OESA-2025-1205 kernel security update

The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: bpf: Prevent tailcall infinite loop caused by freplace There is a potential infinite loop issue that can occur when using a combination of tail calls and freplac...

CVE-2022-49478

In the Linux kernel, the following vulnerability has been resolved: media: pvrusb2: fix array-index-out-of-bounds in pvr2i2ccoreinit Syzbot reported that -1 is used as array index. The problem was in missing validation check. hdw-unitnumber is initialized with -1 and then if init table walk fails...

SUSE CVE-2024-57983

In the Linux kernel, the following vulnerability has been resolved: mailbox: th1520: Fix memory corruption due to incorrect array size The functions th1520mboxsuspendnoirq and th1520mboxresumenoirq are intended to save and restore the interrupt mask registers in the MBOX ICU0. However, the array...

SUSE CVE-2024-57994

In the Linux kernel, the following vulnerability has been resolved: ptrring: do not block hard interrupts in ptrringresizemultiple Jakub added a lockdepassertnohardirq check in pagepoolputpage to increase test coverage. syzbot found a splat caused by hard irq blocking in ptrringresizemultiple 1 A...

SUSE CVE-2024-57996

In the Linux kernel, the following vulnerability has been resolved: netsched: schsfq: don't allow 1 packet limit The current implementation does not work correctly with a limit of 1. iproute2 actually checks for this and this patch adds the check in kernel as well. This fixes the following...

DEBIAN-CVE-2024-49570

In the Linux kernel, the following vulnerability has been resolved: drm/xe/tracing: Fix a potential TPprintk UAF The commit afd2627f727b "tracing: Check "%s" dereference via the field and not the TPprintk format" exposes potential UAFs in the xebomove trace event. Fix those by avoiding...

SUSE CVE-2021-47649

In the Linux kernel, the following vulnerability has been resolved: udmabuf: validate ubuf-pagecount Syzbot has reported GPF in sgallocappendtablefrompages. The problem was in ubuf-pages == ZEROPTR. ubuf-pagecount is calculated from arguments passed from user-space. If user creates udmabuf with...

SUSE CVE-2021-47657

In the Linux kernel, the following vulnerability has been resolved: drm/virtio: Ensure that objs is not NULL in virtiogpuarrayputfree If virtiogpuobjectshmeminit fails e.g. due to fault injection, as it happened in the bug report by syzbot, virtiogpuarrayputfree could be called with objs equal to...

SUSE CVE-2022-49055

In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Check for potential null return of kmallocarray As the kmallocarray may return null, the 'eventwaitersi.wait' would lead to null-pointer dereference. Therefore, it is better to check the return value of kmallocarray t...

SUSE CVE-2022-49122

In the Linux kernel, the following vulnerability has been resolved: dm ioctl: prevent potential spectre v1 gadget It appears like cmd could be a Spectre v1 gadget as it's supplied by a user and used as an array index. Prevent the contents of kernel memory from being leaked to userspace via...

SUSE CVE-2022-49148

In the Linux kernel, the following vulnerability has been resolved: watchqueue: Free the page array when watchqueue is dismantled Commit 7ea1a0124b6d "watchqueue: Free the alloc bitmap when the watchqueue is torn down" took care of the bitmap, but not the page array. BUG: memory leak unreferenced...

SUSE CVE-2022-49170

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on curseg-alloctype As Wenqing Liu reported in bugzilla: https://bugzilla.kernel.org/showbug.cgi?id=215657 - Overview UBSAN: array-index-out-of-bounds in fs/f2fs/segment.c:3460:2 when mount and operat...

SUSE CVE-2022-49249

In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: wc938x: fix accessing array out of bounds for enum type Accessing enums using integer would result in array out of bounds access on platforms like aarch64 where sizeoflong is 8 compared to enum size which is 4 bytes...

SUSE CVE-2022-49251

In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: va-macro: fix accessing array out of bounds for enum type Accessing enums using integer would result in array out of bounds access on platforms like aarch64 where sizeoflong is 8 compared to enum size which is 4 byt...

SUSE CVE-2022-49252

In the Linux kernel, the following vulnerability has been resolved: ASoC: codecs: rx-macro: fix accessing array out of bounds for enum type Accessing enums using integer would result in array out of bounds access on platforms like aarch64 where sizeoflong is 8 compared to enum size which is 4 byt...

SUSE CVE-2022-49365

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Off by one in dmdmuboutbox1lowirq The ARRAYSIZE should be = ARRAYSIZE to prevent an out of bounds access...

SUSE CVE-2022-49478

In the Linux kernel, the following vulnerability has been resolved: media: pvrusb2: fix array-index-out-of-bounds in pvr2i2ccoreinit Syzbot reported that -1 is used as array index. The problem was in missing validation check. hdw-unitnumber is initialized with -1 and then if init table walk fails...

SUSE CVE-2022-49548

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix potential array overflow in bpftrampolinegetprogs The cnt value in the 'cnt = BPFMAXTRAMPPROGS' check does not include BPFTRAMPMODIFYRETURN bpf programs, so the number of the attached BPFTRAMPMODIFYRETURN bpf programs in...

SUSE CVE-2022-49551

In the Linux kernel, the following vulnerability has been resolved: usb: isp1760: Fix out-of-bounds array access Running the driver through kasan gives an interesting splat: BUG: KASAN: global-out-of-bounds in isp1760register+0x180/0x70c Read of size 20 at addr f1db2e64 by task swapper/0/1...

CVE-2025-21794 HID: hid-thrustmaster: fix stack-out-of-bounds read in usb_check_int_endpoints()

In the Linux kernel, the following vulnerability has been resolved: HID: hid-thrustmaster: fix stack-out-of-bounds read in usbcheckintendpoints Syzbot1 has detected a stack-out-of-bounds read of the epaddr array from hid-thrustmaster driver. This array is passed to usbcheckintendpoints function...