rpm package
suse/kernel-source-rt&distro=SUSE Linux Enterprise Micro 5.2
pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.2
Vulnerabilities (1,394)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-49544 | — | < 5.3.18-150300.205.1 | 5.3.18-150300.205.1 | Feb 26, 2025 | In the Linux kernel, the following vulnerability has been resolved: ipw2x00: Fix potential NULL dereference in libipw_xmit() crypt and crypt->ops could be null, so we need to checking null before dereference | ||
| CVE-2022-49542 | — | < 5.3.18-150300.205.1 | 5.3.18-150300.205.1 | Feb 26, 2025 | In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Move cfg_log_verbose check before calling lpfc_dmp_dbg() In an attempt to log message 0126 with LOG_TRACE_EVENT, the following hard lockup call trace hangs the system. Call Trace: _raw_spin_lock_i | ||
| CVE-2022-49541 | — | < 5.3.18-150300.205.1 | 5.3.18-150300.205.1 | Feb 26, 2025 | In the Linux kernel, the following vulnerability has been resolved: cifs: fix potential double free during failed mount RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=2088799 | ||
| CVE-2022-49537 | — | < 5.3.18-150300.205.1 | 5.3.18-150300.205.1 | Feb 26, 2025 | In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix call trace observed during I/O with CMF enabled The following was seen with CMF enabled: BUG: using smp_processor_id() in preemptible code: systemd-udevd/31711 kernel: caller is lpfc_update_cmf | ||
| CVE-2022-49536 | — | < 5.3.18-150300.205.1 | 5.3.18-150300.205.1 | Feb 26, 2025 | In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix SCSI I/O completion and abort handler deadlock During stress I/O tests with 500+ vports, hard LOCKUP call traces are observed. CPU A: native_queued_spin_lock_slowpath+0x192 _raw_spin_lock_irq | ||
| CVE-2022-49535 | — | < 5.3.18-150300.205.1 | 5.3.18-150300.205.1 | Feb 26, 2025 | In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix null pointer dereference after failing to issue FLOGI and PLOGI If lpfc_issue_els_flogi() fails and returns non-zero status, the node reference count is decremented to trigger the release of the | ||
| CVE-2022-49534 | — | < 5.3.18-150300.205.1 | 5.3.18-150300.205.1 | Feb 26, 2025 | In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Protect memory leak for NPIV ports sending PLOGI_RJT There is a potential memory leak in lpfc_ignore_els_cmpl() and lpfc_els_rsp_reject() that was allocated from NPIV PLOGI_RJT (lpfc_rcv_plogi()'s l | ||
| CVE-2022-49532 | — | < 5.3.18-150300.205.1 | 5.3.18-150300.205.1 | Feb 26, 2025 | In the Linux kernel, the following vulnerability has been resolved: drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes drm_cvt_mode may return NULL and we should check it. This bug is found by syzkaller: FAULT_INJECTION stacktrace: [ 168.567394] FAULT_INJE | ||
| CVE-2022-49527 | — | < 5.3.18-150300.205.1 | 5.3.18-150300.205.1 | Feb 26, 2025 | In the Linux kernel, the following vulnerability has been resolved: media: venus: hfi: avoid null dereference in deinit If venus_probe fails at pm_runtime_put_sync the error handling first calls hfi_destroy and afterwards hfi_core_deinit. As hfi_destroy sets core->ops to NULL, | ||
| CVE-2022-49526 | — | < 5.3.18-150300.205.1 | 5.3.18-150300.205.1 | Feb 26, 2025 | In the Linux kernel, the following vulnerability has been resolved: md/bitmap: don't set sb values if can't pass sanity check If bitmap area contains invalid data, kernel will crash then mdadm triggers "Segmentation fault". This is cluster-md speical bug. In non-clustered env, | ||
| CVE-2022-49525 | — | < 5.3.18-150300.205.1 | 5.3.18-150300.205.1 | Feb 26, 2025 | In the Linux kernel, the following vulnerability has been resolved: media: cx25821: Fix the warning when removing the module When removing the module, we will get the following warning: [ 14.746697] remove_proc_entry: removing non-empty directory 'irq/21', leaking at least ' | ||
| CVE-2022-49524 | — | < 5.3.18-150300.205.1 | 5.3.18-150300.205.1 | Feb 26, 2025 | In the Linux kernel, the following vulnerability has been resolved: media: pci: cx23885: Fix the error handling in cx23885_initdev() When the driver fails to call the dma_set_mask(), the driver will get the following splat: [ 55.853884] BUG: KASAN: use-after-free in __proces | ||
| CVE-2022-49522 | — | < 5.3.18-150300.205.1 | 5.3.18-150300.205.1 | Feb 26, 2025 | In the Linux kernel, the following vulnerability has been resolved: mmc: jz4740: Apply DMA engine limits to maximum segment size Do what is done in other DMA-enabled MMC host drivers (cf. host/mmci.c) and limit the maximum segment size based on the DMA engine's capabilities. Th | ||
| CVE-2022-49521 | — | < 5.3.18-150300.205.1 | 5.3.18-150300.205.1 | Feb 26, 2025 | In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix resource leak in lpfc_sli4_send_seq_to_ulp() If no handler is found in lpfc_complete_unsol_iocb() to match the rctl of a received frame, the frame is dropped and resources are leaked. Fix by re | ||
| CVE-2022-49517 | — | < 5.3.18-150300.205.1 | 5.3.18-150300.205.1 | Feb 26, 2025 | In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: Fix missing of_node_put in mt2701_wm8960_machine_probe This node pointer is returned by of_parse_phandle() with refcount incremented in this function. Calling of_node_put() to avoid the refcount | ||
| CVE-2022-49514 | — | < 5.3.18-150300.205.1 | 5.3.18-150300.205.1 | Feb 26, 2025 | In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe Call of_node_put(platform_node) to avoid refcount leak in the error path. | ||
| CVE-2022-49508 | — | < 5.3.18-150300.205.1 | 5.3.18-150300.205.1 | Feb 26, 2025 | In the Linux kernel, the following vulnerability has been resolved: HID: elan: Fix potential double free in elan_input_configured 'input' is a managed resource allocated with devm_input_allocate_device(), so there is no need to call input_free_device() explicitly or there will | ||
| CVE-2022-49505 | — | < 5.3.18-150300.205.1 | 5.3.18-150300.205.1 | Feb 26, 2025 | In the Linux kernel, the following vulnerability has been resolved: NFC: NULL out the dev->rfkill to prevent UAF Commit 3e3b5dfcd16a ("NFC: reorder the logic in nfc_{un,}register_device") assumes the device_is_registered() in function nfc_dev_up() will help to check when the rf | ||
| CVE-2022-49504 | — | < 5.3.18-150300.205.1 | 5.3.18-150300.205.1 | Feb 26, 2025 | In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Inhibit aborts if external loopback plug is inserted After running a short external loopback test, when the external loopback is removed and a normal cable inserted that is directly connected to a t | ||
| CVE-2022-49503 | — | < 5.3.18-150300.205.1 | 5.3.18-150300.205.1 | Feb 26, 2025 | In the Linux kernel, the following vulnerability has been resolved: ath9k_htc: fix potential out of bounds access with invalid rxstatus->rs_keyix The "rxstatus->rs_keyix" eventually gets passed to test_bit() so we need to ensure that it is within the bitmap. drivers/net/wirele |
- CVE-2022-49544Feb 26, 2025affected < 5.3.18-150300.205.1fixed 5.3.18-150300.205.1
In the Linux kernel, the following vulnerability has been resolved: ipw2x00: Fix potential NULL dereference in libipw_xmit() crypt and crypt->ops could be null, so we need to checking null before dereference
- CVE-2022-49542Feb 26, 2025affected < 5.3.18-150300.205.1fixed 5.3.18-150300.205.1
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Move cfg_log_verbose check before calling lpfc_dmp_dbg() In an attempt to log message 0126 with LOG_TRACE_EVENT, the following hard lockup call trace hangs the system. Call Trace: _raw_spin_lock_i
- CVE-2022-49541Feb 26, 2025affected < 5.3.18-150300.205.1fixed 5.3.18-150300.205.1
In the Linux kernel, the following vulnerability has been resolved: cifs: fix potential double free during failed mount RHBZ: https://bugzilla.redhat.com/show_bug.cgi?id=2088799
- CVE-2022-49537Feb 26, 2025affected < 5.3.18-150300.205.1fixed 5.3.18-150300.205.1
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix call trace observed during I/O with CMF enabled The following was seen with CMF enabled: BUG: using smp_processor_id() in preemptible code: systemd-udevd/31711 kernel: caller is lpfc_update_cmf
- CVE-2022-49536Feb 26, 2025affected < 5.3.18-150300.205.1fixed 5.3.18-150300.205.1
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix SCSI I/O completion and abort handler deadlock During stress I/O tests with 500+ vports, hard LOCKUP call traces are observed. CPU A: native_queued_spin_lock_slowpath+0x192 _raw_spin_lock_irq
- CVE-2022-49535Feb 26, 2025affected < 5.3.18-150300.205.1fixed 5.3.18-150300.205.1
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix null pointer dereference after failing to issue FLOGI and PLOGI If lpfc_issue_els_flogi() fails and returns non-zero status, the node reference count is decremented to trigger the release of the
- CVE-2022-49534Feb 26, 2025affected < 5.3.18-150300.205.1fixed 5.3.18-150300.205.1
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Protect memory leak for NPIV ports sending PLOGI_RJT There is a potential memory leak in lpfc_ignore_els_cmpl() and lpfc_els_rsp_reject() that was allocated from NPIV PLOGI_RJT (lpfc_rcv_plogi()'s l
- CVE-2022-49532Feb 26, 2025affected < 5.3.18-150300.205.1fixed 5.3.18-150300.205.1
In the Linux kernel, the following vulnerability has been resolved: drm/virtio: fix NULL pointer dereference in virtio_gpu_conn_get_modes drm_cvt_mode may return NULL and we should check it. This bug is found by syzkaller: FAULT_INJECTION stacktrace: [ 168.567394] FAULT_INJE
- CVE-2022-49527Feb 26, 2025affected < 5.3.18-150300.205.1fixed 5.3.18-150300.205.1
In the Linux kernel, the following vulnerability has been resolved: media: venus: hfi: avoid null dereference in deinit If venus_probe fails at pm_runtime_put_sync the error handling first calls hfi_destroy and afterwards hfi_core_deinit. As hfi_destroy sets core->ops to NULL,
- CVE-2022-49526Feb 26, 2025affected < 5.3.18-150300.205.1fixed 5.3.18-150300.205.1
In the Linux kernel, the following vulnerability has been resolved: md/bitmap: don't set sb values if can't pass sanity check If bitmap area contains invalid data, kernel will crash then mdadm triggers "Segmentation fault". This is cluster-md speical bug. In non-clustered env,
- CVE-2022-49525Feb 26, 2025affected < 5.3.18-150300.205.1fixed 5.3.18-150300.205.1
In the Linux kernel, the following vulnerability has been resolved: media: cx25821: Fix the warning when removing the module When removing the module, we will get the following warning: [ 14.746697] remove_proc_entry: removing non-empty directory 'irq/21', leaking at least '
- CVE-2022-49524Feb 26, 2025affected < 5.3.18-150300.205.1fixed 5.3.18-150300.205.1
In the Linux kernel, the following vulnerability has been resolved: media: pci: cx23885: Fix the error handling in cx23885_initdev() When the driver fails to call the dma_set_mask(), the driver will get the following splat: [ 55.853884] BUG: KASAN: use-after-free in __proces
- CVE-2022-49522Feb 26, 2025affected < 5.3.18-150300.205.1fixed 5.3.18-150300.205.1
In the Linux kernel, the following vulnerability has been resolved: mmc: jz4740: Apply DMA engine limits to maximum segment size Do what is done in other DMA-enabled MMC host drivers (cf. host/mmci.c) and limit the maximum segment size based on the DMA engine's capabilities. Th
- CVE-2022-49521Feb 26, 2025affected < 5.3.18-150300.205.1fixed 5.3.18-150300.205.1
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix resource leak in lpfc_sli4_send_seq_to_ulp() If no handler is found in lpfc_complete_unsol_iocb() to match the rctl of a received frame, the frame is dropped and resources are leaked. Fix by re
- CVE-2022-49517Feb 26, 2025affected < 5.3.18-150300.205.1fixed 5.3.18-150300.205.1
In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: Fix missing of_node_put in mt2701_wm8960_machine_probe This node pointer is returned by of_parse_phandle() with refcount incremented in this function. Calling of_node_put() to avoid the refcount
- CVE-2022-49514Feb 26, 2025affected < 5.3.18-150300.205.1fixed 5.3.18-150300.205.1
In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: Fix error handling in mt8173_max98090_dev_probe Call of_node_put(platform_node) to avoid refcount leak in the error path.
- CVE-2022-49508Feb 26, 2025affected < 5.3.18-150300.205.1fixed 5.3.18-150300.205.1
In the Linux kernel, the following vulnerability has been resolved: HID: elan: Fix potential double free in elan_input_configured 'input' is a managed resource allocated with devm_input_allocate_device(), so there is no need to call input_free_device() explicitly or there will
- CVE-2022-49505Feb 26, 2025affected < 5.3.18-150300.205.1fixed 5.3.18-150300.205.1
In the Linux kernel, the following vulnerability has been resolved: NFC: NULL out the dev->rfkill to prevent UAF Commit 3e3b5dfcd16a ("NFC: reorder the logic in nfc_{un,}register_device") assumes the device_is_registered() in function nfc_dev_up() will help to check when the rf
- CVE-2022-49504Feb 26, 2025affected < 5.3.18-150300.205.1fixed 5.3.18-150300.205.1
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Inhibit aborts if external loopback plug is inserted After running a short external loopback test, when the external loopback is removed and a normal cable inserted that is directly connected to a t
- CVE-2022-49503Feb 26, 2025affected < 5.3.18-150300.205.1fixed 5.3.18-150300.205.1
In the Linux kernel, the following vulnerability has been resolved: ath9k_htc: fix potential out of bounds access with invalid rxstatus->rs_keyix The "rxstatus->rs_keyix" eventually gets passed to test_bit() so we need to ensure that it is within the bitmap. drivers/net/wirele
Page 25 of 70