rpm package
suse/kernel-source-rt&distro=SUSE Linux Enterprise Micro 5.4
pkg:rpm/suse/kernel-source-rt&distro=SUSE%20Linux%20Enterprise%20Micro%205.4
Vulnerabilities (2,793)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-50866 | — | < 5.14.21-150400.15.142.1 | 5.14.21-150400.15.142.1 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: ASoC: pxa: fix null-pointer dereference in filter() kasprintf() would return NULL pointer when kmalloc() fail to allocate. Need to check the return pointer before calling strcmp(). | ||
| CVE-2022-50864 | — | < 5.14.21-150400.15.142.1 | 5.14.21-150400.15.142.1 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix shift-out-of-bounds due to too large exponent of block size If field s_log_block_size of superblock data is corrupted and too large, init_nilfs() and load_nilfs() still can trigger a shift-out-of-bo | ||
| CVE-2022-50861 | — | < 5.14.21-150400.15.142.1 | 5.14.21-150400.15.142.1 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: NFSD: Finish converting the NFSv2 GETACL result encoder The xdr_stream conversion inadvertently left some code that set the page_len of the send buffer. The XDR stream encoders should handle this automatically | ||
| CVE-2022-50860 | — | < 5.14.21-150400.15.142.1 | 5.14.21-150400.15.142.1 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: apparmor: Fix memleak in alloc_ns() After changes in commit a1bd627b46d1 ("apparmor: share profile name on replacement"), the hname member of struct aa_policy is not valid slab object, but a subset of that, it | ||
| CVE-2022-50859 | — | < 5.14.21-150400.15.142.1 | 5.14.21-150400.15.142.1 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: cifs: Fix the error length of VALIDATE_NEGOTIATE_INFO message Commit d5c7076b772a ("smb3: add smb3.1.1 to default dialect list") extend the dialects from 3 to 4, but forget to decrease the extended length when | ||
| CVE-2022-50858 | — | < 5.14.21-150400.15.142.1 | 5.14.21-150400.15.142.1 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: mmc: alcor: fix return value check of mmc_add_host() mmc_add_host() may return error, if we ignore its return value, the memory that allocated in mmc_alloc_host() will be leaked and it will lead a kernel crash | ||
| CVE-2022-50856 | — | < 5.14.21-150400.15.142.1 | 5.14.21-150400.15.142.1 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: cifs: Fix xid leak in cifs_ses_add_channel() Before return, should free the xid, otherwise, the xid will be leaked. | ||
| CVE-2022-50853 | — | < 5.14.21-150400.15.142.1 | 5.14.21-150400.15.142.1 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: NFSv4: Fix a credential leak in _nfs4_discover_trunking() | ||
| CVE-2022-50851 | — | < 5.14.21-150400.15.142.1 | 5.14.21-150400.15.142.1 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: vhost_vdpa: fix the crash in unmap a large memory While testing in vIOMMU, sometimes Guest will unmap very large memory, which will cause the crash. To fix this, add a new function vhost_vdpa_general_unmap(). T | ||
| CVE-2022-50850 | — | < 5.14.21-150400.15.142.1 | 5.14.21-150400.15.142.1 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: scsi: ipr: Fix WARNING in ipr_init() ipr_init() will not call unregister_reboot_notifier() when pci_register_driver() fails, which causes a WARNING. Call unregister_reboot_notifier() when pci_register_driver() | ||
| CVE-2022-50849 | — | < 5.14.21-150400.15.142.1 | 5.14.21-150400.15.142.1 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: pstore: Avoid kcore oops by vmap()ing with VM_IOREMAP An oops can be induced by running 'cat /proc/kcore > /dev/null' on devices using pstore with the ram backend because kmap_atomic() assumes lowmem pages are | ||
| CVE-2022-50848 | — | < 5.14.21-150400.15.142.1 | 5.14.21-150400.15.142.1 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: drivers: dio: fix possible memory leak in dio_init() If device_register() returns error, the 'dev' and name needs be freed. Add a release function, and then call put_device() in the error path, so the name is f | ||
| CVE-2022-50846 | — | < 5.14.21-150400.15.142.1 | 5.14.21-150400.15.142.1 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: mmc: via-sdmmc: fix return value check of mmc_add_host() mmc_add_host() may return error, if we ignore its return value, it will lead two issues: 1. The memory that allocated in mmc_alloc_host() is leaked. 2. I | ||
| CVE-2022-50845 | — | < 5.14.21-150400.15.142.1 | 5.14.21-150400.15.142.1 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: ext4: fix inode leak in ext4_xattr_inode_create() on an error path There is issue as follows when do setxattr with inject fault: [localhost]# fsck.ext4 -fn /dev/sda e2fsck 1.46.6-rc1 (12-Sep-2022) Pass 1: Ch | ||
| CVE-2022-50844 | — | < 5.14.21-150400.15.142.1 | 5.14.21-150400.15.142.1 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix type of second parameter in odn_edit_dpm_table() callback With clang's kernel control flow integrity (kCFI, CONFIG_CFI_CLANG), indirect call targets are validated against the expected function p | ||
| CVE-2022-50843 | — | < 5.14.21-150400.15.142.1 | 5.14.21-150400.15.142.1 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: dm clone: Fix UAF in clone_dtr() Dm_clone also has the same UAF problem when dm_resume() and dm_destroy() are concurrent. Therefore, cancelling timer again in clone_dtr(). | ||
| CVE-2022-50842 | — | < 5.14.21-150400.15.142.1 | 5.14.21-150400.15.142.1 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: drm/virtio: Check whether transferred 2D BO is shmem Transferred 2D BO always must be a shmem BO. Add check for that to prevent NULL dereference if userspace passes a VRAM BO. | ||
| CVE-2022-50840 | — | < 5.14.21-150400.15.142.1 | 5.14.21-150400.15.142.1 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: scsi: snic: Fix possible UAF in snic_tgt_create() Smatch reports a warning as follows: drivers/scsi/snic/snic_disc.c:307 snic_tgt_create() warn: '&tgt->list' not removed from list If device_add() fails in s | ||
| CVE-2022-50839 | — | < 5.14.21-150400.15.142.1 | 5.14.21-150400.15.142.1 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: jbd2: fix potential buffer head reference count leak As in 'jbd2_fc_wait_bufs' if buffer isn't uptodate, will return -EIO without update 'journal->j_fc_off'. But 'jbd2_fc_release_bufs' will release buffer head | ||
| CVE-2022-50836 | — | < 5.14.21-150400.15.142.1 | 5.14.21-150400.15.142.1 | Dec 30, 2025 | In the Linux kernel, the following vulnerability has been resolved: remoteproc: sysmon: fix memory leak in qcom_add_sysmon_subdev() The kfree() should be called when of_irq_get_byname() fails or devm_request_threaded_irq() fails in qcom_add_sysmon_subdev(), otherwise there will |
- CVE-2022-50866Dec 30, 2025affected < 5.14.21-150400.15.142.1fixed 5.14.21-150400.15.142.1
In the Linux kernel, the following vulnerability has been resolved: ASoC: pxa: fix null-pointer dereference in filter() kasprintf() would return NULL pointer when kmalloc() fail to allocate. Need to check the return pointer before calling strcmp().
- CVE-2022-50864Dec 30, 2025affected < 5.14.21-150400.15.142.1fixed 5.14.21-150400.15.142.1
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix shift-out-of-bounds due to too large exponent of block size If field s_log_block_size of superblock data is corrupted and too large, init_nilfs() and load_nilfs() still can trigger a shift-out-of-bo
- CVE-2022-50861Dec 30, 2025affected < 5.14.21-150400.15.142.1fixed 5.14.21-150400.15.142.1
In the Linux kernel, the following vulnerability has been resolved: NFSD: Finish converting the NFSv2 GETACL result encoder The xdr_stream conversion inadvertently left some code that set the page_len of the send buffer. The XDR stream encoders should handle this automatically
- CVE-2022-50860Dec 30, 2025affected < 5.14.21-150400.15.142.1fixed 5.14.21-150400.15.142.1
In the Linux kernel, the following vulnerability has been resolved: apparmor: Fix memleak in alloc_ns() After changes in commit a1bd627b46d1 ("apparmor: share profile name on replacement"), the hname member of struct aa_policy is not valid slab object, but a subset of that, it
- CVE-2022-50859Dec 30, 2025affected < 5.14.21-150400.15.142.1fixed 5.14.21-150400.15.142.1
In the Linux kernel, the following vulnerability has been resolved: cifs: Fix the error length of VALIDATE_NEGOTIATE_INFO message Commit d5c7076b772a ("smb3: add smb3.1.1 to default dialect list") extend the dialects from 3 to 4, but forget to decrease the extended length when
- CVE-2022-50858Dec 30, 2025affected < 5.14.21-150400.15.142.1fixed 5.14.21-150400.15.142.1
In the Linux kernel, the following vulnerability has been resolved: mmc: alcor: fix return value check of mmc_add_host() mmc_add_host() may return error, if we ignore its return value, the memory that allocated in mmc_alloc_host() will be leaked and it will lead a kernel crash
- CVE-2022-50856Dec 30, 2025affected < 5.14.21-150400.15.142.1fixed 5.14.21-150400.15.142.1
In the Linux kernel, the following vulnerability has been resolved: cifs: Fix xid leak in cifs_ses_add_channel() Before return, should free the xid, otherwise, the xid will be leaked.
- CVE-2022-50853Dec 30, 2025affected < 5.14.21-150400.15.142.1fixed 5.14.21-150400.15.142.1
In the Linux kernel, the following vulnerability has been resolved: NFSv4: Fix a credential leak in _nfs4_discover_trunking()
- CVE-2022-50851Dec 30, 2025affected < 5.14.21-150400.15.142.1fixed 5.14.21-150400.15.142.1
In the Linux kernel, the following vulnerability has been resolved: vhost_vdpa: fix the crash in unmap a large memory While testing in vIOMMU, sometimes Guest will unmap very large memory, which will cause the crash. To fix this, add a new function vhost_vdpa_general_unmap(). T
- CVE-2022-50850Dec 30, 2025affected < 5.14.21-150400.15.142.1fixed 5.14.21-150400.15.142.1
In the Linux kernel, the following vulnerability has been resolved: scsi: ipr: Fix WARNING in ipr_init() ipr_init() will not call unregister_reboot_notifier() when pci_register_driver() fails, which causes a WARNING. Call unregister_reboot_notifier() when pci_register_driver()
- CVE-2022-50849Dec 30, 2025affected < 5.14.21-150400.15.142.1fixed 5.14.21-150400.15.142.1
In the Linux kernel, the following vulnerability has been resolved: pstore: Avoid kcore oops by vmap()ing with VM_IOREMAP An oops can be induced by running 'cat /proc/kcore > /dev/null' on devices using pstore with the ram backend because kmap_atomic() assumes lowmem pages are
- CVE-2022-50848Dec 30, 2025affected < 5.14.21-150400.15.142.1fixed 5.14.21-150400.15.142.1
In the Linux kernel, the following vulnerability has been resolved: drivers: dio: fix possible memory leak in dio_init() If device_register() returns error, the 'dev' and name needs be freed. Add a release function, and then call put_device() in the error path, so the name is f
- CVE-2022-50846Dec 30, 2025affected < 5.14.21-150400.15.142.1fixed 5.14.21-150400.15.142.1
In the Linux kernel, the following vulnerability has been resolved: mmc: via-sdmmc: fix return value check of mmc_add_host() mmc_add_host() may return error, if we ignore its return value, it will lead two issues: 1. The memory that allocated in mmc_alloc_host() is leaked. 2. I
- CVE-2022-50845Dec 30, 2025affected < 5.14.21-150400.15.142.1fixed 5.14.21-150400.15.142.1
In the Linux kernel, the following vulnerability has been resolved: ext4: fix inode leak in ext4_xattr_inode_create() on an error path There is issue as follows when do setxattr with inject fault: [localhost]# fsck.ext4 -fn /dev/sda e2fsck 1.46.6-rc1 (12-Sep-2022) Pass 1: Ch
- CVE-2022-50844Dec 30, 2025affected < 5.14.21-150400.15.142.1fixed 5.14.21-150400.15.142.1
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix type of second parameter in odn_edit_dpm_table() callback With clang's kernel control flow integrity (kCFI, CONFIG_CFI_CLANG), indirect call targets are validated against the expected function p
- CVE-2022-50843Dec 30, 2025affected < 5.14.21-150400.15.142.1fixed 5.14.21-150400.15.142.1
In the Linux kernel, the following vulnerability has been resolved: dm clone: Fix UAF in clone_dtr() Dm_clone also has the same UAF problem when dm_resume() and dm_destroy() are concurrent. Therefore, cancelling timer again in clone_dtr().
- CVE-2022-50842Dec 30, 2025affected < 5.14.21-150400.15.142.1fixed 5.14.21-150400.15.142.1
In the Linux kernel, the following vulnerability has been resolved: drm/virtio: Check whether transferred 2D BO is shmem Transferred 2D BO always must be a shmem BO. Add check for that to prevent NULL dereference if userspace passes a VRAM BO.
- CVE-2022-50840Dec 30, 2025affected < 5.14.21-150400.15.142.1fixed 5.14.21-150400.15.142.1
In the Linux kernel, the following vulnerability has been resolved: scsi: snic: Fix possible UAF in snic_tgt_create() Smatch reports a warning as follows: drivers/scsi/snic/snic_disc.c:307 snic_tgt_create() warn: '&tgt->list' not removed from list If device_add() fails in s
- CVE-2022-50839Dec 30, 2025affected < 5.14.21-150400.15.142.1fixed 5.14.21-150400.15.142.1
In the Linux kernel, the following vulnerability has been resolved: jbd2: fix potential buffer head reference count leak As in 'jbd2_fc_wait_bufs' if buffer isn't uptodate, will return -EIO without update 'journal->j_fc_off'. But 'jbd2_fc_release_bufs' will release buffer head
- CVE-2022-50836Dec 30, 2025affected < 5.14.21-150400.15.142.1fixed 5.14.21-150400.15.142.1
In the Linux kernel, the following vulnerability has been resolved: remoteproc: sysmon: fix memory leak in qcom_add_sysmon_subdev() The kfree() should be called when of_irq_get_byname() fails or devm_request_threaded_irq() fails in qcom_add_sysmon_subdev(), otherwise there will
Page 6 of 140