rpm package
suse/kernel-source-rt&distro=SUSE Linux Enterprise Micro 5.1
pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.1
Vulnerabilities (1,237)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-42271 | — | < 5.3.18-150300.181.2 | 5.3.18-150300.181.2 | Aug 17, 2024 | In the Linux kernel, the following vulnerability has been resolved: net/iucv: fix use after free in iucv_sock_close() iucv_sever_path() is called from process context and from bh context. iucv->path is used as indicator whether somebody else is taking care of severing the path | ||
| CVE-2024-42232 | — | < 5.3.18-150300.181.2 | 5.3.18-150300.181.2 | Aug 7, 2024 | In the Linux kernel, the following vulnerability has been resolved: libceph: fix race between delayed_work() and ceph_monc_stop() The way the delayed work is handled in ceph_monc_stop() is prone to races with mon_fault() and possibly also finish_hunting(). Both of these can re | ||
| CVE-2024-42145 | — | < 5.3.18-150300.178.1 | 5.3.18-150300.178.1 | Jul 30, 2024 | In the Linux kernel, the following vulnerability has been resolved: IB/core: Implement a limit on UMAD receive List The existing behavior of ib_umad, which maintains received MAD packets in an unbounded list, poses a risk of uncontrolled growth. As user-space applications extra | ||
| CVE-2024-42077 | — | < 5.3.18-150300.181.2 | 5.3.18-150300.181.2 | Jul 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix DIO failure due to insufficient transaction credits The code in ocfs2_dio_end_io_write() estimates number of necessary transaction credits using ocfs2_calc_extend_credits(). This however does not ta | ||
| CVE-2024-41087 | — | < 5.3.18-150300.181.2 | 5.3.18-150300.181.2 | Jul 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: ata: libata-core: Fix double free on error If e.g. the ata_port_alloc() call in ata_host_alloc() fails, we will jump to the err_out label, which will call devres_release_group(). devres_release_group() will tri | ||
| CVE-2024-41069 | — | < 5.3.18-150300.178.1 | 5.3.18-150300.178.1 | Jul 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: ASoC: topology: Fix references to freed memory Most users after parsing a topology file, release memory used by it, so having pointer references directly into topology file contents is wrong. Use devm_kmemdup() | ||
| CVE-2024-41062 | — | < 5.3.18-150300.181.2 | 5.3.18-150300.181.2 | Jul 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: bluetooth/l2cap: sync sock recv cb and release The problem occurs between the system call to close the sock and hci_rx_work, where the former releases the sock and the latter accesses it without lock protection | ||
| CVE-2024-41059 | — | < 5.3.18-150300.178.1 | 5.3.18-150300.178.1 | Jul 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix uninit-value in copy_name [syzbot reported] BUG: KMSAN: uninit-value in sized_strscpy+0xc4/0x160 sized_strscpy+0xc4/0x160 copy_name+0x2af/0x320 fs/hfsplus/xattr.c:411 hfsplus_listxattr+0x11e9/0x | ||
| CVE-2024-41090 | — | < 5.3.18-150300.178.1 | 5.3.18-150300.178.1 | Jul 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: tap: add missing verification for short frame The cited commit missed to check against the validity of the frame length in the tap_get_user_xdp() path, which could cause a corrupted skb to be sent downstack. Ev | ||
| CVE-2024-41011 | — | < 5.3.18-150300.178.1 | 5.3.18-150300.178.1 | Jul 18, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: don't allow mapping the MMIO HDP page with large pages We don't get the right offset in that case. The GPU has an unused 4K area of the register BAR space into which you can remap registers. We re | ||
| CVE-2024-41009 | — | < 5.3.18-150300.181.2 | 5.3.18-150300.181.2 | Jul 17, 2024 | In the Linux kernel, the following vulnerability has been resolved: bpf: Fix overrunning reservations in ringbuf The BPF ring buffer internally is implemented as a power-of-2 sized circular buffer, with two logical and ever-increasing counters: consumer_pos is the consumer coun | ||
| CVE-2022-48858 | — | < 5.3.18-150300.181.2 | 5.3.18-150300.181.2 | Jul 16, 2024 | In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix a race on command flush flow Fix a refcount use after free warning due to a race on command entry. Such race occurs when one of the commands releases its last refcount and frees its index and entr | ||
| CVE-2022-48857 | — | < 5.3.18-150300.181.2 | 5.3.18-150300.181.2 | Jul 16, 2024 | In the Linux kernel, the following vulnerability has been resolved: NFC: port100: fix use-after-free in port100_send_complete Syzbot reported UAF in port100_send_complete(). The root case is in missing usb_kill_urb() calls on error handling path of ->probe function. port100_se | ||
| CVE-2022-48856 | — | < 5.3.18-150300.181.2 | 5.3.18-150300.181.2 | Jul 16, 2024 | In the Linux kernel, the following vulnerability has been resolved: gianfar: ethtool: Fix refcount leak in gfar_get_ts_info The of_find_compatible_node() function returns a node pointer with refcount incremented, We should use of_node_put() on it when done Add the missing of_no | ||
| CVE-2022-48853 | — | < 5.3.18-150300.181.2 | 5.3.18-150300.181.2 | Jul 16, 2024 | In the Linux kernel, the following vulnerability has been resolved: swiotlb: fix info leak with DMA_FROM_DEVICE The problem I'm addressing was discovered by the LTP test covering cve-2018-1000204. A short description of what happens follows: 1) The test case issues a command c | ||
| CVE-2022-48851 | — | < 5.3.18-150300.181.2 | 5.3.18-150300.181.2 | Jul 16, 2024 | In the Linux kernel, the following vulnerability has been resolved: staging: gdm724x: fix use after free in gdm_lte_rx() The netif_rx_ni() function frees the skb so we can't dereference it to save the skb->len. | ||
| CVE-2022-48839 | — | < 5.3.18-150300.181.2 | 5.3.18-150300.181.2 | Jul 16, 2024 | In the Linux kernel, the following vulnerability has been resolved: net/packet: fix slab-out-of-bounds access in packet_recvmsg() syzbot found that when an AF_PACKET socket is using PACKET_COPY_THRESH and mmap operations, tpacket_rcv() is queueing skbs with garbage in skb->cb[] | ||
| CVE-2022-48838 | — | < 5.3.18-150300.181.2 | 5.3.18-150300.181.2 | Jul 16, 2024 | In the Linux kernel, the following vulnerability has been resolved: usb: gadget: Fix use-after-free bug by not setting udc->dev.driver The syzbot fuzzer found a use-after-free bug: BUG: KASAN: use-after-free in dev_uevent+0x712/0x780 drivers/base/core.c:2320 Read of size 8 at | ||
| CVE-2022-48837 | — | < 5.3.18-150300.181.2 | 5.3.18-150300.181.2 | Jul 16, 2024 | In the Linux kernel, the following vulnerability has been resolved: usb: gadget: rndis: prevent integer overflow in rndis_set_response() If "BufOffset" is very large the "BufOffset + 8" operation can have an integer overflow. | ||
| CVE-2022-48836 | — | < 5.3.18-150300.181.2 | 5.3.18-150300.181.2 | Jul 16, 2024 | In the Linux kernel, the following vulnerability has been resolved: Input: aiptek - properly check endpoint type Syzbot reported warning in usb_submit_urb() which is caused by wrong endpoint type. There was a check for the number of endpoints, but not for the type of endpoint. |
- CVE-2024-42271Aug 17, 2024affected < 5.3.18-150300.181.2fixed 5.3.18-150300.181.2
In the Linux kernel, the following vulnerability has been resolved: net/iucv: fix use after free in iucv_sock_close() iucv_sever_path() is called from process context and from bh context. iucv->path is used as indicator whether somebody else is taking care of severing the path
- CVE-2024-42232Aug 7, 2024affected < 5.3.18-150300.181.2fixed 5.3.18-150300.181.2
In the Linux kernel, the following vulnerability has been resolved: libceph: fix race between delayed_work() and ceph_monc_stop() The way the delayed work is handled in ceph_monc_stop() is prone to races with mon_fault() and possibly also finish_hunting(). Both of these can re
- CVE-2024-42145Jul 30, 2024affected < 5.3.18-150300.178.1fixed 5.3.18-150300.178.1
In the Linux kernel, the following vulnerability has been resolved: IB/core: Implement a limit on UMAD receive List The existing behavior of ib_umad, which maintains received MAD packets in an unbounded list, poses a risk of uncontrolled growth. As user-space applications extra
- CVE-2024-42077Jul 29, 2024affected < 5.3.18-150300.181.2fixed 5.3.18-150300.181.2
In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix DIO failure due to insufficient transaction credits The code in ocfs2_dio_end_io_write() estimates number of necessary transaction credits using ocfs2_calc_extend_credits(). This however does not ta
- CVE-2024-41087Jul 29, 2024affected < 5.3.18-150300.181.2fixed 5.3.18-150300.181.2
In the Linux kernel, the following vulnerability has been resolved: ata: libata-core: Fix double free on error If e.g. the ata_port_alloc() call in ata_host_alloc() fails, we will jump to the err_out label, which will call devres_release_group(). devres_release_group() will tri
- CVE-2024-41069Jul 29, 2024affected < 5.3.18-150300.178.1fixed 5.3.18-150300.178.1
In the Linux kernel, the following vulnerability has been resolved: ASoC: topology: Fix references to freed memory Most users after parsing a topology file, release memory used by it, so having pointer references directly into topology file contents is wrong. Use devm_kmemdup()
- CVE-2024-41062Jul 29, 2024affected < 5.3.18-150300.181.2fixed 5.3.18-150300.181.2
In the Linux kernel, the following vulnerability has been resolved: bluetooth/l2cap: sync sock recv cb and release The problem occurs between the system call to close the sock and hci_rx_work, where the former releases the sock and the latter accesses it without lock protection
- CVE-2024-41059Jul 29, 2024affected < 5.3.18-150300.178.1fixed 5.3.18-150300.178.1
In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix uninit-value in copy_name [syzbot reported] BUG: KMSAN: uninit-value in sized_strscpy+0xc4/0x160 sized_strscpy+0xc4/0x160 copy_name+0x2af/0x320 fs/hfsplus/xattr.c:411 hfsplus_listxattr+0x11e9/0x
- CVE-2024-41090Jul 29, 2024affected < 5.3.18-150300.178.1fixed 5.3.18-150300.178.1
In the Linux kernel, the following vulnerability has been resolved: tap: add missing verification for short frame The cited commit missed to check against the validity of the frame length in the tap_get_user_xdp() path, which could cause a corrupted skb to be sent downstack. Ev
- CVE-2024-41011Jul 18, 2024affected < 5.3.18-150300.178.1fixed 5.3.18-150300.178.1
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: don't allow mapping the MMIO HDP page with large pages We don't get the right offset in that case. The GPU has an unused 4K area of the register BAR space into which you can remap registers. We re
- CVE-2024-41009Jul 17, 2024affected < 5.3.18-150300.181.2fixed 5.3.18-150300.181.2
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix overrunning reservations in ringbuf The BPF ring buffer internally is implemented as a power-of-2 sized circular buffer, with two logical and ever-increasing counters: consumer_pos is the consumer coun
- CVE-2022-48858Jul 16, 2024affected < 5.3.18-150300.181.2fixed 5.3.18-150300.181.2
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix a race on command flush flow Fix a refcount use after free warning due to a race on command entry. Such race occurs when one of the commands releases its last refcount and frees its index and entr
- CVE-2022-48857Jul 16, 2024affected < 5.3.18-150300.181.2fixed 5.3.18-150300.181.2
In the Linux kernel, the following vulnerability has been resolved: NFC: port100: fix use-after-free in port100_send_complete Syzbot reported UAF in port100_send_complete(). The root case is in missing usb_kill_urb() calls on error handling path of ->probe function. port100_se
- CVE-2022-48856Jul 16, 2024affected < 5.3.18-150300.181.2fixed 5.3.18-150300.181.2
In the Linux kernel, the following vulnerability has been resolved: gianfar: ethtool: Fix refcount leak in gfar_get_ts_info The of_find_compatible_node() function returns a node pointer with refcount incremented, We should use of_node_put() on it when done Add the missing of_no
- CVE-2022-48853Jul 16, 2024affected < 5.3.18-150300.181.2fixed 5.3.18-150300.181.2
In the Linux kernel, the following vulnerability has been resolved: swiotlb: fix info leak with DMA_FROM_DEVICE The problem I'm addressing was discovered by the LTP test covering cve-2018-1000204. A short description of what happens follows: 1) The test case issues a command c
- CVE-2022-48851Jul 16, 2024affected < 5.3.18-150300.181.2fixed 5.3.18-150300.181.2
In the Linux kernel, the following vulnerability has been resolved: staging: gdm724x: fix use after free in gdm_lte_rx() The netif_rx_ni() function frees the skb so we can't dereference it to save the skb->len.
- CVE-2022-48839Jul 16, 2024affected < 5.3.18-150300.181.2fixed 5.3.18-150300.181.2
In the Linux kernel, the following vulnerability has been resolved: net/packet: fix slab-out-of-bounds access in packet_recvmsg() syzbot found that when an AF_PACKET socket is using PACKET_COPY_THRESH and mmap operations, tpacket_rcv() is queueing skbs with garbage in skb->cb[]
- CVE-2022-48838Jul 16, 2024affected < 5.3.18-150300.181.2fixed 5.3.18-150300.181.2
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: Fix use-after-free bug by not setting udc->dev.driver The syzbot fuzzer found a use-after-free bug: BUG: KASAN: use-after-free in dev_uevent+0x712/0x780 drivers/base/core.c:2320 Read of size 8 at
- CVE-2022-48837Jul 16, 2024affected < 5.3.18-150300.181.2fixed 5.3.18-150300.181.2
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: rndis: prevent integer overflow in rndis_set_response() If "BufOffset" is very large the "BufOffset + 8" operation can have an integer overflow.
- CVE-2022-48836Jul 16, 2024affected < 5.3.18-150300.181.2fixed 5.3.18-150300.181.2
In the Linux kernel, the following vulnerability has been resolved: Input: aiptek - properly check endpoint type Syzbot reported warning in usb_submit_urb() which is caused by wrong endpoint type. There was a check for the number of endpoints, but not for the type of endpoint.
Page 33 of 62