rpm package
suse/kernel-syms-azure&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP5
pkg:rpm/suse/kernel-syms-azure&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5
Vulnerabilities (1,481)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-46739 | Med | 5.5 | < 4.12.14-16.200.1 | 4.12.14-16.200.1 | Sep 18, 2024 | In the Linux kernel, the following vulnerability has been resolved: uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind For primary VM Bus channels, primary_channel pointer is always NULL. This pointer is valid only for the secondary channels. Also, rescind ca | |
| CVE-2024-46738 | Hig | 7.8 | < 4.12.14-16.200.1 | 4.12.14-16.200.1 | Sep 18, 2024 | In the Linux kernel, the following vulnerability has been resolved: VMCI: Fix use-after-free when removing resource in vmci_resource_remove() When removing a resource from vmci_resource_table in vmci_resource_remove(), the search is performed using the resource handle by compar | |
| CVE-2024-46737 | Med | 5.5 | < 4.12.14-16.200.1 | 4.12.14-16.200.1 | Sep 18, 2024 | In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: fix kernel crash if commands allocation fails If the commands allocation fails in nvmet_tcp_alloc_cmds() the kernel crashes in nvmet_tcp_release_queue_work() because of a NULL pointer dereference. | |
| CVE-2024-46731 | Hig | 7.1 | < 4.12.14-16.200.1 | 4.12.14-16.200.1 | Sep 18, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: fix the Out-of-bounds read warning using index i - 1U may beyond element index for mc_data[] when i = 0. | |
| CVE-2024-46723 | Hig | 7.1 | < 4.12.14-16.200.1 | 4.12.14-16.200.1 | Sep 18, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix ucode out-of-bounds read warning Clear warning that read ucode[] may out-of-bounds. | |
| CVE-2024-46722 | Hig | 7.1 | < 4.12.14-16.200.1 | 4.12.14-16.200.1 | Sep 18, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix mc_data out-of-bounds read warning Clear warning that read mc_data[i-1] may out-of-bounds. | |
| CVE-2024-46721 | Med | 5.5 | < 4.12.14-16.200.1 | 4.12.14-16.200.1 | Sep 18, 2024 | In the Linux kernel, the following vulnerability has been resolved: apparmor: fix possible NULL pointer dereference profile->parent->dents[AAFS_PROF_DIR] could be NULL only if its parent is made from __create_missing_ancestors(..) and 'ent->old' is NULL in aa_replace_profiles(. | |
| CVE-2024-46715 | Med | 5.5 | < 4.12.14-16.200.1 | 4.12.14-16.200.1 | Sep 18, 2024 | In the Linux kernel, the following vulnerability has been resolved: driver: iio: add missing checks on iio_info's callback access Some callbacks from iio_info structure are accessed without any check, so if a driver doesn't implement them trying to access the corresponding sysf | |
| CVE-2024-46707 | Med | 5.5 | < 4.12.14-16.200.1 | 4.12.14-16.200.1 | Sep 13, 2024 | In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3 On a system with a GICv3, if a guest hasn't been configured with GICv3 and that the host is not capable of GICv2 emulation, a write to any of the | |
| CVE-2024-46702 | Med | 5.5 | < 4.12.14-16.200.1 | 4.12.14-16.200.1 | Sep 13, 2024 | In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Mark XDomain as unplugged when router is removed I noticed that when we do discrete host router NVM upgrade and it gets hot-removed from the PCIe side as a result of NVM firmware authentication, if | |
| CVE-2024-46686 | Med | 5.5 | < 4.12.14-16.200.1 | 4.12.14-16.200.1 | Sep 13, 2024 | In the Linux kernel, the following vulnerability has been resolved: smb/client: avoid dereferencing rdata=NULL in smb2_new_read_req() This happens when called from SMB2_read() while using rdma and reaching the rdma_readwrite_threshold. | |
| CVE-2024-46685 | Med | 5.5 | < 4.12.14-16.200.1 | 4.12.14-16.200.1 | Sep 13, 2024 | In the Linux kernel, the following vulnerability has been resolved: pinctrl: single: fix potential NULL dereference in pcs_get_function() pinmux_generic_get_function() can return NULL and the pointer 'function' was dereferenced without checking against NULL. Add checking of poi | |
| CVE-2024-46679 | Med | 4.7 | < 4.12.14-16.200.1 | 4.12.14-16.200.1 | Sep 13, 2024 | In the Linux kernel, the following vulnerability has been resolved: ethtool: check device is present when getting link settings A sysfs reader can race with a device reset or removal, attempting to read device state when the device is not actually present. eg: [exception | |
| CVE-2024-46677 | Med | 5.5 | < 4.12.14-16.200.1 | 4.12.14-16.200.1 | Sep 13, 2024 | In the Linux kernel, the following vulnerability has been resolved: gtp: fix a potential NULL pointer dereference When sockfd_lookup() fails, gtp_encap_enable_socket() returns a NULL pointer, but its callers only check for error pointers thus miss the NULL pointer case. Fix it | |
| CVE-2024-46676 | Med | 5.5 | < 4.12.14-16.200.1 | 4.12.14-16.200.1 | Sep 13, 2024 | In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: Add poll mod list filling check In case of im_protocols value is 1 and tm_protocols value is 0 this combination successfully passes the check 'if (!im_protocols && !tm_protocols)' in the nfc_start_p | |
| CVE-2024-46675 | Med | 5.5 | < 4.12.14-16.200.1 | 4.12.14-16.200.1 | Sep 13, 2024 | In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: core: Prevent USB core invalid event buffer address access This commit addresses an issue where the USB core could access an invalid event buffer address during runtime suspend, potentially causing S | |
| CVE-2024-46673 | Hig | 7.8 | < 4.12.14-16.200.1 | 4.12.14-16.200.1 | Sep 13, 2024 | In the Linux kernel, the following vulnerability has been resolved: scsi: aacraid: Fix double-free on probe failure aac_probe_one() calls hardware-specific init functions through the aac_driver_ident::init pointer, all of which eventually call down to aac_init_adapter(). If aa | |
| CVE-2023-52915 | Med | 5.5 | < 4.12.14-16.200.1 | 4.12.14-16.200.1 | Sep 6, 2024 | In the Linux kernel, the following vulnerability has been resolved: media: dvb-usb-v2: af9035: Fix null-ptr-deref in af9035_i2c_master_xfer In af9035_i2c_master_xfer, msg is controlled by user. When msg[i].buf is null and msg[i].len is zero, former checks on msg[i].buf would be | |
| CVE-2024-45008 | Med | 5.5 | < 4.12.14-16.200.1 | 4.12.14-16.200.1 | Sep 4, 2024 | In the Linux kernel, the following vulnerability has been resolved: Input: MT - limit max slots syzbot is reporting too large allocation at input_mt_init_slots(), for num_slots is supplied from userspace using ioctl(UI_DEV_CREATE). Since nobody knows possible max slots, this p | |
| CVE-2024-44999 | Hig | 7.1 | < 4.12.14-16.200.1 | 4.12.14-16.200.1 | Sep 4, 2024 | In the Linux kernel, the following vulnerability has been resolved: gtp: pull network headers in gtp_dev_xmit() syzbot/KMSAN reported use of uninit-value in get_dev_xmit() [1] We must make sure the IPv4 or Ipv6 header is pulled in skb->head before accessing fields in them. Us |
- affected < 4.12.14-16.200.1fixed 4.12.14-16.200.1
In the Linux kernel, the following vulnerability has been resolved: uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind For primary VM Bus channels, primary_channel pointer is always NULL. This pointer is valid only for the secondary channels. Also, rescind ca
- affected < 4.12.14-16.200.1fixed 4.12.14-16.200.1
In the Linux kernel, the following vulnerability has been resolved: VMCI: Fix use-after-free when removing resource in vmci_resource_remove() When removing a resource from vmci_resource_table in vmci_resource_remove(), the search is performed using the resource handle by compar
- affected < 4.12.14-16.200.1fixed 4.12.14-16.200.1
In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: fix kernel crash if commands allocation fails If the commands allocation fails in nvmet_tcp_alloc_cmds() the kernel crashes in nvmet_tcp_release_queue_work() because of a NULL pointer dereference.
- affected < 4.12.14-16.200.1fixed 4.12.14-16.200.1
In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: fix the Out-of-bounds read warning using index i - 1U may beyond element index for mc_data[] when i = 0.
- affected < 4.12.14-16.200.1fixed 4.12.14-16.200.1
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix ucode out-of-bounds read warning Clear warning that read ucode[] may out-of-bounds.
- affected < 4.12.14-16.200.1fixed 4.12.14-16.200.1
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix mc_data out-of-bounds read warning Clear warning that read mc_data[i-1] may out-of-bounds.
- affected < 4.12.14-16.200.1fixed 4.12.14-16.200.1
In the Linux kernel, the following vulnerability has been resolved: apparmor: fix possible NULL pointer dereference profile->parent->dents[AAFS_PROF_DIR] could be NULL only if its parent is made from __create_missing_ancestors(..) and 'ent->old' is NULL in aa_replace_profiles(.
- affected < 4.12.14-16.200.1fixed 4.12.14-16.200.1
In the Linux kernel, the following vulnerability has been resolved: driver: iio: add missing checks on iio_info's callback access Some callbacks from iio_info structure are accessed without any check, so if a driver doesn't implement them trying to access the corresponding sysf
- affected < 4.12.14-16.200.1fixed 4.12.14-16.200.1
In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Make ICC_*SGI*_EL1 undef in the absence of a vGICv3 On a system with a GICv3, if a guest hasn't been configured with GICv3 and that the host is not capable of GICv2 emulation, a write to any of the
- affected < 4.12.14-16.200.1fixed 4.12.14-16.200.1
In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Mark XDomain as unplugged when router is removed I noticed that when we do discrete host router NVM upgrade and it gets hot-removed from the PCIe side as a result of NVM firmware authentication, if
- affected < 4.12.14-16.200.1fixed 4.12.14-16.200.1
In the Linux kernel, the following vulnerability has been resolved: smb/client: avoid dereferencing rdata=NULL in smb2_new_read_req() This happens when called from SMB2_read() while using rdma and reaching the rdma_readwrite_threshold.
- affected < 4.12.14-16.200.1fixed 4.12.14-16.200.1
In the Linux kernel, the following vulnerability has been resolved: pinctrl: single: fix potential NULL dereference in pcs_get_function() pinmux_generic_get_function() can return NULL and the pointer 'function' was dereferenced without checking against NULL. Add checking of poi
- affected < 4.12.14-16.200.1fixed 4.12.14-16.200.1
In the Linux kernel, the following vulnerability has been resolved: ethtool: check device is present when getting link settings A sysfs reader can race with a device reset or removal, attempting to read device state when the device is not actually present. eg: [exception
- affected < 4.12.14-16.200.1fixed 4.12.14-16.200.1
In the Linux kernel, the following vulnerability has been resolved: gtp: fix a potential NULL pointer dereference When sockfd_lookup() fails, gtp_encap_enable_socket() returns a NULL pointer, but its callers only check for error pointers thus miss the NULL pointer case. Fix it
- affected < 4.12.14-16.200.1fixed 4.12.14-16.200.1
In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: Add poll mod list filling check In case of im_protocols value is 1 and tm_protocols value is 0 this combination successfully passes the check 'if (!im_protocols && !tm_protocols)' in the nfc_start_p
- affected < 4.12.14-16.200.1fixed 4.12.14-16.200.1
In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: core: Prevent USB core invalid event buffer address access This commit addresses an issue where the USB core could access an invalid event buffer address during runtime suspend, potentially causing S
- affected < 4.12.14-16.200.1fixed 4.12.14-16.200.1
In the Linux kernel, the following vulnerability has been resolved: scsi: aacraid: Fix double-free on probe failure aac_probe_one() calls hardware-specific init functions through the aac_driver_ident::init pointer, all of which eventually call down to aac_init_adapter(). If aa
- affected < 4.12.14-16.200.1fixed 4.12.14-16.200.1
In the Linux kernel, the following vulnerability has been resolved: media: dvb-usb-v2: af9035: Fix null-ptr-deref in af9035_i2c_master_xfer In af9035_i2c_master_xfer, msg is controlled by user. When msg[i].buf is null and msg[i].len is zero, former checks on msg[i].buf would be
- affected < 4.12.14-16.200.1fixed 4.12.14-16.200.1
In the Linux kernel, the following vulnerability has been resolved: Input: MT - limit max slots syzbot is reporting too large allocation at input_mt_init_slots(), for num_slots is supplied from userspace using ioctl(UI_DEV_CREATE). Since nobody knows possible max slots, this p
- affected < 4.12.14-16.200.1fixed 4.12.14-16.200.1
In the Linux kernel, the following vulnerability has been resolved: gtp: pull network headers in gtp_dev_xmit() syzbot/KMSAN reported use of uninit-value in get_dev_xmit() [1] We must make sure the IPv4 or Ipv6 header is pulled in skb->head before accessing fields in them. Us
Page 2 of 75