49842May 1, 2025affected < 5.14.21-150400.24.167.1fixed 5.14.21-150400.24.167.1
In the Linux kernel, the following vulnerability has been resolved: ASoC: core: Fix use-after-free in snd_soc_exit() KASAN reports a use-after-free: BUG: KASAN: use-after-free in device_del+0xb5b/0xc60 Read of size 8 at addr ffff888008655050 by task rmmod/387 CPU: 2 PID: 387 C
- CVE-2022-49841May 1, 2025affected < 5.14.21-150400.24.167.1fixed 5.14.21-150400.24.167.1
In the Linux kernel, the following vulnerability has been resolved: serial: imx: Add missing .thaw_noirq hook The following warning is seen with non-console UART instance when system hibernates. [ 37.371969] ------------[ cut here ]------------ [ 37.376599] uart3_root_clk
- CVE-2022-49839May 1, 2025affected < 5.14.21-150400.24.167.1fixed 5.14.21-150400.24.167.1
In the Linux kernel, the following vulnerability has been resolved: scsi: scsi_transport_sas: Fix error handling in sas_phy_add() If transport_add_device() fails in sas_phy_add(), the kernel will crash trying to delete the device in transport_remove_device() called from sas_rem
- CVE-2022-49836May 1, 2025affected < 5.14.21-150400.24.167.1fixed 5.14.21-150400.24.167.1
In the Linux kernel, the following vulnerability has been resolved: siox: fix possible memory leak in siox_device_add() If device_register() returns error in siox_device_add(), the name allocated by dev_set_name() need be freed. As comment of device_register() says, it should u
- CVE-2022-49835May 1, 2025affected < 5.14.21-150400.24.167.1fixed 5.14.21-150400.24.167.1
In the Linux kernel, the following vulnerability has been resolved: ALSA: hda: fix potential memleak in 'add_widget_node' As 'kobject_add' may allocated memory for 'kobject->name' when return error. And in this function, if call 'kobject_add' failed didn't free kobject. So call
- CVE-2022-49834May 1, 2025affected < 5.14.21-150400.24.167.1fixed 5.14.21-150400.24.167.1
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix use-after-free bug of ns_writer on remount If a nilfs2 filesystem is downgraded to read-only due to metadata corruption on disk and is remounted read/write, or if emergency read-only remount is perf
- CVE-2022-49832May 1, 2025affected < 5.14.21-150400.24.167.1fixed 5.14.21-150400.24.167.1
In the Linux kernel, the following vulnerability has been resolved: pinctrl: devicetree: fix null pointer dereferencing in pinctrl_dt_to_map Here is the BUG report by KASAN about null pointer dereference: BUG: KASAN: null-ptr-deref in strcmp+0x2e/0x50 Read of size 1 at addr 00
- CVE-2022-49830May 1, 2025affected < 5.14.21-150400.24.167.1fixed 5.14.21-150400.24.167.1
In the Linux kernel, the following vulnerability has been resolved: drm/drv: Fix potential memory leak in drm_dev_init() drm_dev_init() will add drm_dev_init_release() as a callback. When drmm_add_action() failed, the release function won't be added. As the result, the ref cnt
- CVE-2022-49827May 1, 2025affected < 5.14.21-150400.24.167.1fixed 5.14.21-150400.24.167.1
In the Linux kernel, the following vulnerability has been resolved: drm: Fix potential null-ptr-deref in drm_vblank_destroy_worker() drm_vblank_init() call drmm_add_action_or_reset() with drm_vblank_init_release() as action. If __drmm_add_action() failed, will directly call drm
- CVE-2022-49826May 1, 2025affected < 5.14.21-150400.24.167.1fixed 5.14.21-150400.24.167.1
In the Linux kernel, the following vulnerability has been resolved: ata: libata-transport: fix double ata_host_put() in ata_tport_add() In the error path in ata_tport_add(), when calling put_device(), ata_tport_release() is called, it will put the refcount of 'ap->host'. And t
- CVE-2022-49825May 1, 2025affected < 5.14.21-150400.24.167.1fixed 5.14.21-150400.24.167.1
In the Linux kernel, the following vulnerability has been resolved: ata: libata-transport: fix error handling in ata_tport_add() In ata_tport_add(), the return value of transport_add_device() is not checked. As a result, it causes null-ptr-deref while removing the module, becau
- CVE-2022-49824May 1, 2025affected < 5.14.21-150400.24.167.1fixed 5.14.21-150400.24.167.1
In the Linux kernel, the following vulnerability has been resolved: ata: libata-transport: fix error handling in ata_tlink_add() In ata_tlink_add(), the return value of transport_add_device() is not checked. As a result, it causes null-ptr-deref while removing the module, becau
- CVE-2022-49823May 1, 2025affected < 5.14.21-150400.24.167.1fixed 5.14.21-150400.24.167.1
In the Linux kernel, the following vulnerability has been resolved: ata: libata-transport: fix error handling in ata_tdev_add() In ata_tdev_add(), the return value of transport_add_device() is not checked. As a result, it causes null-ptr-deref while removing the module, because
- CVE-2022-49821May 1, 2025affected < 5.14.21-150400.24.167.1fixed 5.14.21-150400.24.167.1
In the Linux kernel, the following vulnerability has been resolved: mISDN: fix possible memory leak in mISDN_dsp_element_register() Afer commit 1fa5ae857bb1 ("driver core: get rid of struct device's bus_id string array"), the name of device is allocated dynamically, use put_dev
- CVE-2022-49818May 1, 2025affected < 5.14.21-150400.24.167.1fixed 5.14.21-150400.24.167.1
In the Linux kernel, the following vulnerability has been resolved: mISDN: fix misuse of put_device() in mISDN_register_device() We should not release reference by put_device() before calling device_initialize().
- CVE-2022-49813May 1, 2025affected < 5.14.21-150400.24.167.1fixed 5.14.21-150400.24.167.1
In the Linux kernel, the following vulnerability has been resolved: net: ena: Fix error handling in ena_init() The ena_init() won't destroy workqueue created by create_singlethread_workqueue() when pci_register_driver() failed. Call destroy_workqueue() when pci_register_driver(
- CVE-2022-49812May 1, 2025affected < 5.14.21-150400.24.167.1fixed 5.14.21-150400.24.167.1
In the Linux kernel, the following vulnerability has been resolved: bridge: switchdev: Fix memory leaks when changing VLAN protocol The bridge driver can offload VLANs to the underlying hardware either via switchdev or the 8021q driver. When the former is used, the VLAN is mark
Page 60 of 143