VYPR

rpm package

suse/kernel-source-rt&distro=SUSE Linux Enterprise Micro 5.2

pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.2

Vulnerabilities (1,394)

  • CVE-2022-48654Apr 28, 2024
    affected < 5.3.18-150300.169.1fixed 5.3.18-150300.169.1

    In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlink_osf: fix possible bogus match in nf_osf_find() nf_osf_find() incorrectly returns true on mismatch, this leads to copying uninitialized memory area in nft_osf which can be used to leak stale

  • CVE-2022-48651Apr 28, 2024
    affected < 5.3.18-150300.169.1fixed 5.3.18-150300.169.1

    In the Linux kernel, the following vulnerability has been resolved: ipvlan: Fix out-of-bound bugs caused by unset skb->mac_header If an AF_PACKET socket is used to send packets through ipvlan and the default xmit function of the AF_PACKET socket is changed from dev_queue_xmit()

  • CVE-2022-48650Apr 28, 2024
    affected < 5.3.18-150300.169.1fixed 5.3.18-150300.169.1

    In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix memory leak in __qlt_24xx_handle_abts() Commit 8f394da36a36 ("scsi: qla2xxx: Drop TARGET_SCF_LOOKUP_LUN_FROM_TAG") made the __qlt_24xx_handle_abts() function return early if tcm_qla2xxx_find_

  • CVE-2022-48638Apr 28, 2024
    affected < 5.3.18-150300.169.1fixed 5.3.18-150300.169.1

    In the Linux kernel, the following vulnerability has been resolved: cgroup: cgroup_get_from_id() must check the looked-up kn is a directory cgroup has to be one kernfs dir, otherwise kernel panic is caused, especially cgroup id is provide from userspace.

  • CVE-2022-48636Apr 28, 2024
    affected < 5.3.18-150300.172.1fixed 5.3.18-150300.172.1

    In the Linux kernel, the following vulnerability has been resolved: s390/dasd: fix Oops in dasd_alias_get_start_dev due to missing pavgroup Fix Oops in dasd_alias_get_start_dev() function caused by the pavgroup pointer being NULL. The pavgroup pointer is checked on the entranc

  • CVE-2022-48631Apr 28, 2024
    affected < 5.3.18-150300.169.1fixed 5.3.18-150300.169.1

    In the Linux kernel, the following vulnerability has been resolved: ext4: fix bug in extents parsing when eh_entries == 0 and eh_depth > 0 When walking through an inode extents, the ext4_ext_binsearch_idx() function assumes that the extent header has been previously validated.

  • CVE-2024-26925MedApr 25, 2024
    affected < 5.3.18-150300.172.1fixed 5.3.18-150300.172.1

    In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: release mutex after nft_gc_seq_end from abort path The commit mutex should not be released during the critical section between nft_gc_seq_begin() and nft_gc_seq_end(), otherwise, async GC

  • CVE-2024-26924Apr 24, 2024
    affected < 5.3.18-150300.214.1fixed 5.3.18-150300.214.1

    In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo: do not free live element Pablo reports a crash with large batches of elements with a back-to-back add/remove pattern. Quoting Pablo: add_elem("00000000") timeout 100 ms ... ad

  • CVE-2024-26921Apr 18, 2024
    affected < 5.3.18-150300.172.1fixed 5.3.18-150300.172.1

    In the Linux kernel, the following vulnerability has been resolved: inet: inet_defrag: prevent sk release while still in use ip_local_out() and other functions can pass skb->sk as function argument. If the skb is a fragment and reassembly happens before such function call retu

  • CVE-2024-26906MedApr 17, 2024
    affected < 5.3.18-150300.169.1fixed 5.3.18-150300.169.1

    In the Linux kernel, the following vulnerability has been resolved: x86/mm: Disallow vsyscall page read for copy_from_kernel_nofault() When trying to use copy_from_kernel_nofault() to read vsyscall page through a bpf program, the following oops was reported: BUG: unable to h

  • CVE-2024-26903MedApr 17, 2024
    affected < 5.3.18-150300.169.1fixed 5.3.18-150300.169.1

    In the Linux kernel, the following vulnerability has been resolved: Bluetooth: rfcomm: Fix null-ptr-deref in rfcomm_check_security During our fuzz testing of the connection and disconnection process at the RFCOMM layer, we discovered this bug. By comparing the packets from a no

  • CVE-2024-26898HigApr 17, 2024
    affected < 5.3.18-150300.169.1fixed 5.3.18-150300.169.1

    In the Linux kernel, the following vulnerability has been resolved: aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts This patch is against CVE-2023-6270. The description of cve is: A flaw was found in the ATA over Ethernet (AoE) driver in the Linux kernel.

  • CVE-2024-26852HigApr 17, 2024
    affected < 5.3.18-150300.169.1fixed 5.3.18-150300.169.1

    In the Linux kernel, the following vulnerability has been resolved: net/ipv6: avoid possible UAF in ip6_route_mpath_notify() syzbot found another use-after-free in ip6_route_mpath_notify() [1] Commit f7225172f25a ("net/ipv6: prevent use after free in ip6_route_mpath_notify") w

  • CVE-2024-26862Apr 17, 2024
    affected < 5.3.18-150300.169.1fixed 5.3.18-150300.169.1

    In the Linux kernel, the following vulnerability has been resolved: packet: annotate data-races around ignore_outgoing ignore_outgoing is read locklessly from dev_queue_xmit_nit() and packet_getsockopt() Add appropriate READ_ONCE()/WRITE_ONCE() annotations. syzbot reported:

  • CVE-2024-26840Apr 17, 2024
    affected < 5.3.18-150300.169.1fixed 5.3.18-150300.169.1

    In the Linux kernel, the following vulnerability has been resolved: cachefiles: fix memory leak in cachefiles_add_cache() The following memory leak was reported after unbinding /dev/cachefiles: ================================================================== unreferenced obj

  • CVE-2024-26832Apr 17, 2024
    affected < 5.3.18-150300.235.1fixed 5.3.18-150300.235.1

    In the Linux kernel, the following vulnerability has been resolved: mm: zswap: fix missing folio cleanup in writeback race path In zswap_writeback_entry(), after we get a folio from __read_swap_cache_async(), we grab the tree lock again to check that the swap entry was not inva

  • CVE-2024-26828Apr 17, 2024
    affected < 5.3.18-150300.172.1fixed 5.3.18-150300.172.1

    In the Linux kernel, the following vulnerability has been resolved: cifs: fix underflow in parse_server_interfaces() In this loop, we step through the buffer and after each item we check if the size_left is greater than the minimum size we need. However, the problem is that "b

  • CVE-2024-26822Apr 17, 2024
    affected < 5.3.18-150300.175.1fixed 5.3.18-150300.175.1

    In the Linux kernel, the following vulnerability has been resolved: smb: client: set correct id, uid and cruid for multiuser automounts When uid, gid and cruid are not specified, we need to dynamically set them into the filesystem context used for automounting otherwise they'll

  • CVE-2021-47219Apr 10, 2024
    affected < 5.3.18-150300.178.1fixed 5.3.18-150300.178.1

    In the Linux kernel, the following vulnerability has been resolved: scsi: scsi_debug: Fix out-of-bound read in resp_report_tgtpgs() The following issue was observed running syzkaller: BUG: KASAN: slab-out-of-bounds in memcpy include/linux/string.h:377 [inline] BUG: KASAN: slab

  • CVE-2021-47216Apr 10, 2024
    affected < 5.3.18-150300.169.1fixed 5.3.18-150300.169.1

    In the Linux kernel, the following vulnerability has been resolved: scsi: advansys: Fix kernel pointer leak Pointers should be printed with %p or %px rather than cast to 'unsigned long' and printed with %lx. Change %lx to %p to print the hashed pointer.

Page 55 of 70