rpm package

suse/kernel-syms-azure&distro=SUSE Linux Enterprise Server 12 SP5

pkg:rpm/suse/kernel-syms-azure&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5

Vulnerabilities (1,481)

CVE	CVSS	Affected versions	Fixed in	Published	Description
CVE-2021-47301	—	< 4.12.14-16.188.1	4.12.14-16.188.1	May 21, 2024	In the Linux kernel, the following vulnerability has been resolved: igb: Fix use-after-free error during reset Cleans the next descriptor to watch (next_to_watch) when cleaning the TX ring. Failure to do so can cause invalid memory accesses. If igb_poll() runs while the contro
CVE-2021-47297	—	< 4.12.14-16.191.1	4.12.14-16.191.1	May 21, 2024	In the Linux kernel, the following vulnerability has been resolved: net: fix uninit-value in caif_seqpkt_sendmsg When nr_segs equal to zero in iovec_from_user, the object msg->msg_iter.iov is uninit stack memory in caif_seqpkt_sendmsg which is defined in ___sys_sendmsg. So we c
CVE-2021-47295	—	< 4.12.14-16.194.1	4.12.14-16.194.1	May 21, 2024	In the Linux kernel, the following vulnerability has been resolved: net: sched: fix memory leak in tcindex_partial_destroy_work Syzbot reported memory leak in tcindex_set_parms(). The problem was in non-freed perfect hash in tcindex_partial_destroy_work(). In tcindex_set_parms
CVE-2021-47294	—	< 4.12.14-16.191.1	4.12.14-16.191.1	May 21, 2024	In the Linux kernel, the following vulnerability has been resolved: netrom: Decrease sock refcount when sock timers expire Commit 63346650c1a9 ("netrom: switch to sock timer API") switched to use sock timer API. It replaces mod_timer() by sk_reset_timer(), and del_timer() by sk
CVE-2021-47293	—	< 4.12.14-16.191.1	4.12.14-16.191.1	May 21, 2024	In the Linux kernel, the following vulnerability has been resolved: net/sched: act_skbmod: Skip non-Ethernet packets Currently tcf_skbmod_act() assumes that packets use Ethernet as their L2 protocol, which is not always the case. As an example, for CAN devices: $ ip link add
CVE-2021-47289	—	< 4.12.14-16.197.1	4.12.14-16.197.1	May 21, 2024	In the Linux kernel, the following vulnerability has been resolved: ACPI: fix NULL pointer dereference Commit 71f642833284 ("ACPI: utils: Fix reference counting in for_each_acpi_dev_match()") started doing "acpi_dev_put()" on a pointer that was possibly NULL. That fails misera
CVE-2021-47288	—	< 4.12.14-16.188.1	4.12.14-16.188.1	May 21, 2024	In the Linux kernel, the following vulnerability has been resolved: media: ngene: Fix out-of-bounds bug in ngene_command_config_free_buf() Fix an 11-year old bug in ngene_command_config_free_buf() while addressing the following warnings caught with -Warray-bounds: arch/alpha/i
CVE-2021-47284	—	< 4.12.14-16.188.1	4.12.14-16.188.1	May 21, 2024	In the Linux kernel, the following vulnerability has been resolved: isdn: mISDN: netjet: Fix crash in nj_probe: 'nj_setup' in netjet.c might fail with -EIO and in this case 'card->irq' is initialized and is bigger than zero. A subsequent call to 'nj_release' will free the irq t
CVE-2021-47281	—	< 4.12.14-16.188.1	4.12.14-16.188.1	May 21, 2024	In the Linux kernel, the following vulnerability has been resolved: ALSA: seq: Fix race of snd_seq_timer_open() The timer instance per queue is exclusive, and snd_seq_timer_open() should have managed the concurrent accesses. It looks as if it's checking the already existing ti
CVE-2021-47280	—	< 4.12.14-16.188.1	4.12.14-16.188.1	May 21, 2024	In the Linux kernel, the following vulnerability has been resolved: drm: Fix use-after-free read in drm_getunique() There is a time-of-check-to-time-of-use error in drm_getunique() due to retrieving file_priv->master prior to locking the device's master mutex. An example can b
CVE-2021-47277	—	< 4.12.14-16.188.1	4.12.14-16.188.1	May 21, 2024	In the Linux kernel, the following vulnerability has been resolved: kvm: avoid speculation-based attacks from out-of-range memslot accesses KVM's mechanism for accessing guest memory translates a guest physical address (gpa) to a host virtual address using the right-shifted gpa
CVE-2021-47276	—	< 4.12.14-16.188.1	4.12.14-16.188.1	May 21, 2024	In the Linux kernel, the following vulnerability has been resolved: ftrace: Do not blindly read the ip address in ftrace_bug() It was reported that a bug on arm64 caused a bad ip address to be used for updating into a nop in ftrace_init(), but the error path (rightfully) return
CVE-2021-47275	—	< 4.12.14-16.194.1	4.12.14-16.194.1	May 21, 2024	In the Linux kernel, the following vulnerability has been resolved: bcache: avoid oversized read request in cache missing code path In the cache missing code path of cached device, if a proper location from the internal B+ tree is matched for a cache miss range, function cached
CVE-2021-47274	—	< 4.12.14-16.188.1	4.12.14-16.188.1	May 21, 2024	In the Linux kernel, the following vulnerability has been resolved: tracing: Correct the length check which causes memory corruption We've suffered from severe kernel crashes due to memory corruption on our production environment, like, Call Trace: [1640542.554277] general pro
CVE-2021-47270	—	< 4.12.14-16.191.1	4.12.14-16.191.1	May 21, 2024	In the Linux kernel, the following vulnerability has been resolved: usb: fix various gadgets null ptr deref on 10gbps cabling. This avoids a null pointer dereference in f_{ecm,eem,hid,loopback,printer,rndis,serial,sourcesink,subset,tcm} by simply reusing the 5gbps config for 10
CVE-2021-47269	—	< 4.12.14-16.188.1	4.12.14-16.188.1	May 21, 2024	In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: ep0: fix NULL pointer exception There is no validation of the index from dwc3_wIndex_to_dep() and we might be referring a non-existing ep and trigger a NULL pointer exception. In certain configuratio
CVE-2021-47267	—	< 4.12.14-16.191.1	4.12.14-16.191.1	May 21, 2024	In the Linux kernel, the following vulnerability has been resolved: usb: fix various gadget panics on 10gbps cabling usb_assign_descriptors() is called with 5 parameters, the last 4 of which are the usb_descriptor_header for: full-speed (USB1.1 - 12Mbps [including USB1.0 low-
CVE-2021-47265	—	< 4.12.14-16.188.1	4.12.14-16.188.1	May 21, 2024	In the Linux kernel, the following vulnerability has been resolved: RDMA: Verify port when creating flow rule Validate port value provided by the user and with that remove no longer needed validation by the driver. The missing check in the mlx5_ib driver could cause to the bel
CVE-2021-47261	—	< 4.12.14-16.188.1	4.12.14-16.188.1	May 21, 2024	In the Linux kernel, the following vulnerability has been resolved: IB/mlx5: Fix initializing CQ fragments buffer The function init_cq_frag_buf() can be called to initialize the current CQ fragments buffer cq->buf, or the temporary cq->resize_buf that is filled during CQ resize
CVE-2021-47260	—	< 4.12.14-16.188.1	4.12.14-16.188.1	May 21, 2024	In the Linux kernel, the following vulnerability has been resolved: NFS: Fix a potential NULL dereference in nfs_get_client() None of the callers are expecting NULL returns from nfs_get_client() so this code will lead to an Oops. It's better to return an error pointer. I expe

CVE-2021-47301May 21, 2024
affected < 4.12.14-16.188.1fixed 4.12.14-16.188.1
In the Linux kernel, the following vulnerability has been resolved: igb: Fix use-after-free error during reset Cleans the next descriptor to watch (next_to_watch) when cleaning the TX ring. Failure to do so can cause invalid memory accesses. If igb_poll() runs while the contro
CVE-2021-47297May 21, 2024
affected < 4.12.14-16.191.1fixed 4.12.14-16.191.1
In the Linux kernel, the following vulnerability has been resolved: net: fix uninit-value in caif_seqpkt_sendmsg When nr_segs equal to zero in iovec_from_user, the object msg->msg_iter.iov is uninit stack memory in caif_seqpkt_sendmsg which is defined in ___sys_sendmsg. So we c
CVE-2021-47295May 21, 2024
affected < 4.12.14-16.194.1fixed 4.12.14-16.194.1
In the Linux kernel, the following vulnerability has been resolved: net: sched: fix memory leak in tcindex_partial_destroy_work Syzbot reported memory leak in tcindex_set_parms(). The problem was in non-freed perfect hash in tcindex_partial_destroy_work(). In tcindex_set_parms
CVE-2021-47294May 21, 2024
affected < 4.12.14-16.191.1fixed 4.12.14-16.191.1
In the Linux kernel, the following vulnerability has been resolved: netrom: Decrease sock refcount when sock timers expire Commit 63346650c1a9 ("netrom: switch to sock timer API") switched to use sock timer API. It replaces mod_timer() by sk_reset_timer(), and del_timer() by sk
CVE-2021-47293May 21, 2024
affected < 4.12.14-16.191.1fixed 4.12.14-16.191.1
In the Linux kernel, the following vulnerability has been resolved: net/sched: act_skbmod: Skip non-Ethernet packets Currently tcf_skbmod_act() assumes that packets use Ethernet as their L2 protocol, which is not always the case. As an example, for CAN devices: $ ip link add
CVE-2021-47289May 21, 2024
affected < 4.12.14-16.197.1fixed 4.12.14-16.197.1
In the Linux kernel, the following vulnerability has been resolved: ACPI: fix NULL pointer dereference Commit 71f642833284 ("ACPI: utils: Fix reference counting in for_each_acpi_dev_match()") started doing "acpi_dev_put()" on a pointer that was possibly NULL. That fails misera
CVE-2021-47288May 21, 2024
affected < 4.12.14-16.188.1fixed 4.12.14-16.188.1
In the Linux kernel, the following vulnerability has been resolved: media: ngene: Fix out-of-bounds bug in ngene_command_config_free_buf() Fix an 11-year old bug in ngene_command_config_free_buf() while addressing the following warnings caught with -Warray-bounds: arch/alpha/i
CVE-2021-47284May 21, 2024
affected < 4.12.14-16.188.1fixed 4.12.14-16.188.1
In the Linux kernel, the following vulnerability has been resolved: isdn: mISDN: netjet: Fix crash in nj_probe: 'nj_setup' in netjet.c might fail with -EIO and in this case 'card->irq' is initialized and is bigger than zero. A subsequent call to 'nj_release' will free the irq t
CVE-2021-47281May 21, 2024
affected < 4.12.14-16.188.1fixed 4.12.14-16.188.1
In the Linux kernel, the following vulnerability has been resolved: ALSA: seq: Fix race of snd_seq_timer_open() The timer instance per queue is exclusive, and snd_seq_timer_open() should have managed the concurrent accesses. It looks as if it's checking the already existing ti
CVE-2021-47280May 21, 2024
affected < 4.12.14-16.188.1fixed 4.12.14-16.188.1
In the Linux kernel, the following vulnerability has been resolved: drm: Fix use-after-free read in drm_getunique() There is a time-of-check-to-time-of-use error in drm_getunique() due to retrieving file_priv->master prior to locking the device's master mutex. An example can b
CVE-2021-47277May 21, 2024
affected < 4.12.14-16.188.1fixed 4.12.14-16.188.1
In the Linux kernel, the following vulnerability has been resolved: kvm: avoid speculation-based attacks from out-of-range memslot accesses KVM's mechanism for accessing guest memory translates a guest physical address (gpa) to a host virtual address using the right-shifted gpa
CVE-2021-47276May 21, 2024
affected < 4.12.14-16.188.1fixed 4.12.14-16.188.1
In the Linux kernel, the following vulnerability has been resolved: ftrace: Do not blindly read the ip address in ftrace_bug() It was reported that a bug on arm64 caused a bad ip address to be used for updating into a nop in ftrace_init(), but the error path (rightfully) return
CVE-2021-47275May 21, 2024
affected < 4.12.14-16.194.1fixed 4.12.14-16.194.1
In the Linux kernel, the following vulnerability has been resolved: bcache: avoid oversized read request in cache missing code path In the cache missing code path of cached device, if a proper location from the internal B+ tree is matched for a cache miss range, function cached
CVE-2021-47274May 21, 2024
affected < 4.12.14-16.188.1fixed 4.12.14-16.188.1
In the Linux kernel, the following vulnerability has been resolved: tracing: Correct the length check which causes memory corruption We've suffered from severe kernel crashes due to memory corruption on our production environment, like, Call Trace: [1640542.554277] general pro
CVE-2021-47270May 21, 2024
affected < 4.12.14-16.191.1fixed 4.12.14-16.191.1
In the Linux kernel, the following vulnerability has been resolved: usb: fix various gadgets null ptr deref on 10gbps cabling. This avoids a null pointer dereference in f_{ecm,eem,hid,loopback,printer,rndis,serial,sourcesink,subset,tcm} by simply reusing the 5gbps config for 10
CVE-2021-47269May 21, 2024
affected < 4.12.14-16.188.1fixed 4.12.14-16.188.1
In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: ep0: fix NULL pointer exception There is no validation of the index from dwc3_wIndex_to_dep() and we might be referring a non-existing ep and trigger a NULL pointer exception. In certain configuratio
CVE-2021-47267May 21, 2024
affected < 4.12.14-16.191.1fixed 4.12.14-16.191.1
In the Linux kernel, the following vulnerability has been resolved: usb: fix various gadget panics on 10gbps cabling usb_assign_descriptors() is called with 5 parameters, the last 4 of which are the usb_descriptor_header for: full-speed (USB1.1 - 12Mbps [including USB1.0 low-
CVE-2021-47265May 21, 2024
affected < 4.12.14-16.188.1fixed 4.12.14-16.188.1
In the Linux kernel, the following vulnerability has been resolved: RDMA: Verify port when creating flow rule Validate port value provided by the user and with that remove no longer needed validation by the driver. The missing check in the mlx5_ib driver could cause to the bel
CVE-2021-47261May 21, 2024
affected < 4.12.14-16.188.1fixed 4.12.14-16.188.1
In the Linux kernel, the following vulnerability has been resolved: IB/mlx5: Fix initializing CQ fragments buffer The function init_cq_frag_buf() can be called to initialize the current CQ fragments buffer cq->buf, or the temporary cq->resize_buf that is filled during CQ resize
CVE-2021-47260May 21, 2024
affected < 4.12.14-16.188.1fixed 4.12.14-16.188.1
In the Linux kernel, the following vulnerability has been resolved: NFS: Fix a potential NULL dereference in nfs_get_client() None of the callers are expecting NULL returns from nfs_get_client() so this code will lead to an Oops. It's better to return an error pointer. I expe

Page 24 of 75