rpm package
opensuse/kernel-default&distro=openSUSE Leap Micro 5.5
pkg:rpm/opensuse/kernel-default&distro=openSUSE%20Leap%20Micro%205.5
Vulnerabilities (928)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-47609 | — | < 5.14.21-150500.55.73.1 | 5.14.21-150500.55.73.1 | Jun 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scpi: Fix string overflow in SCPI genpd driver Without the bound checks for scpi_pd->name, it could result in the buffer overflow when copying the SCPI device name from the corresponding device tr | ||
| CVE-2021-47608 | — | < 5.14.21-150500.55.73.1 | 5.14.21-150500.55.73.1 | Jun 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: bpf: Fix kernel address leakage in atomic fetch The change in commit 37086bfdc737 ("bpf: Propagate stack bounds to registers in atomics w/ BPF_FETCH") around check_mem_access() handling is buggy since this woul | ||
| CVE-2021-47607 | — | < 5.14.21-150500.55.73.1 | 5.14.21-150500.55.73.1 | Jun 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: bpf: Fix kernel address leakage in atomic cmpxchg's r0 aux reg The implementation of BPF_CMPXCHG on a high level has the following parameters: .-[old-val] .-[new-val] | ||
| CVE-2021-47606 | — | < 5.14.21-150500.55.73.1 | 5.14.21-150500.55.73.1 | Jun 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: netlink: af_netlink: Prevent empty skb by adding a check on len. Adding a check on len parameter to avoid empty skb. This prevents a division error in netem_enqueue function which is caused when skb->len=0 | ||
| CVE-2021-47605 | — | < 5.14.21-150500.55.73.1 | 5.14.21-150500.55.73.1 | Jun 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: vduse: fix memory corruption in vduse_dev_ioctl() The "config.offset" comes from the user. There needs to a check to prevent it being out of bounds. The "config.offset" and "dev->config_size" variables are bo | ||
| CVE-2021-47604 | — | < 5.14.21-150500.55.73.1 | 5.14.21-150500.55.73.1 | Jun 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: vduse: check that offset is within bounds in get_config() This condition checks "len" but it does not check "offset" and that could result in an out of bounds read if "offset > dev->config_size". The problem is | ||
| CVE-2021-47603 | — | < 5.14.21-150500.55.73.1 | 5.14.21-150500.55.73.1 | Jun 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: audit: improve robustness of the audit queue handling If the audit daemon were ever to get stuck in a stopped state the kernel's kauditd_thread() could get blocked attempting to send audit records to the usersp | ||
| CVE-2021-47602 | — | < 5.14.21-150500.55.73.1 | 5.14.21-150500.55.73.1 | Jun 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: mac80211: track only QoS data frames for admission control For admission control, obviously all of that only works for QoS data frames, otherwise we cannot even access the QoS field in the header. Syzbot repor | ||
| CVE-2021-47601 | — | < 5.14.21-150500.55.73.1 | 5.14.21-150500.55.73.1 | Jun 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: tee: amdtee: fix an IS_ERR() vs NULL bug The __get_free_pages() function does not return error pointers it returns NULL so fix this condition to avoid a NULL dereference. | ||
| CVE-2021-47600 | — | < 5.14.21-150500.55.73.1 | 5.14.21-150500.55.73.1 | Jun 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: dm btree remove: fix use after free in rebalance_children() Move dm_tm_unlock() after dm_tm_dec(). | ||
| CVE-2021-47599 | — | < 5.14.21-150500.55.73.1 | 5.14.21-150500.55.73.1 | Jun 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: btrfs: use latest_dev in btrfs_show_devname The test case btrfs/238 reports the warning below: WARNING: CPU: 3 PID: 481 at fs/btrfs/super.c:2509 btrfs_show_devname+0x104/0x1e8 [btrfs] CPU: 2 PID: 1 Comm: sys | ||
| CVE-2021-47598 | — | < 5.14.21-150500.55.73.1 | 5.14.21-150500.55.73.1 | Jun 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: sch_cake: do not call cake_destroy() from cake_init() qdiscs are not supposed to call their own destroy() method from init(), because core stack already does that. syzbot was able to trigger use after free: D | ||
| CVE-2021-47597 | — | < 5.14.21-150500.55.73.1 | 5.14.21-150500.55.73.1 | Jun 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: inet_diag: fix kernel-infoleak for UDP sockets KMSAN reported a kernel-infoleak [1], that can exploited by unpriv users. After analysis it turned out UDP was not initializing r->idiag_expires. Other users of i | ||
| CVE-2021-47596 | — | < 5.14.21-150500.55.73.1 | 5.14.21-150500.55.73.1 | Jun 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix use-after-free bug in hclgevf_send_mbx_msg Currently, the hns3_remove function firstly uninstall client instance, and then uninstall acceletion engine device. The netdevice is freed in client ins | ||
| CVE-2021-47595 | — | < 5.14.21-150500.55.73.1 | 5.14.21-150500.55.73.1 | Jun 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_ets: don't remove idle classes from the round-robin list Shuang reported that the following script: 1) tc qdisc add dev ddd0 handle 10: parent 1: ets bands 8 strict 4 priomap 7 7 7 7 7 7 7 7 7 | ||
| CVE-2021-47593 | — | < 5.14.21-150500.55.73.1 | 5.14.21-150500.55.73.1 | Jun 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: mptcp: clear 'kern' flag from fallback sockets The mptcp ULP extension relies on sk->sk_sock_kern being set correctly: It prevents setsockopt(fd, IPPROTO_TCP, TCP_ULP, "mptcp", 6); from working for plain tcp so | ||
| CVE-2021-47592 | — | < 5.14.21-150500.55.73.1 | 5.14.21-150500.55.73.1 | Jun 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: stmmac: fix tc flower deletion for VLAN priority Rx steering To replicate the issue:- 1) Add 1 flower filter for VLAN Priority based frame steering:- $ IFDEVNAME=eth0 $ tc qdisc add dev $IFDEVNAME ingress | ||
| CVE-2021-47591 | — | < 5.14.21-150500.55.73.1 | 5.14.21-150500.55.73.1 | Jun 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: mptcp: remove tcp ulp setsockopt support TCP_ULP setsockopt cannot be used for mptcp because its already used internally to plumb subflow (tcp) sockets to the mptcp layer. syzbot managed to trigger a crash for | ||
| CVE-2021-47590 | — | < 5.14.21-150500.55.73.1 | 5.14.21-150500.55.73.1 | Jun 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: mptcp: fix deadlock in __mptcp_push_pending() __mptcp_push_pending() may call mptcp_flush_join_list() with subflow socket lock held. If such call hits mptcp_sockopt_sync_all() then subsequently __mptcp_sockopt_ | ||
| CVE-2021-47589 | — | < 5.14.21-150500.55.73.1 | 5.14.21-150500.55.73.1 | Jun 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: igbvf: fix double free in `igbvf_probe` In `igbvf_probe`, if register_netdev() fails, the program will go to label err_hw_init, and then to label err_ioremap. In free_netdev() which is just below label err_iore |
- CVE-2021-47609Jun 19, 2024affected < 5.14.21-150500.55.73.1fixed 5.14.21-150500.55.73.1
In the Linux kernel, the following vulnerability has been resolved: firmware: arm_scpi: Fix string overflow in SCPI genpd driver Without the bound checks for scpi_pd->name, it could result in the buffer overflow when copying the SCPI device name from the corresponding device tr
- CVE-2021-47608Jun 19, 2024affected < 5.14.21-150500.55.73.1fixed 5.14.21-150500.55.73.1
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix kernel address leakage in atomic fetch The change in commit 37086bfdc737 ("bpf: Propagate stack bounds to registers in atomics w/ BPF_FETCH") around check_mem_access() handling is buggy since this woul
- CVE-2021-47607Jun 19, 2024affected < 5.14.21-150500.55.73.1fixed 5.14.21-150500.55.73.1
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix kernel address leakage in atomic cmpxchg's r0 aux reg The implementation of BPF_CMPXCHG on a high level has the following parameters: .-[old-val] .-[new-val]
- CVE-2021-47606Jun 19, 2024affected < 5.14.21-150500.55.73.1fixed 5.14.21-150500.55.73.1
In the Linux kernel, the following vulnerability has been resolved: net: netlink: af_netlink: Prevent empty skb by adding a check on len. Adding a check on len parameter to avoid empty skb. This prevents a division error in netem_enqueue function which is caused when skb->len=0
- CVE-2021-47605Jun 19, 2024affected < 5.14.21-150500.55.73.1fixed 5.14.21-150500.55.73.1
In the Linux kernel, the following vulnerability has been resolved: vduse: fix memory corruption in vduse_dev_ioctl() The "config.offset" comes from the user. There needs to a check to prevent it being out of bounds. The "config.offset" and "dev->config_size" variables are bo
- CVE-2021-47604Jun 19, 2024affected < 5.14.21-150500.55.73.1fixed 5.14.21-150500.55.73.1
In the Linux kernel, the following vulnerability has been resolved: vduse: check that offset is within bounds in get_config() This condition checks "len" but it does not check "offset" and that could result in an out of bounds read if "offset > dev->config_size". The problem is
- CVE-2021-47603Jun 19, 2024affected < 5.14.21-150500.55.73.1fixed 5.14.21-150500.55.73.1
In the Linux kernel, the following vulnerability has been resolved: audit: improve robustness of the audit queue handling If the audit daemon were ever to get stuck in a stopped state the kernel's kauditd_thread() could get blocked attempting to send audit records to the usersp
- CVE-2021-47602Jun 19, 2024affected < 5.14.21-150500.55.73.1fixed 5.14.21-150500.55.73.1
In the Linux kernel, the following vulnerability has been resolved: mac80211: track only QoS data frames for admission control For admission control, obviously all of that only works for QoS data frames, otherwise we cannot even access the QoS field in the header. Syzbot repor
- CVE-2021-47601Jun 19, 2024affected < 5.14.21-150500.55.73.1fixed 5.14.21-150500.55.73.1
In the Linux kernel, the following vulnerability has been resolved: tee: amdtee: fix an IS_ERR() vs NULL bug The __get_free_pages() function does not return error pointers it returns NULL so fix this condition to avoid a NULL dereference.
- CVE-2021-47600Jun 19, 2024affected < 5.14.21-150500.55.73.1fixed 5.14.21-150500.55.73.1
In the Linux kernel, the following vulnerability has been resolved: dm btree remove: fix use after free in rebalance_children() Move dm_tm_unlock() after dm_tm_dec().
- CVE-2021-47599Jun 19, 2024affected < 5.14.21-150500.55.73.1fixed 5.14.21-150500.55.73.1
In the Linux kernel, the following vulnerability has been resolved: btrfs: use latest_dev in btrfs_show_devname The test case btrfs/238 reports the warning below: WARNING: CPU: 3 PID: 481 at fs/btrfs/super.c:2509 btrfs_show_devname+0x104/0x1e8 [btrfs] CPU: 2 PID: 1 Comm: sys
- CVE-2021-47598Jun 19, 2024affected < 5.14.21-150500.55.73.1fixed 5.14.21-150500.55.73.1
In the Linux kernel, the following vulnerability has been resolved: sch_cake: do not call cake_destroy() from cake_init() qdiscs are not supposed to call their own destroy() method from init(), because core stack already does that. syzbot was able to trigger use after free: D
- CVE-2021-47597Jun 19, 2024affected < 5.14.21-150500.55.73.1fixed 5.14.21-150500.55.73.1
In the Linux kernel, the following vulnerability has been resolved: inet_diag: fix kernel-infoleak for UDP sockets KMSAN reported a kernel-infoleak [1], that can exploited by unpriv users. After analysis it turned out UDP was not initializing r->idiag_expires. Other users of i
- CVE-2021-47596Jun 19, 2024affected < 5.14.21-150500.55.73.1fixed 5.14.21-150500.55.73.1
In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix use-after-free bug in hclgevf_send_mbx_msg Currently, the hns3_remove function firstly uninstall client instance, and then uninstall acceletion engine device. The netdevice is freed in client ins
- CVE-2021-47595Jun 19, 2024affected < 5.14.21-150500.55.73.1fixed 5.14.21-150500.55.73.1
In the Linux kernel, the following vulnerability has been resolved: net/sched: sch_ets: don't remove idle classes from the round-robin list Shuang reported that the following script: 1) tc qdisc add dev ddd0 handle 10: parent 1: ets bands 8 strict 4 priomap 7 7 7 7 7 7 7 7 7
- CVE-2021-47593Jun 19, 2024affected < 5.14.21-150500.55.73.1fixed 5.14.21-150500.55.73.1
In the Linux kernel, the following vulnerability has been resolved: mptcp: clear 'kern' flag from fallback sockets The mptcp ULP extension relies on sk->sk_sock_kern being set correctly: It prevents setsockopt(fd, IPPROTO_TCP, TCP_ULP, "mptcp", 6); from working for plain tcp so
- CVE-2021-47592Jun 19, 2024affected < 5.14.21-150500.55.73.1fixed 5.14.21-150500.55.73.1
In the Linux kernel, the following vulnerability has been resolved: net: stmmac: fix tc flower deletion for VLAN priority Rx steering To replicate the issue:- 1) Add 1 flower filter for VLAN Priority based frame steering:- $ IFDEVNAME=eth0 $ tc qdisc add dev $IFDEVNAME ingress
- CVE-2021-47591Jun 19, 2024affected < 5.14.21-150500.55.73.1fixed 5.14.21-150500.55.73.1
In the Linux kernel, the following vulnerability has been resolved: mptcp: remove tcp ulp setsockopt support TCP_ULP setsockopt cannot be used for mptcp because its already used internally to plumb subflow (tcp) sockets to the mptcp layer. syzbot managed to trigger a crash for
- CVE-2021-47590Jun 19, 2024affected < 5.14.21-150500.55.73.1fixed 5.14.21-150500.55.73.1
In the Linux kernel, the following vulnerability has been resolved: mptcp: fix deadlock in __mptcp_push_pending() __mptcp_push_pending() may call mptcp_flush_join_list() with subflow socket lock held. If such call hits mptcp_sockopt_sync_all() then subsequently __mptcp_sockopt_
- CVE-2021-47589Jun 19, 2024affected < 5.14.21-150500.55.73.1fixed 5.14.21-150500.55.73.1
In the Linux kernel, the following vulnerability has been resolved: igbvf: fix double free in `igbvf_probe` In `igbvf_probe`, if register_netdev() fails, the program will go to label err_hw_init, and then to label err_ioremap. In free_netdev() which is just below label err_iore
Page 33 of 47