rpm package

suse/kernel-syms-rt&distro=SUSE Linux Enterprise Real Time 12 SP5

pkg:rpm/suse/kernel-syms-rt&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2012%20SP5

Vulnerabilities (1,429)

CVE	CVSS	Affected versions	Fixed in	Published	Description
CVE-2019-25162	—	< 4.12.14-10.171.1	4.12.14-10.171.1	Feb 26, 2024	In the Linux kernel, the following vulnerability has been resolved: i2c: Fix a potential use after free Free the adap structure only after we are done using it. This patch just moves the put_device() down a bit to avoid the use after free. [wsa: added comment to the code, adde
CVE-2019-25160	—	< 4.12.14-10.182.1	4.12.14-10.182.1	Feb 26, 2024	In the Linux kernel, the following vulnerability has been resolved: netlabel: fix out-of-bounds memory accesses There are two array out-of-bounds memory accesses, one in cipso_v4_map_lvl_valid(), the other in netlbl_bitmap_walk(). Both errors are embarassingly simple, and the
CVE-2022-48626	—	< 4.12.14-10.182.1	4.12.14-10.182.1	Feb 25, 2024	In the Linux kernel, the following vulnerability has been resolved: moxart: fix potential use-after-free on remove path It was reported that the mmc host structure could be accessed after it was freed in moxart_remove(), so fix this by saving the base register of the device and
CVE-2021-46905	—	< 4.12.14-10.182.1	4.12.14-10.182.1	Feb 25, 2024	In the Linux kernel, the following vulnerability has been resolved: net: hso: fix NULL-deref on disconnect regression Commit 8a12f8836145 ("net: hso: fix null-ptr-deref during tty device unregistration") fixed the racy minor allocation reported by syzbot, but introduced an unco
CVE-2021-46904	—	< 4.12.14-10.182.1	4.12.14-10.182.1	Feb 25, 2024	In the Linux kernel, the following vulnerability has been resolved: net: hso: fix null-ptr-deref during tty device unregistration Multiple ttys try to claim the same the minor number causing a double unregistration of the same device. The first unregistration succeeds but the n
CVE-2023-52470	—	< 4.12.14-10.182.1	4.12.14-10.182.1	Feb 25, 2024	In the Linux kernel, the following vulnerability has been resolved: drm/radeon: check the alloc_workqueue return value in radeon_crtc_init() check the alloc_workqueue return value in radeon_crtc_init() to avoid null-ptr-deref.
CVE-2023-52469	—	< 4.12.14-10.182.1	4.12.14-10.182.1	Feb 25, 2024	In the Linux kernel, the following vulnerability has been resolved: drivers/amd/pm: fix a use-after-free in kv_parse_power_table When ps allocated by kzalloc equals to NULL, kv_parse_power_table frees adev->pm.dpm.ps that allocated before. However, after the control flow goes t
CVE-2024-26600	—	< 4.12.14-10.171.1	4.12.14-10.171.1	Feb 24, 2024	In the Linux kernel, the following vulnerability has been resolved: phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP If the external phy working together with phy-omap-usb2 does not implement send_srp(), we may still attempt to call it. This can happen on an idle Et
CVE-2024-26595	—	< 4.12.14-10.171.1	4.12.14-10.171.1	Feb 23, 2024	In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix NULL pointer dereference in error path When calling mlxsw_sp_acl_tcam_region_destroy() from an error path after failing to attach the region to an ACL group, we hit a NULL pointer
CVE-2023-52464	—	< 4.12.14-10.171.1	4.12.14-10.171.1	Feb 23, 2024	In the Linux kernel, the following vulnerability has been resolved: EDAC/thunderx: Fix possible out-of-bounds string access Enabling -Wstringop-overflow globally exposes a warning for a common bug in the usage of strncat(): drivers/edac/thunderx_edac.c: In function 'thunderx
CVE-2023-52454	—	< 4.12.14-10.182.1	4.12.14-10.182.1	Feb 23, 2024	In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length If the host sends an H2CData command with an invalid DATAL, the kernel may crash in nvmet_tcp_build_pdu_iovec(). Unable to handle kernel
CVE-2023-52451	—	< 4.12.14-10.171.1	4.12.14-10.171.1	Feb 22, 2024	In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries/memhp: Fix access beyond end of drmem array dlpar_memory_remove_by_index() may access beyond the bounds of the drmem lmb array when the LMB lookup fails to match an entry with the given DRC inde
CVE-2023-52449	—	< 4.12.14-10.171.1	4.12.14-10.171.1	Feb 22, 2024	In the Linux kernel, the following vulnerability has been resolved: mtd: Fix gluebi NULL pointer dereference caused by ftl notifier If both ftl.ko and gluebi.ko are loaded, the notifier of ftl triggers NULL pointer dereference when trying to access ‘gluebi->desc’ in gluebi_read
CVE-2023-52445	—	< 4.12.14-10.171.1	4.12.14-10.171.1	Feb 22, 2024	In the Linux kernel, the following vulnerability has been resolved: media: pvrusb2: fix use after free on context disconnection Upon module load, a kthread is created targeting the pvr2_context_thread_func function, which may call pvr2_context_destroy and thus call kfree() on t
CVE-2023-52443	—	< 4.12.14-10.171.1	4.12.14-10.171.1	Feb 22, 2024	In the Linux kernel, the following vulnerability has been resolved: apparmor: avoid crash when parsed profile name is empty When processing a packed profile in unpack_profile() described like "profile :ns::samba-dcerpcd /usr/lib*/samba/{,samba/}samba-dcerpcd {...}" a string
CVE-2024-26585	—	< 4.12.14-10.171.1	4.12.14-10.171.1	Feb 21, 2024	In the Linux kernel, the following vulnerability has been resolved: tls: fix race between tx work scheduling and socket close Similarly to previous commit, the submitting thread (recvmsg/sendmsg) may exit as soon as the async crypto handler calls complete(). Reorder scheduling
CVE-2023-52435	—	< 4.12.14-10.197.1	4.12.14-10.197.1	Feb 20, 2024	In the Linux kernel, the following vulnerability has been resolved: net: prevent mss overflow in skb_segment() Once again syzbot is able to crash the kernel in skb_segment() [1] GSO_BY_FRAGS is a forbidden value, but unfortunately the following computation in skb_segment() can
CVE-2023-52429	—	< 4.12.14-10.171.1	4.12.14-10.171.1	Feb 12, 2024	dm_table_create in drivers/md/dm-table.c in the Linux kernel through 6.7.4 can attempt to (in alloc_targets) allocate more than INT_MAX bytes, and crash, because of a missing check for struct dm_ioctl.target_count.
CVE-2024-1151	—	< 4.12.14-10.171.1	4.12.14-10.171.1	Feb 11, 2024	A vulnerability was reported in the Open vSwitch sub-component in the Linux Kernel. The flaw occurs when a recursive operation of code push recursively calls into the code block. The OVS module does not validate the stack depth, pushing too many frames and causing a stack overflo
CVE-2023-6536	—	< 4.12.14-10.182.1	4.12.14-10.182.1	Feb 7, 2024	A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial

CVE-2019-25162Feb 26, 2024
affected < 4.12.14-10.171.1fixed 4.12.14-10.171.1
In the Linux kernel, the following vulnerability has been resolved: i2c: Fix a potential use after free Free the adap structure only after we are done using it. This patch just moves the put_device() down a bit to avoid the use after free. [wsa: added comment to the code, adde
CVE-2019-25160Feb 26, 2024
affected < 4.12.14-10.182.1fixed 4.12.14-10.182.1
In the Linux kernel, the following vulnerability has been resolved: netlabel: fix out-of-bounds memory accesses There are two array out-of-bounds memory accesses, one in cipso_v4_map_lvl_valid(), the other in netlbl_bitmap_walk(). Both errors are embarassingly simple, and the
CVE-2022-48626Feb 25, 2024
affected < 4.12.14-10.182.1fixed 4.12.14-10.182.1
In the Linux kernel, the following vulnerability has been resolved: moxart: fix potential use-after-free on remove path It was reported that the mmc host structure could be accessed after it was freed in moxart_remove(), so fix this by saving the base register of the device and
CVE-2021-46905Feb 25, 2024
affected < 4.12.14-10.182.1fixed 4.12.14-10.182.1
In the Linux kernel, the following vulnerability has been resolved: net: hso: fix NULL-deref on disconnect regression Commit 8a12f8836145 ("net: hso: fix null-ptr-deref during tty device unregistration") fixed the racy minor allocation reported by syzbot, but introduced an unco
CVE-2021-46904Feb 25, 2024
affected < 4.12.14-10.182.1fixed 4.12.14-10.182.1
In the Linux kernel, the following vulnerability has been resolved: net: hso: fix null-ptr-deref during tty device unregistration Multiple ttys try to claim the same the minor number causing a double unregistration of the same device. The first unregistration succeeds but the n
CVE-2023-52470Feb 25, 2024
affected < 4.12.14-10.182.1fixed 4.12.14-10.182.1
In the Linux kernel, the following vulnerability has been resolved: drm/radeon: check the alloc_workqueue return value in radeon_crtc_init() check the alloc_workqueue return value in radeon_crtc_init() to avoid null-ptr-deref.
CVE-2023-52469Feb 25, 2024
affected < 4.12.14-10.182.1fixed 4.12.14-10.182.1
In the Linux kernel, the following vulnerability has been resolved: drivers/amd/pm: fix a use-after-free in kv_parse_power_table When ps allocated by kzalloc equals to NULL, kv_parse_power_table frees adev->pm.dpm.ps that allocated before. However, after the control flow goes t
CVE-2024-26600Feb 24, 2024
affected < 4.12.14-10.171.1fixed 4.12.14-10.171.1
In the Linux kernel, the following vulnerability has been resolved: phy: ti: phy-omap-usb2: Fix NULL pointer dereference for SRP If the external phy working together with phy-omap-usb2 does not implement send_srp(), we may still attempt to call it. This can happen on an idle Et
CVE-2024-26595Feb 23, 2024
affected < 4.12.14-10.171.1fixed 4.12.14-10.171.1
In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_acl_tcam: Fix NULL pointer dereference in error path When calling mlxsw_sp_acl_tcam_region_destroy() from an error path after failing to attach the region to an ACL group, we hit a NULL pointer
CVE-2023-52464Feb 23, 2024
affected < 4.12.14-10.171.1fixed 4.12.14-10.171.1
In the Linux kernel, the following vulnerability has been resolved: EDAC/thunderx: Fix possible out-of-bounds string access Enabling -Wstringop-overflow globally exposes a warning for a common bug in the usage of strncat(): drivers/edac/thunderx_edac.c: In function 'thunderx
CVE-2023-52454Feb 23, 2024
affected < 4.12.14-10.182.1fixed 4.12.14-10.182.1
In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length If the host sends an H2CData command with an invalid DATAL, the kernel may crash in nvmet_tcp_build_pdu_iovec(). Unable to handle kernel
CVE-2023-52451Feb 22, 2024
affected < 4.12.14-10.171.1fixed 4.12.14-10.171.1
In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries/memhp: Fix access beyond end of drmem array dlpar_memory_remove_by_index() may access beyond the bounds of the drmem lmb array when the LMB lookup fails to match an entry with the given DRC inde
CVE-2023-52449Feb 22, 2024
affected < 4.12.14-10.171.1fixed 4.12.14-10.171.1
In the Linux kernel, the following vulnerability has been resolved: mtd: Fix gluebi NULL pointer dereference caused by ftl notifier If both ftl.ko and gluebi.ko are loaded, the notifier of ftl triggers NULL pointer dereference when trying to access ‘gluebi->desc’ in gluebi_read
CVE-2023-52445Feb 22, 2024
affected < 4.12.14-10.171.1fixed 4.12.14-10.171.1
In the Linux kernel, the following vulnerability has been resolved: media: pvrusb2: fix use after free on context disconnection Upon module load, a kthread is created targeting the pvr2_context_thread_func function, which may call pvr2_context_destroy and thus call kfree() on t
CVE-2023-52443Feb 22, 2024
affected < 4.12.14-10.171.1fixed 4.12.14-10.171.1
In the Linux kernel, the following vulnerability has been resolved: apparmor: avoid crash when parsed profile name is empty When processing a packed profile in unpack_profile() described like "profile :ns::samba-dcerpcd /usr/lib*/samba/{,samba/}samba-dcerpcd {...}" a string
CVE-2024-26585Feb 21, 2024
affected < 4.12.14-10.171.1fixed 4.12.14-10.171.1
In the Linux kernel, the following vulnerability has been resolved: tls: fix race between tx work scheduling and socket close Similarly to previous commit, the submitting thread (recvmsg/sendmsg) may exit as soon as the async crypto handler calls complete(). Reorder scheduling
CVE-2023-52435Feb 20, 2024
affected < 4.12.14-10.197.1fixed 4.12.14-10.197.1
In the Linux kernel, the following vulnerability has been resolved: net: prevent mss overflow in skb_segment() Once again syzbot is able to crash the kernel in skb_segment() [1] GSO_BY_FRAGS is a forbidden value, but unfortunately the following computation in skb_segment() can
CVE-2023-52429Feb 12, 2024
affected < 4.12.14-10.171.1fixed 4.12.14-10.171.1
dm_table_create in drivers/md/dm-table.c in the Linux kernel through 6.7.4 can attempt to (in alloc_targets) allocate more than INT_MAX bytes, and crash, because of a missing check for struct dm_ioctl.target_count.
CVE-2024-1151Feb 11, 2024
affected < 4.12.14-10.171.1fixed 4.12.14-10.171.1
A vulnerability was reported in the Open vSwitch sub-component in the Linux Kernel. The flaw occurs when a recursive operation of code push recursively calls into the code block. The OVS module does not validate the stack depth, pushing too many frames and causing a stack overflo
CVE-2023-6536Feb 7, 2024
affected < 4.12.14-10.182.1fixed 4.12.14-10.182.1
A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial

Page 44 of 72