rpm package
opensuse/kernel-default&distro=openSUSE Leap 15.5
pkg:rpm/opensuse/kernel-default&distro=openSUSE%20Leap%2015.5
Vulnerabilities (1,895)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-41060 | — | < 5.14.21-150500.55.80.2 | 5.14.21-150500.55.80.2 | Jul 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/radeon: check bo_va->bo is non-NULL before using it The call to radeon_vm_clear_freed might clear bo_va->bo, so we have to check it before dereferencing it. | ||
| CVE-2024-41059 | — | < 5.14.21-150500.55.73.1 | 5.14.21-150500.55.73.1 | Jul 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix uninit-value in copy_name [syzbot reported] BUG: KMSAN: uninit-value in sized_strscpy+0xc4/0x160 sized_strscpy+0xc4/0x160 copy_name+0x2af/0x320 fs/hfsplus/xattr.c:411 hfsplus_listxattr+0x11e9/0x | ||
| CVE-2024-41058 | — | < 5.14.21-150500.55.73.1 | 5.14.21-150500.55.73.1 | Jul 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: cachefiles: fix slab-use-after-free in fscache_withdraw_volume() We got the following issue in our fault injection stress test: ================================================================== BUG: KASAN: sl | ||
| CVE-2024-41057 | — | < 5.14.21-150500.55.73.1 | 5.14.21-150500.55.73.1 | Jul 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: cachefiles: fix slab-use-after-free in cachefiles_withdraw_cookie() We got the following issue in our fault injection stress test: ================================================================== BUG: KASAN: | ||
| CVE-2024-41056 | — | < 5.14.21-150500.55.80.2 | 5.14.21-150500.55.80.2 | Jul 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: firmware: cs_dsp: Use strnlen() on name fields in V1 wmfw files Use strnlen() instead of strlen() on the algorithm and coefficient name string arrays in V1 wmfw files. In V1 wmfw files the name is a NUL-termin | ||
| CVE-2024-41048 | — | < 5.14.21-150500.55.73.1 | 5.14.21-150500.55.73.1 | Jul 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: skmsg: Skip zero length skb in sk_msg_recvmsg When running BPF selftests (./test_progs -t sockmap_basic) on a Loongarch platform, the following kernel panic occurs: [...] Oops[#1]: CPU: 22 PID: 2824 Comm | ||
| CVE-2024-41045 | — | < 5.14.21-150500.55.80.2 | 5.14.21-150500.55.80.2 | Jul 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: bpf: Defer work in bpf_timer_cancel_and_free Currently, the same case as previous patch (two timer callbacks trying to cancel each other) can be invoked through bpf_map_update_elem as well, or more precisely, f | ||
| CVE-2024-41044 | — | < 5.14.21-150500.55.73.1 | 5.14.21-150500.55.73.1 | Jul 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: ppp: reject claimed-as-LCP but actually malformed packets Since 'ppp_async_encode()' assumes valid LCP packets (with code from 1 to 7 inclusive), add 'ppp_check_packet()' to ensure that LCP packet has an actual | ||
| CVE-2024-41042 | — | < 5.14.21-150500.55.80.2 | 5.14.21-150500.55.80.2 | Jul 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: prefer nft_chain_validate nft_chain_validate already performs loop detection because a cycle will result in a call stack overflow (ctx->level >= NFT_JUMP_STACK_SIZE). It also follows maps | ||
| CVE-2024-41041 | — | < 5.14.21-150500.55.73.1 | 5.14.21-150500.55.73.1 | Jul 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port(). syzkaller triggered the warning [0] in udp_v4_early_demux(). In udp_v[46]_early_demux() and sk_lookup(), we do not touch the refcount of the looked-up sk a | ||
| CVE-2024-41040 | — | < 5.14.21-150500.55.73.1 | 5.14.21-150500.55.73.1 | Jul 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: net/sched: Fix UAF when resolving a clash KASAN reports the following UAF: BUG: KASAN: slab-use-after-free in tcf_ct_flow_table_process_conn+0x12b/0x380 [act_ct] Read of size 1 at addr ffff888c07603600 by ta | ||
| CVE-2024-41039 | — | < 5.14.21-150500.55.80.2 | 5.14.21-150500.55.80.2 | Jul 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: firmware: cs_dsp: Fix overflow checking of wmfw header Fix the checking that firmware file buffer is large enough for the wmfw header, to prevent overrunning the buffer. The original code tested that the firmw | ||
| CVE-2024-41038 | — | < 5.14.21-150500.55.80.2 | 5.14.21-150500.55.80.2 | Jul 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: firmware: cs_dsp: Prevent buffer overrun when processing V2 alg headers Check that all fields of a V2 algorithm header fit into the available firmware data buffer. The wmfw V2 format introduced variable-length | ||
| CVE-2024-41036 | — | < 5.14.21-150500.55.80.2 | 5.14.21-150500.55.80.2 | Jul 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: ks8851: Fix deadlock with the SPI chip variant When SMP is enabled and spinlocks are actually functional then there is a deadlock with the 'statelock' spinlock between ks8851_start_xmit_spi and ks8851_irq: | ||
| CVE-2024-41035 | — | < 5.14.21-150500.55.80.2 | 5.14.21-150500.55.80.2 | Jul 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor Syzbot has identified a bug in usbcore (see the Closes: tag below) caused by our assumption that the reserved bits in an endpoin | ||
| CVE-2024-41022 | — | < 5.14.21-150500.55.80.2 | 5.14.21-150500.55.80.2 | Jul 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix signedness bug in sdma_v4_0_process_trap_irq() The "instance" variable needs to be signed for the error handling to work. | ||
| CVE-2024-41020 | — | < 5.14.21-150500.55.80.2 | 5.14.21-150500.55.80.2 | Jul 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: filelock: Fix fcntl/close race recovery compat path When I wrote commit 3cad1bc01041 ("filelock: Remove locks reliably when fcntl/close race is detected"), I missed that there are two copies of the code I was p | ||
| CVE-2024-41016 | Med | 5.5 | < 5.14.21-150500.55.73.1 | 5.14.21-150500.55.73.1 | Jul 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry() xattr in ocfs2 maybe 'non-indexed', which saved with additional space requested. It's better to check if the memory is out of bound before me | |
| CVE-2024-41017 | — | < 5.14.21-150500.55.73.1 | 5.14.21-150500.55.73.1 | Jul 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: jfs: don't walk off the end of ealist Add a check before visiting the members of ea to make sure each ea stays within the ealist. | ||
| CVE-2024-41015 | — | < 5.14.21-150500.55.73.1 | 5.14.21-150500.55.73.1 | Jul 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: ocfs2: add bounds checking to ocfs2_check_dir_entry() This adds sanity checks for ocfs2_dir_entry to make sure all members of ocfs2_dir_entry don't stray beyond valid memory region. |
- CVE-2024-41060Jul 29, 2024affected < 5.14.21-150500.55.80.2fixed 5.14.21-150500.55.80.2
In the Linux kernel, the following vulnerability has been resolved: drm/radeon: check bo_va->bo is non-NULL before using it The call to radeon_vm_clear_freed might clear bo_va->bo, so we have to check it before dereferencing it.
- CVE-2024-41059Jul 29, 2024affected < 5.14.21-150500.55.73.1fixed 5.14.21-150500.55.73.1
In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix uninit-value in copy_name [syzbot reported] BUG: KMSAN: uninit-value in sized_strscpy+0xc4/0x160 sized_strscpy+0xc4/0x160 copy_name+0x2af/0x320 fs/hfsplus/xattr.c:411 hfsplus_listxattr+0x11e9/0x
- CVE-2024-41058Jul 29, 2024affected < 5.14.21-150500.55.73.1fixed 5.14.21-150500.55.73.1
In the Linux kernel, the following vulnerability has been resolved: cachefiles: fix slab-use-after-free in fscache_withdraw_volume() We got the following issue in our fault injection stress test: ================================================================== BUG: KASAN: sl
- CVE-2024-41057Jul 29, 2024affected < 5.14.21-150500.55.73.1fixed 5.14.21-150500.55.73.1
In the Linux kernel, the following vulnerability has been resolved: cachefiles: fix slab-use-after-free in cachefiles_withdraw_cookie() We got the following issue in our fault injection stress test: ================================================================== BUG: KASAN:
- CVE-2024-41056Jul 29, 2024affected < 5.14.21-150500.55.80.2fixed 5.14.21-150500.55.80.2
In the Linux kernel, the following vulnerability has been resolved: firmware: cs_dsp: Use strnlen() on name fields in V1 wmfw files Use strnlen() instead of strlen() on the algorithm and coefficient name string arrays in V1 wmfw files. In V1 wmfw files the name is a NUL-termin
- CVE-2024-41048Jul 29, 2024affected < 5.14.21-150500.55.73.1fixed 5.14.21-150500.55.73.1
In the Linux kernel, the following vulnerability has been resolved: skmsg: Skip zero length skb in sk_msg_recvmsg When running BPF selftests (./test_progs -t sockmap_basic) on a Loongarch platform, the following kernel panic occurs: [...] Oops[#1]: CPU: 22 PID: 2824 Comm
- CVE-2024-41045Jul 29, 2024affected < 5.14.21-150500.55.80.2fixed 5.14.21-150500.55.80.2
In the Linux kernel, the following vulnerability has been resolved: bpf: Defer work in bpf_timer_cancel_and_free Currently, the same case as previous patch (two timer callbacks trying to cancel each other) can be invoked through bpf_map_update_elem as well, or more precisely, f
- CVE-2024-41044Jul 29, 2024affected < 5.14.21-150500.55.73.1fixed 5.14.21-150500.55.73.1
In the Linux kernel, the following vulnerability has been resolved: ppp: reject claimed-as-LCP but actually malformed packets Since 'ppp_async_encode()' assumes valid LCP packets (with code from 1 to 7 inclusive), add 'ppp_check_packet()' to ensure that LCP packet has an actual
- CVE-2024-41042Jul 29, 2024affected < 5.14.21-150500.55.80.2fixed 5.14.21-150500.55.80.2
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: prefer nft_chain_validate nft_chain_validate already performs loop detection because a cycle will result in a call stack overflow (ctx->level >= NFT_JUMP_STACK_SIZE). It also follows maps
- CVE-2024-41041Jul 29, 2024affected < 5.14.21-150500.55.73.1fixed 5.14.21-150500.55.73.1
In the Linux kernel, the following vulnerability has been resolved: udp: Set SOCK_RCU_FREE earlier in udp_lib_get_port(). syzkaller triggered the warning [0] in udp_v4_early_demux(). In udp_v[46]_early_demux() and sk_lookup(), we do not touch the refcount of the looked-up sk a
- CVE-2024-41040Jul 29, 2024affected < 5.14.21-150500.55.73.1fixed 5.14.21-150500.55.73.1
In the Linux kernel, the following vulnerability has been resolved: net/sched: Fix UAF when resolving a clash KASAN reports the following UAF: BUG: KASAN: slab-use-after-free in tcf_ct_flow_table_process_conn+0x12b/0x380 [act_ct] Read of size 1 at addr ffff888c07603600 by ta
- CVE-2024-41039Jul 29, 2024affected < 5.14.21-150500.55.80.2fixed 5.14.21-150500.55.80.2
In the Linux kernel, the following vulnerability has been resolved: firmware: cs_dsp: Fix overflow checking of wmfw header Fix the checking that firmware file buffer is large enough for the wmfw header, to prevent overrunning the buffer. The original code tested that the firmw
- CVE-2024-41038Jul 29, 2024affected < 5.14.21-150500.55.80.2fixed 5.14.21-150500.55.80.2
In the Linux kernel, the following vulnerability has been resolved: firmware: cs_dsp: Prevent buffer overrun when processing V2 alg headers Check that all fields of a V2 algorithm header fit into the available firmware data buffer. The wmfw V2 format introduced variable-length
- CVE-2024-41036Jul 29, 2024affected < 5.14.21-150500.55.80.2fixed 5.14.21-150500.55.80.2
In the Linux kernel, the following vulnerability has been resolved: net: ks8851: Fix deadlock with the SPI chip variant When SMP is enabled and spinlocks are actually functional then there is a deadlock with the 'statelock' spinlock between ks8851_start_xmit_spi and ks8851_irq:
- CVE-2024-41035Jul 29, 2024affected < 5.14.21-150500.55.80.2fixed 5.14.21-150500.55.80.2
In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix duplicate endpoint bug by clearing reserved bits in the descriptor Syzbot has identified a bug in usbcore (see the Closes: tag below) caused by our assumption that the reserved bits in an endpoin
- CVE-2024-41022Jul 29, 2024affected < 5.14.21-150500.55.80.2fixed 5.14.21-150500.55.80.2
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix signedness bug in sdma_v4_0_process_trap_irq() The "instance" variable needs to be signed for the error handling to work.
- CVE-2024-41020Jul 29, 2024affected < 5.14.21-150500.55.80.2fixed 5.14.21-150500.55.80.2
In the Linux kernel, the following vulnerability has been resolved: filelock: Fix fcntl/close race recovery compat path When I wrote commit 3cad1bc01041 ("filelock: Remove locks reliably when fcntl/close race is detected"), I missed that there are two copies of the code I was p
- affected < 5.14.21-150500.55.73.1fixed 5.14.21-150500.55.73.1
In the Linux kernel, the following vulnerability has been resolved: ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry() xattr in ocfs2 maybe 'non-indexed', which saved with additional space requested. It's better to check if the memory is out of bound before me
- CVE-2024-41017Jul 29, 2024affected < 5.14.21-150500.55.73.1fixed 5.14.21-150500.55.73.1
In the Linux kernel, the following vulnerability has been resolved: jfs: don't walk off the end of ealist Add a check before visiting the members of ea to make sure each ea stays within the ealist.
- CVE-2024-41015Jul 29, 2024affected < 5.14.21-150500.55.73.1fixed 5.14.21-150500.55.73.1
In the Linux kernel, the following vulnerability has been resolved: ocfs2: add bounds checking to ocfs2_check_dir_entry() This adds sanity checks for ocfs2_dir_entry to make sure all members of ocfs2_dir_entry don't stray beyond valid memory region.
Page 13 of 95