VYPR

rpm package

opensuse/kernel-rt_debug&distro=openSUSE Leap 15.5

pkg:rpm/opensuse/kernel-rt_debug&distro=openSUSE%20Leap%2015.5

Vulnerabilities (2,442)

  • CVE-2024-50186Nov 8, 2024
    affected < 5.14.21-150500.13.79.1fixed 5.14.21-150500.13.79.1

    In the Linux kernel, the following vulnerability has been resolved: net: explicitly clear the sk pointer, when pf->create fails We have recently noticed the exact same KASAN splat as in commit 6cd4a78d962b ("net: do not leave a dangling sk pointer, when socket creation fails").

  • CVE-2024-50184Nov 8, 2024
    affected < 5.14.21-150500.13.79.1fixed 5.14.21-150500.13.79.1

    In the Linux kernel, the following vulnerability has been resolved: virtio_pmem: Check device status before requesting flush If a pmem device is in a bad status, the driver side could wait for host ack forever in virtio_pmem_flush(), causing the system to hang. So add a status

  • CVE-2024-50183Nov 8, 2024
    affected < 5.14.21-150500.13.79.1fixed 5.14.21-150500.13.79.1

    In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Ensure DA_ID handling completion before deleting an NPIV instance Deleting an NPIV instance requires all fabric ndlps to be released before an NPIV's resources can be torn down. Failure to release

  • CVE-2024-50182Nov 8, 2024
    affected < 5.14.21-150500.13.79.1fixed 5.14.21-150500.13.79.1

    In the Linux kernel, the following vulnerability has been resolved: secretmem: disable memfd_secret() if arch cannot set direct map Return -ENOSYS from memfd_secret() syscall if !can_set_direct_map(). This is the case for example on some arm64 configurations, where marking 4k

  • CVE-2024-50180Nov 8, 2024
    affected < 5.14.21-150500.13.79.1fixed 5.14.21-150500.13.79.1

    In the Linux kernel, the following vulnerability has been resolved: fbdev: sisfb: Fix strbuf array overflow The values of the variables xres and yres are placed in strbuf. These variables are obtained from strbuf1. The strbuf1 array contains digit characters and a space if the

  • CVE-2024-50179Nov 8, 2024
    affected < 5.14.21-150500.13.79.1fixed 5.14.21-150500.13.79.1

    In the Linux kernel, the following vulnerability has been resolved: ceph: remove the incorrect Fw reference check when dirtying pages When doing the direct-io reads it will also try to mark pages dirty, but for the read path it won't hold the Fw caps and there is case will it g

  • CVE-2024-50153MedNov 7, 2024
    affected < 5.14.21-150500.13.79.1fixed 5.14.21-150500.13.79.1

    In the Linux kernel, the following vulnerability has been resolved: scsi: target: core: Fix null-ptr-deref in target_alloc_device() There is a null-ptr-deref issue reported by KASAN: BUG: KASAN: null-ptr-deref in target_alloc_device+0xbc4/0xbe0 [target_core_mod] ... kasan_rep

  • CVE-2024-50150HigNov 7, 2024
    affected < 5.14.21-150500.13.79.1fixed 5.14.21-150500.13.79.1

    In the Linux kernel, the following vulnerability has been resolved: usb: typec: altmode should keep reference to parent The altmode device release refers to its parent device, but without keeping a reference to it. When registering the altmode, get a reference to the parent an

  • CVE-2024-50148MedNov 7, 2024
    affected < 5.14.21-150500.13.79.1fixed 5.14.21-150500.13.79.1

    In the Linux kernel, the following vulnerability has been resolved: Bluetooth: bnep: fix wild-memory-access in proto_unregister There's issue as follows: KASAN: maybe wild-memory-access in range [0xdead...108-0xdead...10f] CPU: 3 UID: 0 PID: 2805 Comm: rmmod Tainted: G

  • CVE-2024-50171Nov 7, 2024
    affected < 5.14.21-150500.13.79.1fixed 5.14.21-150500.13.79.1

    In the Linux kernel, the following vulnerability has been resolved: net: systemport: fix potential memory leak in bcm_sysport_xmit() The bcm_sysport_xmit() returns NETDEV_TX_OK without freeing skb in case of dma_map_single() fails, add dev_kfree_skb() to fix it.

  • CVE-2024-50167Nov 7, 2024
    affected < 5.14.21-150500.13.79.1fixed 5.14.21-150500.13.79.1

    In the Linux kernel, the following vulnerability has been resolved: be2net: fix potential memory leak in be_xmit() The be_xmit() returns NETDEV_TX_OK without freeing skb in case of be_xmit_enqueue() fails, add dev_kfree_skb_any() to fix it.

  • CVE-2024-50160Nov 7, 2024
    affected < 5.14.21-150500.13.79.1fixed 5.14.21-150500.13.79.1

    In the Linux kernel, the following vulnerability has been resolved: ALSA: hda/cs8409: Fix possible NULL dereference If snd_hda_gen_add_kctl fails to allocate memory and returns NULL, then NULL pointer dereference will occur in the next line. Since dolphin_fixups function is a

  • CVE-2024-50156Nov 7, 2024
    affected < 5.14.21-150500.13.79.1fixed 5.14.21-150500.13.79.1

    In the Linux kernel, the following vulnerability has been resolved: drm/msm: Avoid NULL dereference in msm_disp_state_print_regs() If the allocation in msm_disp_state_dump_regs() failed then `block->state` can be NULL. The msm_disp_state_print_regs() function _does_ have code t

  • CVE-2024-50155Nov 7, 2024
    affected < 5.14.21-150500.13.79.1fixed 5.14.21-150500.13.79.1

    In the Linux kernel, the following vulnerability has been resolved: netdevsim: use cond_resched() in nsim_dev_trap_report_work() I am still seeing many syzbot reports hinting that syzbot might fool nsim_dev_trap_report_work() with hundreds of ports [1] Lets use cond_resched(),

  • CVE-2024-50154Nov 7, 2024
    affected < 5.14.21-150500.13.79.1fixed 5.14.21-150500.13.79.1

    In the Linux kernel, the following vulnerability has been resolved: tcp/dccp: Don't use timer_pending() in reqsk_queue_unlink(). Martin KaFai Lau reported use-after-free [0] in reqsk_timer_handler(). """ We are seeing a use-after-free from a bpf prog attached to trace_tc

  • CVE-2024-50147Nov 7, 2024
    affected < 5.14.21-150500.13.79.1fixed 5.14.21-150500.13.79.1

    In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix command bitmask initialization Command bitmask have a dedicated bit for MANAGE_PAGES command, this bit isn't Initialize during command bitmask Initialization, only during MANAGE_PAGES. In additio

  • CVE-2024-50146Nov 7, 2024
    affected < 5.14.21-150500.13.79.1fixed 5.14.21-150500.13.79.1

    In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Don't call cleanup on profile rollback failure When profile rollback fails in mlx5e_netdev_change_profile, the netdev profile var is left set to NULL. Avoid a crash when unloading the driver by not c

  • CVE-2024-50141Nov 7, 2024
    affected < 5.14.21-150500.13.79.1fixed 5.14.21-150500.13.79.1

    In the Linux kernel, the following vulnerability has been resolved: ACPI: PRM: Find EFI_MEMORY_RUNTIME block for PRM handler and context PRMT needs to find the correct type of block to translate the PA-VA mapping for EFI runtime services. The issue arises because the PRMT is f

  • CVE-2024-50134MedNov 5, 2024
    affected < 5.14.21-150500.13.79.1fixed 5.14.21-150500.13.79.1

    In the Linux kernel, the following vulnerability has been resolved: drm/vboxvideo: Replace fake VLA at end of vbva_mouse_pointer_shape with real VLA Replace the fake VLA at end of the vbva_mouse_pointer_shape shape with a real VLA to fix a "memcpy: detected field-spanning write

  • CVE-2024-50131HigNov 5, 2024
    affected < 5.14.21-150500.13.79.1fixed 5.14.21-150500.13.79.1

    In the Linux kernel, the following vulnerability has been resolved: tracing: Consider the NULL character when validating the event length strlen() returns a string length excluding the null byte. If the string length equals to the maximum buffer length, the buffer will have no

Page 4 of 123