rpm package
suse/kgraft-patch-SLE12-SP5_Update_70&distro=SUSE Linux Enterprise Live Patching 12 SP5
pkg:rpm/suse/kgraft-patch-SLE12-SP5_Update_70&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012%20SP5
Vulnerabilities (150)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-50173 | — | < 1-8.5.1 | 1-8.5.1 | Jun 18, 2025 | In the Linux kernel, the following vulnerability has been resolved: drm/msm/mdp5: Fix global state lock backoff We need to grab the lock after the early return for !hwpipe case. Otherwise, we could have hit contention yet still returned 0. Fixes an issue that the new CONFIG_DR | ||
| CVE-2022-50153 | — | < 1-8.5.1 | 1-8.5.1 | Jun 18, 2025 | In the Linux kernel, the following vulnerability has been resolved: usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe of_find_compatible_node() returns a node pointer with refcount incremented, we should use of_node_put() on it when done. Add missing of_node_put() to avoid | ||
| CVE-2022-50152 | — | < 1-8.5.1 | 1-8.5.1 | Jun 18, 2025 | In the Linux kernel, the following vulnerability has been resolved: usb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe of_parse_phandle() returns a node pointer with refcount incremented, we should use of_node_put() on it when not need anymore. Add missing of_node_put() to | ||
| CVE-2022-50146 | — | < 1-8.5.1 | 1-8.5.1 | Jun 18, 2025 | In the Linux kernel, the following vulnerability has been resolved: PCI: dwc: Deallocate EPC memory on dw_pcie_ep_init() errors If dw_pcie_ep_init() fails to perform any action after the EPC memory is initialized and the MSI memory region is allocated, the latter parts won't be | ||
| CVE-2022-50134 | — | < 1-8.5.1 | 1-8.5.1 | Jun 18, 2025 | In the Linux kernel, the following vulnerability has been resolved: RDMA/hfi1: fix potential memory leak in setup_base_ctxt() setup_base_ctxt() allocates a memory chunk for uctxt->groups with hfi1_alloc_ctxt_rcv_groups(). When init_user_ctxt() fails, uctxt->groups is not releas | ||
| CVE-2022-50126 | — | < 1-8.5.1 | 1-8.5.1 | Jun 18, 2025 | In the Linux kernel, the following vulnerability has been resolved: jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when journal aborted Following process will fail assertion 'jh->b_frozen_data == NULL' in jbd2_journal_dirty_metadata(): jbd2_journal_ | ||
| CVE-2022-50109 | — | < 1-8.5.1 | 1-8.5.1 | Jun 18, 2025 | In the Linux kernel, the following vulnerability has been resolved: video: fbdev: amba-clcd: Fix refcount leak bugs In clcdfb_of_init_display(), we should call of_node_put() for the references returned by of_graph_get_next_endpoint() and of_graph_get_remote_port_parent() which | ||
| CVE-2022-50104 | — | < 1-8.5.1 | 1-8.5.1 | Jun 18, 2025 | In the Linux kernel, the following vulnerability has been resolved: powerpc/xive: Fix refcount leak in xive_get_max_prio of_find_node_by_path() returns a node pointer with refcount incremented, we should use of_node_put() on it when done. Add missing of_node_put() to avoid refc | ||
| CVE-2022-50102 | — | < 1-8.5.1 | 1-8.5.1 | Jun 18, 2025 | In the Linux kernel, the following vulnerability has been resolved: video: fbdev: arkfb: Fix a divide-by-zero bug in ark_set_pixclock() Since the user can control the arguments of the ioctl() from the user space, under special arguments that may result in a divide-by-zero bug i | ||
| CVE-2022-50101 | — | < 1-8.5.1 | 1-8.5.1 | Jun 18, 2025 | In the Linux kernel, the following vulnerability has been resolved: video: fbdev: vt8623fb: Check the size of screen before memset_io() In the function vt8623fb_set_par(), the value of 'screen_size' is calculated by the user input. If the user provides the improper value, the v | ||
| CVE-2022-50099 | — | < 1-8.5.1 | 1-8.5.1 | Jun 18, 2025 | In the Linux kernel, the following vulnerability has been resolved: video: fbdev: arkfb: Check the size of screen before memset_io() In the function arkfb_set_par(), the value of 'screen_size' is calculated by the user input. If the user provides the improper value, the value o | ||
| CVE-2022-50098 | — | < 1-8.5.1 | 1-8.5.1 | Jun 18, 2025 | In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix crash due to stale SRB access around I/O timeouts Ensure SRB is returned during I/O timeout error escalation. If that is not possible fail the escalation path. Following crash stack was seen | ||
| CVE-2022-50097 | — | < 1-8.5.1 | 1-8.5.1 | Jun 18, 2025 | In the Linux kernel, the following vulnerability has been resolved: video: fbdev: s3fb: Check the size of screen before memset_io() In the function s3fb_set_par(), the value of 'screen_size' is calculated by the user input. If the user provides the improper value, the value of | ||
| CVE-2022-50094 | — | < 1-8.5.1 | 1-8.5.1 | Jun 18, 2025 | In the Linux kernel, the following vulnerability has been resolved: spmi: trace: fix stack-out-of-bound access in SPMI tracing functions trace_spmi_write_begin() and trace_spmi_read_end() both call memcpy() with a length of "len + 1". This leads to one extra byte being read be | ||
| CVE-2022-50093 | — | < 1-8.5.1 | 1-8.5.1 | Jun 18, 2025 | In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: avoid invalid memory access via node_online(NUMA_NO_NODE) KASAN reports: [ 4.668325][ T0] BUG: KASAN: wild-memory-access in dmar_parse_one_rhsa (arch/x86/include/asm/bitops.h:214 arch/x86/include/a | ||
| CVE-2022-50092 | — | < 1-8.5.1 | 1-8.5.1 | Jun 18, 2025 | In the Linux kernel, the following vulnerability has been resolved: dm thin: fix use-after-free crash in dm_sm_register_threshold_callback Fault inject on pool metadata device reports: BUG: KASAN: use-after-free in dm_pool_register_metadata_threshold+0x40/0x80 Read of size | ||
| CVE-2022-50091 | — | < 1-8.5.1 | 1-8.5.1 | Jun 18, 2025 | In the Linux kernel, the following vulnerability has been resolved: locking/csd_lock: Change csdlock_debug from early_param to __setup The csdlock_debug kernel-boot parameter is parsed by the early_param() function csdlock_debug(). If set, csdlock_debug() invokes static_branch | ||
| CVE-2022-50087 | — | < 1-8.5.1 | 1-8.5.1 | Jun 18, 2025 | In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails When scpi probe fails, at any point, we need to ensure that the scpi_info is not set and will remain NULL until the probe succeeds. If it | ||
| CVE-2022-50085 | — | < 1-8.5.1 | 1-8.5.1 | Jun 18, 2025 | In the Linux kernel, the following vulnerability has been resolved: dm raid: fix address sanitizer warning in raid_resume There is a KASAN warning in raid_resume when running the lvm test lvconvert-raid.sh. The reason for the warning is that mddev->raid_disks is greater than rs | ||
| CVE-2022-50084 | — | < 1-8.5.1 | 1-8.5.1 | Jun 18, 2025 | In the Linux kernel, the following vulnerability has been resolved: dm raid: fix address sanitizer warning in raid_status There is this warning when using a kernel with the address sanitizer and running this testsuite: https://gitlab.com/cki-project/kernel-tests/-/tree/main/sto |
- CVE-2022-50173Jun 18, 2025affected < 1-8.5.1fixed 1-8.5.1
In the Linux kernel, the following vulnerability has been resolved: drm/msm/mdp5: Fix global state lock backoff We need to grab the lock after the early return for !hwpipe case. Otherwise, we could have hit contention yet still returned 0. Fixes an issue that the new CONFIG_DR
- CVE-2022-50153Jun 18, 2025affected < 1-8.5.1fixed 1-8.5.1
In the Linux kernel, the following vulnerability has been resolved: usb: host: Fix refcount leak in ehci_hcd_ppc_of_probe of_find_compatible_node() returns a node pointer with refcount incremented, we should use of_node_put() on it when done. Add missing of_node_put() to avoid
- CVE-2022-50152Jun 18, 2025affected < 1-8.5.1fixed 1-8.5.1
In the Linux kernel, the following vulnerability has been resolved: usb: ohci-nxp: Fix refcount leak in ohci_hcd_nxp_probe of_parse_phandle() returns a node pointer with refcount incremented, we should use of_node_put() on it when not need anymore. Add missing of_node_put() to
- CVE-2022-50146Jun 18, 2025affected < 1-8.5.1fixed 1-8.5.1
In the Linux kernel, the following vulnerability has been resolved: PCI: dwc: Deallocate EPC memory on dw_pcie_ep_init() errors If dw_pcie_ep_init() fails to perform any action after the EPC memory is initialized and the MSI memory region is allocated, the latter parts won't be
- CVE-2022-50134Jun 18, 2025affected < 1-8.5.1fixed 1-8.5.1
In the Linux kernel, the following vulnerability has been resolved: RDMA/hfi1: fix potential memory leak in setup_base_ctxt() setup_base_ctxt() allocates a memory chunk for uctxt->groups with hfi1_alloc_ctxt_rcv_groups(). When init_user_ctxt() fails, uctxt->groups is not releas
- CVE-2022-50126Jun 18, 2025affected < 1-8.5.1fixed 1-8.5.1
In the Linux kernel, the following vulnerability has been resolved: jbd2: fix assertion 'jh->b_frozen_data == NULL' failure when journal aborted Following process will fail assertion 'jh->b_frozen_data == NULL' in jbd2_journal_dirty_metadata(): jbd2_journal_
- CVE-2022-50109Jun 18, 2025affected < 1-8.5.1fixed 1-8.5.1
In the Linux kernel, the following vulnerability has been resolved: video: fbdev: amba-clcd: Fix refcount leak bugs In clcdfb_of_init_display(), we should call of_node_put() for the references returned by of_graph_get_next_endpoint() and of_graph_get_remote_port_parent() which
- CVE-2022-50104Jun 18, 2025affected < 1-8.5.1fixed 1-8.5.1
In the Linux kernel, the following vulnerability has been resolved: powerpc/xive: Fix refcount leak in xive_get_max_prio of_find_node_by_path() returns a node pointer with refcount incremented, we should use of_node_put() on it when done. Add missing of_node_put() to avoid refc
- CVE-2022-50102Jun 18, 2025affected < 1-8.5.1fixed 1-8.5.1
In the Linux kernel, the following vulnerability has been resolved: video: fbdev: arkfb: Fix a divide-by-zero bug in ark_set_pixclock() Since the user can control the arguments of the ioctl() from the user space, under special arguments that may result in a divide-by-zero bug i
- CVE-2022-50101Jun 18, 2025affected < 1-8.5.1fixed 1-8.5.1
In the Linux kernel, the following vulnerability has been resolved: video: fbdev: vt8623fb: Check the size of screen before memset_io() In the function vt8623fb_set_par(), the value of 'screen_size' is calculated by the user input. If the user provides the improper value, the v
- CVE-2022-50099Jun 18, 2025affected < 1-8.5.1fixed 1-8.5.1
In the Linux kernel, the following vulnerability has been resolved: video: fbdev: arkfb: Check the size of screen before memset_io() In the function arkfb_set_par(), the value of 'screen_size' is calculated by the user input. If the user provides the improper value, the value o
- CVE-2022-50098Jun 18, 2025affected < 1-8.5.1fixed 1-8.5.1
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix crash due to stale SRB access around I/O timeouts Ensure SRB is returned during I/O timeout error escalation. If that is not possible fail the escalation path. Following crash stack was seen
- CVE-2022-50097Jun 18, 2025affected < 1-8.5.1fixed 1-8.5.1
In the Linux kernel, the following vulnerability has been resolved: video: fbdev: s3fb: Check the size of screen before memset_io() In the function s3fb_set_par(), the value of 'screen_size' is calculated by the user input. If the user provides the improper value, the value of
- CVE-2022-50094Jun 18, 2025affected < 1-8.5.1fixed 1-8.5.1
In the Linux kernel, the following vulnerability has been resolved: spmi: trace: fix stack-out-of-bound access in SPMI tracing functions trace_spmi_write_begin() and trace_spmi_read_end() both call memcpy() with a length of "len + 1". This leads to one extra byte being read be
- CVE-2022-50093Jun 18, 2025affected < 1-8.5.1fixed 1-8.5.1
In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: avoid invalid memory access via node_online(NUMA_NO_NODE) KASAN reports: [ 4.668325][ T0] BUG: KASAN: wild-memory-access in dmar_parse_one_rhsa (arch/x86/include/asm/bitops.h:214 arch/x86/include/a
- CVE-2022-50092Jun 18, 2025affected < 1-8.5.1fixed 1-8.5.1
In the Linux kernel, the following vulnerability has been resolved: dm thin: fix use-after-free crash in dm_sm_register_threshold_callback Fault inject on pool metadata device reports: BUG: KASAN: use-after-free in dm_pool_register_metadata_threshold+0x40/0x80 Read of size
- CVE-2022-50091Jun 18, 2025affected < 1-8.5.1fixed 1-8.5.1
In the Linux kernel, the following vulnerability has been resolved: locking/csd_lock: Change csdlock_debug from early_param to __setup The csdlock_debug kernel-boot parameter is parsed by the early_param() function csdlock_debug(). If set, csdlock_debug() invokes static_branch
- CVE-2022-50087Jun 18, 2025affected < 1-8.5.1fixed 1-8.5.1
In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scpi: Ensure scpi_info is not assigned if the probe fails When scpi probe fails, at any point, we need to ensure that the scpi_info is not set and will remain NULL until the probe succeeds. If it
- CVE-2022-50085Jun 18, 2025affected < 1-8.5.1fixed 1-8.5.1
In the Linux kernel, the following vulnerability has been resolved: dm raid: fix address sanitizer warning in raid_resume There is a KASAN warning in raid_resume when running the lvm test lvconvert-raid.sh. The reason for the warning is that mddev->raid_disks is greater than rs
- CVE-2022-50084Jun 18, 2025affected < 1-8.5.1fixed 1-8.5.1
In the Linux kernel, the following vulnerability has been resolved: dm raid: fix address sanitizer warning in raid_status There is this warning when using a kernel with the address sanitizer and running this testsuite: https://gitlab.com/cki-project/kernel-tests/-/tree/main/sto
Page 3 of 8