rpm package
suse/kernel-source-rt&distro=SUSE Linux Enterprise Micro 5.2
pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.2
Vulnerabilities (1,394)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-47069 | — | < 5.3.18-150300.161.1 | 5.3.18-150300.161.1 | Mar 1, 2024 | In the Linux kernel, the following vulnerability has been resolved: ipc/mqueue, msg, sem: avoid relying on a stack reference past its expiry do_mq_timedreceive calls wq_sleep with a stack local address. The sender (do_mq_timedsend) uses this address to later call pipelined_sen | ||
| CVE-2021-47068 | — | < 5.3.18-150300.166.1 | 5.3.18-150300.166.1 | Feb 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: net/nfc: fix use-after-free llcp_sock_bind/connect Commits 8a4cd82d ("nfc: fix refcount leak in llcp_sock_connect()") and c33b1cc62 ("nfc: fix refcount leak in llcp_sock_bind()") fixed a refcount leak bug in bi | ||
| CVE-2021-47065 | — | < 5.3.18-150300.166.1 | 5.3.18-150300.166.1 | Feb 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: rtw88: Fix array overrun in rtw_get_tx_power_params() Using a kernel with the Undefined Behaviour Sanity Checker (UBSAN) enabled, the following array overrun is logged: ======================================== | ||
| CVE-2021-47063 | — | < 5.3.18-150300.166.1 | 5.3.18-150300.166.1 | Feb 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm: bridge/panel: Cleanup connector on bridge detach If we don't call drm_connector_cleanup() manually in panel_bridge_detach(), the connector will be cleaned up with the other DRM objects in the call to drm_m | ||
| CVE-2021-47061 | — | < 5.3.18-150300.161.1 | 5.3.18-150300.161.1 | Feb 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: KVM: Destroy I/O bus devices on unregister failure _after_ sync'ing SRCU If allocating a new instance of an I/O bus fails when unregistering a device, wait to destroy the device until after all readers are guar | ||
| CVE-2021-47060 | — | < 5.3.18-150300.161.1 | 5.3.18-150300.161.1 | Feb 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: KVM: Stop looking for coalesced MMIO zones if the bus is destroyed Abort the walk of coalesced MMIO zones if kvm_io_bus_unregister_dev() fails to allocate memory for the new instance of the bus. If it can't in | ||
| CVE-2021-47058 | — | < 5.3.18-150300.166.1 | 5.3.18-150300.166.1 | Feb 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: regmap: set debugfs_name to NULL after it is freed There is a upstream commit cffa4b2122f5("regmap:debugfs: Fix a memory leak when calling regmap_attach_dev") that adds a if condition when create name for debug | ||
| CVE-2021-47056 | — | < 5.3.18-150300.166.1 | 5.3.18-150300.166.1 | Feb 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: crypto: qat - ADF_STATUS_PF_RUNNING should be set after adf_dev_init ADF_STATUS_PF_RUNNING is (only) used and checked by adf_vf2pf_shutdown() before calling adf_iov_putmsg()->mutex_lock(vf2pf_lock), however the | ||
| CVE-2021-47055 | — | < 5.3.18-150300.166.1 | 5.3.18-150300.166.1 | Feb 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: mtd: require write permissions for locking and badblock ioctls MEMLOCK, MEMUNLOCK and OTPLOCK modify protection bits. Thus require write permission. Depending on the hardware MEMLOCK might even be write-once, e | ||
| CVE-2021-47054 | — | < 5.3.18-150300.161.1 | 5.3.18-150300.161.1 | Feb 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: bus: qcom: Put child node before return Put child node before return to fix potential reference count leak. Generally, the reference count of child is incremented and decremented automatically in the macro for_ | ||
| CVE-2021-47020 | — | < 5.3.18-150300.166.1 | 5.3.18-150300.166.1 | Feb 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: soundwire: stream: fix memory leak in stream config error path When stream config is failed, master runtime will release all slave runtime in the slave_rt_list, but slave runtime is not added to the list at thi | ||
| CVE-2021-46959 | — | < 5.3.18-150300.166.1 | 5.3.18-150300.166.1 | Feb 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: spi: Fix use-after-free with devm_spi_alloc_* We can't rely on the contents of the devres list during spi_unregister_controller(), as the list is already torn down at the time we perform devres_find() for devm_ | ||
| CVE-2024-26614 | — | < 5.3.18-150300.166.1 | 5.3.18-150300.166.1 | Feb 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: tcp: make sure init the accept_queue's spinlocks once When I run syz's reproduction C program locally, it causes the following issue: pvqspinlock: lock 0xffff9d181cd5c660 has corrupted value 0x0! WARNING: CPU: | ||
| CVE-2024-26610 | — | < 5.3.18-150300.169.1 | 5.3.18-150300.169.1 | Feb 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: fix a memory corruption iwl_fw_ini_trigger_tlv::data is a pointer to a __le32, which means that if we copy to iwl_fw_ini_trigger_tlv::data + offset while offset is in bytes, we'll write past the | ||
| CVE-2023-52492 | — | < 5.3.18-150300.166.1 | 5.3.18-150300.166.1 | Feb 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: dmaengine: fix NULL pointer in channel unregistration function __dma_async_device_channel_register() can fail. In case of failure, chan->local is freed (with free_percpu()), and chan->local is nullified. When d | ||
| CVE-2024-26607 | — | < 5.3.18-150300.161.1 | 5.3.18-150300.161.1 | Feb 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/bridge: sii902x: Fix probing race issue A null pointer dereference crash has been observed rarely on TI platforms using sii9022 bridge: [ 53.271356] sii902x_get_edid+0x34/0x70 [sii902x] [ 53.276066] | ||
| CVE-2023-52482 | — | < 5.3.18-150300.161.1 | 5.3.18-150300.161.1 | Feb 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: x86/srso: Add SRSO mitigation for Hygon processors Add mitigation for the speculative return stack overflow vulnerability which exists on Hygon processors too. | ||
| CVE-2023-52478 | — | < 5.3.18-150300.161.1 | 5.3.18-150300.161.1 | Feb 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect hidpp_connect_event() has *four* time-of-check vs time-of-use (TOCTOU) races when it races with itself. hidpp_connect_event() primarily runs fro | ||
| CVE-2023-52477 | — | < 5.3.18-150300.166.1 | 5.3.18-150300.166.1 | Feb 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: usb: hub: Guard against accesses to uninitialized BOS descriptors Many functions in drivers/usb/core/hub.c and drivers/usb/core/hub.h access fields inside udev->bos without checking if it was allocated and init | ||
| CVE-2023-52476 | — | < 5.3.18-150300.166.1 | 5.3.18-150300.166.1 | Feb 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: perf/x86/lbr: Filter vsyscall addresses We found that a panic can occur when a vsyscall is made while LBR sampling is active. If the vsyscall is interrupted (NMI) for perf sampling, this call sequence can occur |
- CVE-2021-47069Mar 1, 2024affected < 5.3.18-150300.161.1fixed 5.3.18-150300.161.1
In the Linux kernel, the following vulnerability has been resolved: ipc/mqueue, msg, sem: avoid relying on a stack reference past its expiry do_mq_timedreceive calls wq_sleep with a stack local address. The sender (do_mq_timedsend) uses this address to later call pipelined_sen
- CVE-2021-47068Feb 29, 2024affected < 5.3.18-150300.166.1fixed 5.3.18-150300.166.1
In the Linux kernel, the following vulnerability has been resolved: net/nfc: fix use-after-free llcp_sock_bind/connect Commits 8a4cd82d ("nfc: fix refcount leak in llcp_sock_connect()") and c33b1cc62 ("nfc: fix refcount leak in llcp_sock_bind()") fixed a refcount leak bug in bi
- CVE-2021-47065Feb 29, 2024affected < 5.3.18-150300.166.1fixed 5.3.18-150300.166.1
In the Linux kernel, the following vulnerability has been resolved: rtw88: Fix array overrun in rtw_get_tx_power_params() Using a kernel with the Undefined Behaviour Sanity Checker (UBSAN) enabled, the following array overrun is logged: ========================================
- CVE-2021-47063Feb 29, 2024affected < 5.3.18-150300.166.1fixed 5.3.18-150300.166.1
In the Linux kernel, the following vulnerability has been resolved: drm: bridge/panel: Cleanup connector on bridge detach If we don't call drm_connector_cleanup() manually in panel_bridge_detach(), the connector will be cleaned up with the other DRM objects in the call to drm_m
- CVE-2021-47061Feb 29, 2024affected < 5.3.18-150300.161.1fixed 5.3.18-150300.161.1
In the Linux kernel, the following vulnerability has been resolved: KVM: Destroy I/O bus devices on unregister failure _after_ sync'ing SRCU If allocating a new instance of an I/O bus fails when unregistering a device, wait to destroy the device until after all readers are guar
- CVE-2021-47060Feb 29, 2024affected < 5.3.18-150300.161.1fixed 5.3.18-150300.161.1
In the Linux kernel, the following vulnerability has been resolved: KVM: Stop looking for coalesced MMIO zones if the bus is destroyed Abort the walk of coalesced MMIO zones if kvm_io_bus_unregister_dev() fails to allocate memory for the new instance of the bus. If it can't in
- CVE-2021-47058Feb 29, 2024affected < 5.3.18-150300.166.1fixed 5.3.18-150300.166.1
In the Linux kernel, the following vulnerability has been resolved: regmap: set debugfs_name to NULL after it is freed There is a upstream commit cffa4b2122f5("regmap:debugfs: Fix a memory leak when calling regmap_attach_dev") that adds a if condition when create name for debug
- CVE-2021-47056Feb 29, 2024affected < 5.3.18-150300.166.1fixed 5.3.18-150300.166.1
In the Linux kernel, the following vulnerability has been resolved: crypto: qat - ADF_STATUS_PF_RUNNING should be set after adf_dev_init ADF_STATUS_PF_RUNNING is (only) used and checked by adf_vf2pf_shutdown() before calling adf_iov_putmsg()->mutex_lock(vf2pf_lock), however the
- CVE-2021-47055Feb 29, 2024affected < 5.3.18-150300.166.1fixed 5.3.18-150300.166.1
In the Linux kernel, the following vulnerability has been resolved: mtd: require write permissions for locking and badblock ioctls MEMLOCK, MEMUNLOCK and OTPLOCK modify protection bits. Thus require write permission. Depending on the hardware MEMLOCK might even be write-once, e
- CVE-2021-47054Feb 29, 2024affected < 5.3.18-150300.161.1fixed 5.3.18-150300.161.1
In the Linux kernel, the following vulnerability has been resolved: bus: qcom: Put child node before return Put child node before return to fix potential reference count leak. Generally, the reference count of child is incremented and decremented automatically in the macro for_
- CVE-2021-47020Feb 29, 2024affected < 5.3.18-150300.166.1fixed 5.3.18-150300.166.1
In the Linux kernel, the following vulnerability has been resolved: soundwire: stream: fix memory leak in stream config error path When stream config is failed, master runtime will release all slave runtime in the slave_rt_list, but slave runtime is not added to the list at thi
- CVE-2021-46959Feb 29, 2024affected < 5.3.18-150300.166.1fixed 5.3.18-150300.166.1
In the Linux kernel, the following vulnerability has been resolved: spi: Fix use-after-free with devm_spi_alloc_* We can't rely on the contents of the devres list during spi_unregister_controller(), as the list is already torn down at the time we perform devres_find() for devm_
- CVE-2024-26614Feb 29, 2024affected < 5.3.18-150300.166.1fixed 5.3.18-150300.166.1
In the Linux kernel, the following vulnerability has been resolved: tcp: make sure init the accept_queue's spinlocks once When I run syz's reproduction C program locally, it causes the following issue: pvqspinlock: lock 0xffff9d181cd5c660 has corrupted value 0x0! WARNING: CPU:
- CVE-2024-26610Feb 29, 2024affected < 5.3.18-150300.169.1fixed 5.3.18-150300.169.1
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: fix a memory corruption iwl_fw_ini_trigger_tlv::data is a pointer to a __le32, which means that if we copy to iwl_fw_ini_trigger_tlv::data + offset while offset is in bytes, we'll write past the
- CVE-2023-52492Feb 29, 2024affected < 5.3.18-150300.166.1fixed 5.3.18-150300.166.1
In the Linux kernel, the following vulnerability has been resolved: dmaengine: fix NULL pointer in channel unregistration function __dma_async_device_channel_register() can fail. In case of failure, chan->local is freed (with free_percpu()), and chan->local is nullified. When d
- CVE-2024-26607Feb 29, 2024affected < 5.3.18-150300.161.1fixed 5.3.18-150300.161.1
In the Linux kernel, the following vulnerability has been resolved: drm/bridge: sii902x: Fix probing race issue A null pointer dereference crash has been observed rarely on TI platforms using sii9022 bridge: [ 53.271356] sii902x_get_edid+0x34/0x70 [sii902x] [ 53.276066]
- CVE-2023-52482Feb 29, 2024affected < 5.3.18-150300.161.1fixed 5.3.18-150300.161.1
In the Linux kernel, the following vulnerability has been resolved: x86/srso: Add SRSO mitigation for Hygon processors Add mitigation for the speculative return stack overflow vulnerability which exists on Hygon processors too.
- CVE-2023-52478Feb 29, 2024affected < 5.3.18-150300.161.1fixed 5.3.18-150300.161.1
In the Linux kernel, the following vulnerability has been resolved: HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect hidpp_connect_event() has *four* time-of-check vs time-of-use (TOCTOU) races when it races with itself. hidpp_connect_event() primarily runs fro
- CVE-2023-52477Feb 29, 2024affected < 5.3.18-150300.166.1fixed 5.3.18-150300.166.1
In the Linux kernel, the following vulnerability has been resolved: usb: hub: Guard against accesses to uninitialized BOS descriptors Many functions in drivers/usb/core/hub.c and drivers/usb/core/hub.h access fields inside udev->bos without checking if it was allocated and init
- CVE-2023-52476Feb 29, 2024affected < 5.3.18-150300.166.1fixed 5.3.18-150300.166.1
In the Linux kernel, the following vulnerability has been resolved: perf/x86/lbr: Filter vsyscall addresses We found that a panic can occur when a vsyscall is made while LBR sampling is active. If the vsyscall is interrupted (NMI) for perf sampling, this call sequence can occur
Page 61 of 70