rpm package
suse/kernel-source-rt&distro=SUSE Linux Enterprise Micro 5.2
pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.2
Vulnerabilities (1,394)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-26704 | — | < 5.3.18-150300.166.1 | 5.3.18-150300.166.1 | Apr 3, 2024 | In the Linux kernel, the following vulnerability has been resolved: ext4: fix double-free of blocks due to wrong extents moved_len In ext4_move_extents(), moved_len is only updated when all moves are successfully executed, and only discards orig_inode and donor_inode preallocat | ||
| CVE-2024-26689 | — | < 5.3.18-150300.169.1 | 5.3.18-150300.169.1 | Apr 3, 2024 | In the Linux kernel, the following vulnerability has been resolved: ceph: prevent use-after-free in encode_cap_msg() In fs/ceph/caps.c, in encode_cap_msg(), "use after free" error was caught by KASAN at this line - 'ceph_buffer_get(arg->xattr_buf);'. This implies before the ref | ||
| CVE-2024-26688 | — | < 5.3.18-150300.169.1 | 5.3.18-150300.169.1 | Apr 3, 2024 | In the Linux kernel, the following vulnerability has been resolved: fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super When configuring a hugetlb filesystem via the fsconfig() syscall, there is a possible NULL dereference in hugetlbfs_fill_super() caused by assigni | ||
| CVE-2023-52628 | — | < 5.3.18-150300.166.1 | 5.3.18-150300.166.1 | Mar 28, 2024 | In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: exthdr: fix 4-byte stack OOB write If priv->len is a multiple of 4, then dst[len / 4] can write past the destination array which leads to stack corruption. This construct is necessary to c | ||
| CVE-2021-47180 | — | < 5.3.18-150300.166.1 | 5.3.18-150300.166.1 | Mar 25, 2024 | In the Linux kernel, the following vulnerability has been resolved: NFC: nci: fix memory leak in nci_allocate_device nfcmrvl_disconnect fails to free the hci_dev field in struct nci_dev. Fix this by freeing hci_dev in nci_free_device. BUG: memory leak unreferenced object 0xfff | ||
| CVE-2021-47179 | — | < 5.3.18-150300.166.1 | 5.3.18-150300.166.1 | Mar 25, 2024 | In the Linux kernel, the following vulnerability has been resolved: NFSv4: Fix a NULL pointer dereference in pnfs_mark_matching_lsegs_return() Commit de144ff4234f changes _pnfs_return_layout() to call pnfs_mark_matching_lsegs_return() passing NULL as the struct pnfs_layout_rang | ||
| CVE-2021-47177 | — | < 5.3.18-150300.166.1 | 5.3.18-150300.166.1 | Mar 25, 2024 | In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix sysfs leak in alloc_iommu() iommu_device_sysfs_add() is called before, so is has to be cleaned on subsequent errors. | ||
| CVE-2021-47176 | — | < 5.3.18-150300.166.1 | 5.3.18-150300.166.1 | Mar 25, 2024 | In the Linux kernel, the following vulnerability has been resolved: s390/dasd: add missing discipline function Fix crash with illegal operation exception in dasd_device_tasklet. Commit b72949328869 ("s390/dasd: Prepare for additional path event handling") renamed the verify_pat | ||
| CVE-2021-47175 | — | < 5.3.18-150300.166.1 | 5.3.18-150300.166.1 | Mar 25, 2024 | In the Linux kernel, the following vulnerability has been resolved: net/sched: fq_pie: fix OOB access in the traffic path the following script: # tc qdisc add dev eth0 handle 0x1 root fq_pie flows 2 # tc qdisc add dev eth0 clsact # tc filter add dev eth0 egress matchall | ||
| CVE-2021-47174 | — | < 5.3.18-150300.166.1 | 5.3.18-150300.166.1 | Mar 25, 2024 | In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo_avx2: Add irq_fpu_usable() check, fallback to non-AVX2 version Arturo reported this backtrace: [709732.358791] WARNING: CPU: 3 PID: 456 at arch/x86/kernel/fpu/core.c:128 kernel_fpu_be | ||
| CVE-2021-47173 | — | < 5.3.18-150300.166.1 | 5.3.18-150300.166.1 | Mar 25, 2024 | In the Linux kernel, the following vulnerability has been resolved: misc/uss720: fix memory leak in uss720_probe uss720_probe forgets to decrease the refcount of usbdev in uss720_probe. Fix this by decreasing the refcount of usbdev by usb_put_dev. BUG: memory leak unreferenced | ||
| CVE-2021-47172 | — | < 5.3.18-150300.166.1 | 5.3.18-150300.166.1 | Mar 25, 2024 | In the Linux kernel, the following vulnerability has been resolved: iio: adc: ad7124: Fix potential overflow due to non sequential channel numbers Channel numbering must start at 0 and then not have any holes, or it is possible to overflow the available storage. Note this bug | ||
| CVE-2021-47171 | — | < 5.3.18-150300.166.1 | 5.3.18-150300.166.1 | Mar 25, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: usb: fix memory leak in smsc75xx_bind Syzbot reported memory leak in smsc75xx_bind(). The problem was is non-freed memory in case of errors after memory allocation. backtrace: [] kmall | ||
| CVE-2021-47170 | — | < 5.3.18-150300.166.1 | 5.3.18-150300.166.1 | Mar 25, 2024 | In the Linux kernel, the following vulnerability has been resolved: USB: usbfs: Don't WARN about excessively large memory allocations Syzbot found that the kernel generates a WARNing if the user tries to submit a bulk transfer through usbfs with a buffer that is way too large. | ||
| CVE-2021-47169 | — | < 5.3.18-150300.166.1 | 5.3.18-150300.166.1 | Mar 25, 2024 | In the Linux kernel, the following vulnerability has been resolved: serial: rp2: use 'request_firmware' instead of 'request_firmware_nowait' In 'rp2_probe', the driver registers 'rp2_uart_interrupt' then calls 'rp2_fw_cb' through 'request_firmware_nowait'. In 'rp2_fw_cb', if th | ||
| CVE-2021-47168 | — | < 5.3.18-150300.166.1 | 5.3.18-150300.166.1 | Mar 25, 2024 | In the Linux kernel, the following vulnerability has been resolved: NFS: fix an incorrect limit in filelayout_decode_layout() The "sizeof(struct nfs_fh)" is two bytes too large and could lead to memory corruption. It should be NFS_MAXFHSIZE because that's the size of the ->dat | ||
| CVE-2021-47167 | — | < 5.3.18-150300.166.1 | 5.3.18-150300.166.1 | Mar 25, 2024 | In the Linux kernel, the following vulnerability has been resolved: NFS: Fix an Oopsable condition in __nfs_pageio_add_request() Ensure that nfs_pageio_error_cleanup() resets the mirror array contents, so that the structure reflects the fact that it is now empty. Also change th | ||
| CVE-2021-47166 | — | < 5.3.18-150300.166.1 | 5.3.18-150300.166.1 | Mar 25, 2024 | In the Linux kernel, the following vulnerability has been resolved: NFS: Don't corrupt the value of pg_bytes_written in nfs_do_recoalesce() The value of mirror->pg_bytes_written should only be updated after a successful attempt to flush out the requests on the list. | ||
| CVE-2021-47165 | — | < 5.3.18-150300.166.1 | 5.3.18-150300.166.1 | Mar 25, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/meson: fix shutdown crash when component not probed When main component is not probed, by example when the dw-hdmi module is not loaded yet or in probe defer, the following crash appears on shutdown: Unabl | ||
| CVE-2021-47164 | — | < 5.3.18-150300.166.1 | 5.3.18-150300.166.1 | Mar 25, 2024 | In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix null deref accessing lag dev It could be the lag dev is null so stop processing the event. In bond_enslave() the active/backup slave being set before setting the upper dev so first event is witho |
- CVE-2024-26704Apr 3, 2024affected < 5.3.18-150300.166.1fixed 5.3.18-150300.166.1
In the Linux kernel, the following vulnerability has been resolved: ext4: fix double-free of blocks due to wrong extents moved_len In ext4_move_extents(), moved_len is only updated when all moves are successfully executed, and only discards orig_inode and donor_inode preallocat
- CVE-2024-26689Apr 3, 2024affected < 5.3.18-150300.169.1fixed 5.3.18-150300.169.1
In the Linux kernel, the following vulnerability has been resolved: ceph: prevent use-after-free in encode_cap_msg() In fs/ceph/caps.c, in encode_cap_msg(), "use after free" error was caught by KASAN at this line - 'ceph_buffer_get(arg->xattr_buf);'. This implies before the ref
- CVE-2024-26688Apr 3, 2024affected < 5.3.18-150300.169.1fixed 5.3.18-150300.169.1
In the Linux kernel, the following vulnerability has been resolved: fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super When configuring a hugetlb filesystem via the fsconfig() syscall, there is a possible NULL dereference in hugetlbfs_fill_super() caused by assigni
- CVE-2023-52628Mar 28, 2024affected < 5.3.18-150300.166.1fixed 5.3.18-150300.166.1
In the Linux kernel, the following vulnerability has been resolved: netfilter: nftables: exthdr: fix 4-byte stack OOB write If priv->len is a multiple of 4, then dst[len / 4] can write past the destination array which leads to stack corruption. This construct is necessary to c
- CVE-2021-47180Mar 25, 2024affected < 5.3.18-150300.166.1fixed 5.3.18-150300.166.1
In the Linux kernel, the following vulnerability has been resolved: NFC: nci: fix memory leak in nci_allocate_device nfcmrvl_disconnect fails to free the hci_dev field in struct nci_dev. Fix this by freeing hci_dev in nci_free_device. BUG: memory leak unreferenced object 0xfff
- CVE-2021-47179Mar 25, 2024affected < 5.3.18-150300.166.1fixed 5.3.18-150300.166.1
In the Linux kernel, the following vulnerability has been resolved: NFSv4: Fix a NULL pointer dereference in pnfs_mark_matching_lsegs_return() Commit de144ff4234f changes _pnfs_return_layout() to call pnfs_mark_matching_lsegs_return() passing NULL as the struct pnfs_layout_rang
- CVE-2021-47177Mar 25, 2024affected < 5.3.18-150300.166.1fixed 5.3.18-150300.166.1
In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix sysfs leak in alloc_iommu() iommu_device_sysfs_add() is called before, so is has to be cleaned on subsequent errors.
- CVE-2021-47176Mar 25, 2024affected < 5.3.18-150300.166.1fixed 5.3.18-150300.166.1
In the Linux kernel, the following vulnerability has been resolved: s390/dasd: add missing discipline function Fix crash with illegal operation exception in dasd_device_tasklet. Commit b72949328869 ("s390/dasd: Prepare for additional path event handling") renamed the verify_pat
- CVE-2021-47175Mar 25, 2024affected < 5.3.18-150300.166.1fixed 5.3.18-150300.166.1
In the Linux kernel, the following vulnerability has been resolved: net/sched: fq_pie: fix OOB access in the traffic path the following script: # tc qdisc add dev eth0 handle 0x1 root fq_pie flows 2 # tc qdisc add dev eth0 clsact # tc filter add dev eth0 egress matchall
- CVE-2021-47174Mar 25, 2024affected < 5.3.18-150300.166.1fixed 5.3.18-150300.166.1
In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_pipapo_avx2: Add irq_fpu_usable() check, fallback to non-AVX2 version Arturo reported this backtrace: [709732.358791] WARNING: CPU: 3 PID: 456 at arch/x86/kernel/fpu/core.c:128 kernel_fpu_be
- CVE-2021-47173Mar 25, 2024affected < 5.3.18-150300.166.1fixed 5.3.18-150300.166.1
In the Linux kernel, the following vulnerability has been resolved: misc/uss720: fix memory leak in uss720_probe uss720_probe forgets to decrease the refcount of usbdev in uss720_probe. Fix this by decreasing the refcount of usbdev by usb_put_dev. BUG: memory leak unreferenced
- CVE-2021-47172Mar 25, 2024affected < 5.3.18-150300.166.1fixed 5.3.18-150300.166.1
In the Linux kernel, the following vulnerability has been resolved: iio: adc: ad7124: Fix potential overflow due to non sequential channel numbers Channel numbering must start at 0 and then not have any holes, or it is possible to overflow the available storage. Note this bug
- CVE-2021-47171Mar 25, 2024affected < 5.3.18-150300.166.1fixed 5.3.18-150300.166.1
In the Linux kernel, the following vulnerability has been resolved: net: usb: fix memory leak in smsc75xx_bind Syzbot reported memory leak in smsc75xx_bind(). The problem was is non-freed memory in case of errors after memory allocation. backtrace: [] kmall
- CVE-2021-47170Mar 25, 2024affected < 5.3.18-150300.166.1fixed 5.3.18-150300.166.1
In the Linux kernel, the following vulnerability has been resolved: USB: usbfs: Don't WARN about excessively large memory allocations Syzbot found that the kernel generates a WARNing if the user tries to submit a bulk transfer through usbfs with a buffer that is way too large.
- CVE-2021-47169Mar 25, 2024affected < 5.3.18-150300.166.1fixed 5.3.18-150300.166.1
In the Linux kernel, the following vulnerability has been resolved: serial: rp2: use 'request_firmware' instead of 'request_firmware_nowait' In 'rp2_probe', the driver registers 'rp2_uart_interrupt' then calls 'rp2_fw_cb' through 'request_firmware_nowait'. In 'rp2_fw_cb', if th
- CVE-2021-47168Mar 25, 2024affected < 5.3.18-150300.166.1fixed 5.3.18-150300.166.1
In the Linux kernel, the following vulnerability has been resolved: NFS: fix an incorrect limit in filelayout_decode_layout() The "sizeof(struct nfs_fh)" is two bytes too large and could lead to memory corruption. It should be NFS_MAXFHSIZE because that's the size of the ->dat
- CVE-2021-47167Mar 25, 2024affected < 5.3.18-150300.166.1fixed 5.3.18-150300.166.1
In the Linux kernel, the following vulnerability has been resolved: NFS: Fix an Oopsable condition in __nfs_pageio_add_request() Ensure that nfs_pageio_error_cleanup() resets the mirror array contents, so that the structure reflects the fact that it is now empty. Also change th
- CVE-2021-47166Mar 25, 2024affected < 5.3.18-150300.166.1fixed 5.3.18-150300.166.1
In the Linux kernel, the following vulnerability has been resolved: NFS: Don't corrupt the value of pg_bytes_written in nfs_do_recoalesce() The value of mirror->pg_bytes_written should only be updated after a successful attempt to flush out the requests on the list.
- CVE-2021-47165Mar 25, 2024affected < 5.3.18-150300.166.1fixed 5.3.18-150300.166.1
In the Linux kernel, the following vulnerability has been resolved: drm/meson: fix shutdown crash when component not probed When main component is not probed, by example when the dw-hdmi module is not loaded yet or in probe defer, the following crash appears on shutdown: Unabl
- CVE-2021-47164Mar 25, 2024affected < 5.3.18-150300.166.1fixed 5.3.18-150300.166.1
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix null deref accessing lag dev It could be the lag dev is null so stop processing the event. In bond_enslave() the active/backup slave being set before setting the upper dev so first event is witho
Page 57 of 70