rpm package
suse/kernel-zfcpdump&distro=SUSE Manager Server LTS 4.3
pkg:rpm/suse/kernel-zfcpdump&distro=SUSE%20Manager%20Server%20LTS%204.3
Vulnerabilities (542)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-53594 | — | < 5.14.21-150400.24.184.1 | 5.14.21-150400.24.184.1 | Oct 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: driver core: fix resource leak in device_add() When calling kobject_add() failed in device_add(), it will call cleanup_glue_dir() to free resource. But in kobject_add(), dev->kobj.parent has been set to NULL. T | ||
| CVE-2023-53592 | — | < 5.14.21-150400.24.184.1 | 5.14.21-150400.24.184.1 | Oct 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: gpio: sifive: Fix refcount leak in sifive_gpio_probe of_irq_find_parent() returns a node pointer with refcount incremented, We should use of_node_put() on it when not needed anymore. Add missing of_node_put() t | ||
| CVE-2023-53589 | — | < 5.14.21-150400.24.184.1 | 5.14.21-150400.24.184.1 | Oct 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: don't trust firmware n_channels If the firmware sends us a corrupted MCC response with n_channels much larger than the command response can be, we might copy far too much (uninitialized) mem | ||
| CVE-2023-53587 | — | < 5.14.21-150400.24.184.1 | 5.14.21-150400.24.184.1 | Oct 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Sync IRQ works before buffer destruction If something was written to the buffer just before destruction, it may be possible (maybe not in a real system, but it did happen in ARCH=um with time-trave | ||
| CVE-2023-53582 | — | < 5.14.21-150400.24.184.1 | 5.14.21-150400.24.184.1 | Oct 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: ensure CLM version is null-terminated to prevent stack-out-of-bounds Fix a stack-out-of-bounds read in brcmfmac that occurs when 'buf' that is not null-terminated is passed as an argument of str | ||
| CVE-2022-50505 | — | < 5.14.21-150400.24.184.1 | 5.14.21-150400.24.184.1 | Oct 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Fix pci device refcount leak in ppr_notifier() As comment of pci_get_domain_bus_and_slot() says, it returns a pci device with refcount increment, when finish using it, the caller must decrement the r | ||
| CVE-2022-50504 | — | < 5.14.21-150400.24.184.1 | 5.14.21-150400.24.184.1 | Oct 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: powerpc/rtas: avoid scheduling in rtas_os_term() It's unsafe to use rtas_busy_delay() to handle a busy status from the ibm,os-term RTAS function in rtas_os_term(): Kernel panic - not syncing: Attempted to kill | ||
| CVE-2022-50503 | — | < 5.14.21-150400.24.184.1 | 5.14.21-150400.24.184.1 | Oct 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: mtd: lpddr2_nvm: Fix possible null-ptr-deref It will cause null-ptr-deref when resource_size(add_range) invoked, if platform_get_resource() returns NULL. | ||
| CVE-2022-50501 | — | < 5.14.21-150400.24.184.1 | 5.14.21-150400.24.184.1 | Oct 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: media: coda: Add check for dcoda_iram_alloc As the coda_iram_alloc may return NULL pointer, it should be better to check the return value in order to avoid NULL poineter dereference, same as the others. | ||
| CVE-2022-50499 | — | < 5.14.21-150400.24.184.1 | 5.14.21-150400.24.184.1 | Oct 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: media: dvb-core: Fix double free in dvb_register_device() In function dvb_register_device() -> dvb_register_media_device() -> dvb_create_media_entity(), dvb->entity is allocated and initialized. If the initiali | ||
| CVE-2022-50498 | — | < 5.14.21-150400.24.184.1 | 5.14.21-150400.24.184.1 | Oct 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: eth: alx: take rtnl_lock on resume Zbynek reports that alx trips an rtnl assertion on resume: RTNL: assertion failed at net/core/dev.c (2891) RIP: 0010:netif_set_real_num_tx_queues+0x1ac/0x1c0 Call Trace: | ||
| CVE-2022-50497 | — | < 5.14.21-150400.24.184.1 | 5.14.21-150400.24.184.1 | Oct 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: binfmt_misc: fix shift-out-of-bounds in check_special_flags UBSAN reported a shift-out-of-bounds warning: left shift of 1 by 31 places cannot be represented in type 'int' Call Trace: __dump_stack | ||
| CVE-2022-50496 | — | < 5.14.21-150400.24.184.1 | 5.14.21-150400.24.184.1 | Oct 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: dm cache: Fix UAF in destroy() Dm_cache also has the same UAF problem when dm_resume() and dm_destroy() are concurrent. Therefore, cancelling timer again in destroy(). | ||
| CVE-2022-50494 | — | < 5.14.21-150400.24.184.1 | 5.14.21-150400.24.184.1 | Oct 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: thermal: intel_powerclamp: Use get_cpu() instead of smp_processor_id() to avoid crash When CPU 0 is offline and intel_powerclamp is used to inject idle, it generates kernel BUG: BUG: using smp_processor_id() i | ||
| CVE-2022-50493 | — | < 5.14.21-150400.24.184.1 | 5.14.21-150400.24.184.1 | Oct 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix crash when I/O abort times out While performing CPU hotplug, a crash with the following stack was seen: Call Trace: qla24xx_process_response_queue+0x42a/0x970 [qla2xxx] qla2x00_sta | ||
| CVE-2022-50492 | — | < 5.14.21-150400.24.184.1 | 5.14.21-150400.24.184.1 | Oct 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: drm/msm: fix use-after-free on probe deferral The bridge counter was never reset when tearing down the DRM device so that stale pointers to deallocated structures would be accessed on the next tear down (e.g. a | ||
| CVE-2022-50490 | — | < 5.14.21-150400.24.184.1 | 5.14.21-150400.24.184.1 | Oct 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: bpf: Propagate error from htab_lock_bucket() to userspace In __htab_map_lookup_and_delete_batch() if htab_lock_bucket() returns -EBUSY, it will go to next bucket. Going to next bucket may not only skip the elem | ||
| CVE-2022-50489 | — | < 5.14.21-150400.24.184.1 | 5.14.21-150400.24.184.1 | Oct 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: drm/mipi-dsi: Detach devices when removing the host Whenever the MIPI-DSI host is unregistered, the code of mipi_dsi_host_unregister() loops over every device currently found on that bus and will unregister it. | ||
| CVE-2022-50488 | — | < 5.14.21-150400.24.184.1 | 5.14.21-150400.24.184.1 | Oct 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix possible uaf for 'bfqq->bic' Our test report a uaf for 'bfqq->bic' in 5.10: ================================================================== BUG: KASAN: use-after-free in bfq_select_queue+0x3 | ||
| CVE-2023-53579 | — | < 5.14.21-150400.24.184.1 | 5.14.21-150400.24.184.1 | Oct 4, 2025 | In the Linux kernel, the following vulnerability has been resolved: gpio: mvebu: fix irq domain leak Uwe Kleine-König pointed out we still have one resource leak in the mvebu driver triggered on driver detach. Let's address it with a custom devm action. |
- CVE-2023-53594Oct 4, 2025affected < 5.14.21-150400.24.184.1fixed 5.14.21-150400.24.184.1
In the Linux kernel, the following vulnerability has been resolved: driver core: fix resource leak in device_add() When calling kobject_add() failed in device_add(), it will call cleanup_glue_dir() to free resource. But in kobject_add(), dev->kobj.parent has been set to NULL. T
- CVE-2023-53592Oct 4, 2025affected < 5.14.21-150400.24.184.1fixed 5.14.21-150400.24.184.1
In the Linux kernel, the following vulnerability has been resolved: gpio: sifive: Fix refcount leak in sifive_gpio_probe of_irq_find_parent() returns a node pointer with refcount incremented, We should use of_node_put() on it when not needed anymore. Add missing of_node_put() t
- CVE-2023-53589Oct 4, 2025affected < 5.14.21-150400.24.184.1fixed 5.14.21-150400.24.184.1
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: don't trust firmware n_channels If the firmware sends us a corrupted MCC response with n_channels much larger than the command response can be, we might copy far too much (uninitialized) mem
- CVE-2023-53587Oct 4, 2025affected < 5.14.21-150400.24.184.1fixed 5.14.21-150400.24.184.1
In the Linux kernel, the following vulnerability has been resolved: ring-buffer: Sync IRQ works before buffer destruction If something was written to the buffer just before destruction, it may be possible (maybe not in a real system, but it did happen in ARCH=um with time-trave
- CVE-2023-53582Oct 4, 2025affected < 5.14.21-150400.24.184.1fixed 5.14.21-150400.24.184.1
In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: ensure CLM version is null-terminated to prevent stack-out-of-bounds Fix a stack-out-of-bounds read in brcmfmac that occurs when 'buf' that is not null-terminated is passed as an argument of str
- CVE-2022-50505Oct 4, 2025affected < 5.14.21-150400.24.184.1fixed 5.14.21-150400.24.184.1
In the Linux kernel, the following vulnerability has been resolved: iommu/amd: Fix pci device refcount leak in ppr_notifier() As comment of pci_get_domain_bus_and_slot() says, it returns a pci device with refcount increment, when finish using it, the caller must decrement the r
- CVE-2022-50504Oct 4, 2025affected < 5.14.21-150400.24.184.1fixed 5.14.21-150400.24.184.1
In the Linux kernel, the following vulnerability has been resolved: powerpc/rtas: avoid scheduling in rtas_os_term() It's unsafe to use rtas_busy_delay() to handle a busy status from the ibm,os-term RTAS function in rtas_os_term(): Kernel panic - not syncing: Attempted to kill
- CVE-2022-50503Oct 4, 2025affected < 5.14.21-150400.24.184.1fixed 5.14.21-150400.24.184.1
In the Linux kernel, the following vulnerability has been resolved: mtd: lpddr2_nvm: Fix possible null-ptr-deref It will cause null-ptr-deref when resource_size(add_range) invoked, if platform_get_resource() returns NULL.
- CVE-2022-50501Oct 4, 2025affected < 5.14.21-150400.24.184.1fixed 5.14.21-150400.24.184.1
In the Linux kernel, the following vulnerability has been resolved: media: coda: Add check for dcoda_iram_alloc As the coda_iram_alloc may return NULL pointer, it should be better to check the return value in order to avoid NULL poineter dereference, same as the others.
- CVE-2022-50499Oct 4, 2025affected < 5.14.21-150400.24.184.1fixed 5.14.21-150400.24.184.1
In the Linux kernel, the following vulnerability has been resolved: media: dvb-core: Fix double free in dvb_register_device() In function dvb_register_device() -> dvb_register_media_device() -> dvb_create_media_entity(), dvb->entity is allocated and initialized. If the initiali
- CVE-2022-50498Oct 4, 2025affected < 5.14.21-150400.24.184.1fixed 5.14.21-150400.24.184.1
In the Linux kernel, the following vulnerability has been resolved: eth: alx: take rtnl_lock on resume Zbynek reports that alx trips an rtnl assertion on resume: RTNL: assertion failed at net/core/dev.c (2891) RIP: 0010:netif_set_real_num_tx_queues+0x1ac/0x1c0 Call Trace:
- CVE-2022-50497Oct 4, 2025affected < 5.14.21-150400.24.184.1fixed 5.14.21-150400.24.184.1
In the Linux kernel, the following vulnerability has been resolved: binfmt_misc: fix shift-out-of-bounds in check_special_flags UBSAN reported a shift-out-of-bounds warning: left shift of 1 by 31 places cannot be represented in type 'int' Call Trace: __dump_stack
- CVE-2022-50496Oct 4, 2025affected < 5.14.21-150400.24.184.1fixed 5.14.21-150400.24.184.1
In the Linux kernel, the following vulnerability has been resolved: dm cache: Fix UAF in destroy() Dm_cache also has the same UAF problem when dm_resume() and dm_destroy() are concurrent. Therefore, cancelling timer again in destroy().
- CVE-2022-50494Oct 4, 2025affected < 5.14.21-150400.24.184.1fixed 5.14.21-150400.24.184.1
In the Linux kernel, the following vulnerability has been resolved: thermal: intel_powerclamp: Use get_cpu() instead of smp_processor_id() to avoid crash When CPU 0 is offline and intel_powerclamp is used to inject idle, it generates kernel BUG: BUG: using smp_processor_id() i
- CVE-2022-50493Oct 4, 2025affected < 5.14.21-150400.24.184.1fixed 5.14.21-150400.24.184.1
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix crash when I/O abort times out While performing CPU hotplug, a crash with the following stack was seen: Call Trace: qla24xx_process_response_queue+0x42a/0x970 [qla2xxx] qla2x00_sta
- CVE-2022-50492Oct 4, 2025affected < 5.14.21-150400.24.184.1fixed 5.14.21-150400.24.184.1
In the Linux kernel, the following vulnerability has been resolved: drm/msm: fix use-after-free on probe deferral The bridge counter was never reset when tearing down the DRM device so that stale pointers to deallocated structures would be accessed on the next tear down (e.g. a
- CVE-2022-50490Oct 4, 2025affected < 5.14.21-150400.24.184.1fixed 5.14.21-150400.24.184.1
In the Linux kernel, the following vulnerability has been resolved: bpf: Propagate error from htab_lock_bucket() to userspace In __htab_map_lookup_and_delete_batch() if htab_lock_bucket() returns -EBUSY, it will go to next bucket. Going to next bucket may not only skip the elem
- CVE-2022-50489Oct 4, 2025affected < 5.14.21-150400.24.184.1fixed 5.14.21-150400.24.184.1
In the Linux kernel, the following vulnerability has been resolved: drm/mipi-dsi: Detach devices when removing the host Whenever the MIPI-DSI host is unregistered, the code of mipi_dsi_host_unregister() loops over every device currently found on that bus and will unregister it.
- CVE-2022-50488Oct 4, 2025affected < 5.14.21-150400.24.184.1fixed 5.14.21-150400.24.184.1
In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix possible uaf for 'bfqq->bic' Our test report a uaf for 'bfqq->bic' in 5.10: ================================================================== BUG: KASAN: use-after-free in bfq_select_queue+0x3
- CVE-2023-53579Oct 4, 2025affected < 5.14.21-150400.24.184.1fixed 5.14.21-150400.24.184.1
In the Linux kernel, the following vulnerability has been resolved: gpio: mvebu: fix irq domain leak Uwe Kleine-König pointed out we still have one resource leak in the mvebu driver triggered on driver detach. Let's address it with a custom devm action.
Page 7 of 28