VYPR

rpm package

opensuse/kernel-source&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/kernel-source&distro=openSUSE%20Tumbleweed

Vulnerabilities (1,435)

  • CVE-2024-50154Nov 7, 2024
    affected < 6.11.8-1.1fixed 6.11.8-1.1

    In the Linux kernel, the following vulnerability has been resolved: tcp/dccp: Don't use timer_pending() in reqsk_queue_unlink(). Martin KaFai Lau reported use-after-free [0] in reqsk_timer_handler(). """ We are seeing a use-after-free from a bpf prog attached to trace_tc

  • CVE-2024-50152Nov 7, 2024
    affected < 6.11.8-1.1fixed 6.11.8-1.1

    In the Linux kernel, the following vulnerability has been resolved: smb: client: fix possible double free in smb2_set_ea() Clang static checker(scan-build) warning: fs/smb/client/smb2ops.c:1304:2: Attempt to free released memory. 1304 | kfree(ea); | ^~~~~

  • CVE-2024-50149Nov 7, 2024
    affected < 6.11.8-1.1fixed 6.11.8-1.1

    In the Linux kernel, the following vulnerability has been resolved: drm/xe: Don't free job in TDR Freeing job in TDR is not safe as TDR can pass the run_job thread resulting in UAF. It is only safe for free job to naturally be called by the scheduler. Rather free job in TDR, ad

  • CVE-2024-50147Nov 7, 2024
    affected < 6.11.8-1.1fixed 6.11.8-1.1

    In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix command bitmask initialization Command bitmask have a dedicated bit for MANAGE_PAGES command, this bit isn't Initialize during command bitmask Initialization, only during MANAGE_PAGES. In additio

  • CVE-2024-50146Nov 7, 2024
    affected < 6.11.8-1.1fixed 6.11.8-1.1

    In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Don't call cleanup on profile rollback failure When profile rollback fails in mlx5e_netdev_change_profile, the netdev profile var is left set to NULL. Avoid a crash when unloading the driver by not c

  • CVE-2024-50145Nov 7, 2024
    affected < 6.11.8-1.1fixed 6.11.8-1.1

    In the Linux kernel, the following vulnerability has been resolved: octeon_ep: Add SKB allocation failures handling in __octep_oq_process_rx() build_skb() returns NULL in case of a memory allocation failure so handle it inside __octep_oq_process_rx() to avoid NULL pointer deref

  • CVE-2024-50144Nov 7, 2024
    affected < 6.11.8-1.1fixed 6.11.8-1.1

    In the Linux kernel, the following vulnerability has been resolved: drm/xe: fix unbalanced rpm put() with fence_fini() Currently we can call fence_fini() twice if something goes wrong when sending the GuC CT for the tlb request, since we signal the fence and return an error, le

  • CVE-2024-50143Nov 7, 2024
    affected < 6.11.8-1.1fixed 6.11.8-1.1

    In the Linux kernel, the following vulnerability has been resolved: udf: fix uninit-value use in udf_get_fileshortad Check for overflow when computing alen in udf_current_aext to mitigate later uninit-value use in udf_get_fileshortad KMSAN bug[1]. After applying the patch repro

  • CVE-2024-50141Nov 7, 2024
    affected < 6.11.8-1.1fixed 6.11.8-1.1

    In the Linux kernel, the following vulnerability has been resolved: ACPI: PRM: Find EFI_MEMORY_RUNTIME block for PRM handler and context PRMT needs to find the correct type of block to translate the PA-VA mapping for EFI runtime services. The issue arises because the PRMT is f

  • CVE-2024-50140Nov 7, 2024
    affected < 6.11.8-1.1fixed 6.11.8-1.1

    In the Linux kernel, the following vulnerability has been resolved: sched/core: Disable page allocation in task_tick_mm_cid() With KASAN and PREEMPT_RT enabled, calling task_work_add() in task_tick_mm_cid() may cause the following splat. [ 63.696416] BUG: sleeping function c

  • CVE-2024-50139Nov 7, 2024
    affected < 6.11.8-1.1fixed 6.11.8-1.1

    In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Fix shift-out-of-bounds bug Fix a shift-out-of-bounds bug reported by UBSAN when running VM with MTE enabled host kernel. UBSAN: shift-out-of-bounds in arch/arm64/kvm/sys_regs.c:1988:14 shift expon

  • CVE-2024-50134MedNov 5, 2024
    affected < 6.11.8-1.1fixed 6.11.8-1.1

    In the Linux kernel, the following vulnerability has been resolved: drm/vboxvideo: Replace fake VLA at end of vbva_mouse_pointer_shape with real VLA Replace the fake VLA at end of the vbva_mouse_pointer_shape shape with a real VLA to fix a "memcpy: detected field-spanning write

  • CVE-2024-50131HigNov 5, 2024
    affected < 6.11.8-1.1fixed 6.11.8-1.1

    In the Linux kernel, the following vulnerability has been resolved: tracing: Consider the NULL character when validating the event length strlen() returns a string length excluding the null byte. If the string length equals to the maximum buffer length, the buffer will have no

  • CVE-2024-50127HigNov 5, 2024
    affected < 6.11.8-1.1fixed 6.11.8-1.1

    In the Linux kernel, the following vulnerability has been resolved: net: sched: fix use-after-free in taprio_change() In 'taprio_change()', 'admin' pointer may become dangling due to sched switch / removal caused by 'advance_sched()', and critical section protected by 'q->curre

  • CVE-2024-50121HigNov 5, 2024
    affected < 6.11.8-1.1fixed 6.11.8-1.1

    In the Linux kernel, the following vulnerability has been resolved: nfsd: cancel nfsd_shrinker_work using sync mode in nfs4_state_shutdown_net In the normal case, when we excute `echo 0 > /proc/fs/nfsd/threads`, the function `nfs4_state_destroy_net` in `nfs4_state_shutdown_net`

  • CVE-2024-50120MedNov 5, 2024
    affected < 6.11.8-1.1fixed 6.11.8-1.1

    In the Linux kernel, the following vulnerability has been resolved: smb: client: Handle kstrdup failures for passwords In smb3_reconfigure(), after duplicating ctx->password and ctx->password2 with kstrdup(), we need to check for allocation failures. If ses->password allocatio

  • CVE-2024-50095MedNov 5, 2024
    affected < 6.11.8-1.1fixed 6.11.8-1.1

    In the Linux kernel, the following vulnerability has been resolved: RDMA/mad: Improve handling of timed out WRs of mad agent Current timeout handler of mad agent acquires/releases mad_agent_priv lock for every timed out WRs. This causes heavy locking contention when higher no.

  • CVE-2024-50138Nov 5, 2024
    affected < 6.11.8-1.1fixed 6.11.8-1.1

    In the Linux kernel, the following vulnerability has been resolved: bpf: Use raw_spinlock_t in ringbuf The function __bpf_ringbuf_reserve is invoked from a tracepoint, which disables preemption. Using spinlock_t in this context can lead to a "sleep in atomic" warning in the RT

  • CVE-2024-50137Nov 5, 2024
    affected < 6.11.8-1.1fixed 6.11.8-1.1

    In the Linux kernel, the following vulnerability has been resolved: reset: starfive: jh71x0: Fix accessing the empty member on JH7110 SoC data->asserted will be NULL on JH7110 SoC since commit 82327b127d41 ("reset: starfive: Add StarFive JH7110 reset driver") was added. Add the

  • CVE-2024-50136Nov 5, 2024
    affected < 6.11.8-1.1fixed 6.11.8-1.1

    In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Unregister notifier on eswitch init failure It otherwise remains registered and a subsequent attempt at eswitch enabling might trigger warnings of the sort: [ 682.589148] ------------[ cut here ]---

Page 40 of 72