rpm package
opensuse/kernel-source&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/kernel-source&distro=openSUSE%20Tumbleweed
Vulnerabilities (1,435)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-50088 | — | < 6.11.8-1.1 | 6.11.8-1.1 | Oct 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: btrfs: fix uninitialized pointer free in add_inode_ref() The add_inode_ref() function does not initialize the "name" struct when it is declared. If any of the following calls to "read_one_inode() returns NULL, | ||
| CVE-2024-50087 | — | < 6.11.8-1.1 | 6.11.8-1.1 | Oct 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: btrfs: fix uninitialized pointer free on read_alloc_one_name() error The function read_alloc_one_name() does not initialize the name field of the passed fscrypt_str struct if kmalloc fails to allocate the corre | ||
| CVE-2024-50086 | — | < 6.11.8-1.1 | 6.11.8-1.1 | Oct 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix user-after-free from session log off There is racy issue between smb2 session log off and smb2 session setup. It will cause user-after-free from session log off. This add session_lock when setting SM | ||
| CVE-2024-50085 | — | < 6.11.8-1.1 | 6.11.8-1.1 | Oct 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow Syzkaller reported this splat: ================================================================== BUG: KASAN: slab-use-after-free in mptcp_pm_nl_rm | ||
| CVE-2024-50084 | — | < 6.11.8-1.1 | 6.11.8-1.1 | Oct 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: microchip: vcap api: Fix memory leaks in vcap_api_encode_rule_test() Commit a3c1e45156ad ("net: microchip: vcap: Fix use-after-free error in kunit test") fixed the use-after-free error, but introduced belo | ||
| CVE-2024-50083 | — | < 6.11.8-1.1 | 6.11.8-1.1 | Oct 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: tcp: fix mptcp DSS corruption due to large pmtu xmit Syzkaller was able to trigger a DSS corruption: TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. ------------[ c | ||
| CVE-2024-50082 | — | < 6.11.8-1.1 | 6.11.8-1.1 | Oct 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: blk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race We're seeing crashes from rq_qos_wake_function that look like this: BUG: unable to handle page fault for address: ffffafe180a40084 #PF: su | ||
| CVE-2024-50081 | — | < 6.11.8-1.1 | 6.11.8-1.1 | Oct 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: blk-mq: setup queue ->tag_set before initializing hctx Commit 7b815817aa58 ("blk-mq: add helper for checking if one CPU is mapped to specified hctx") needs to check queue mapping via tag set in hctx's cpuhp han | ||
| CVE-2024-50080 | — | < 6.11.8-1.1 | 6.11.8-1.1 | Oct 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: ublk: don't allow user copy for unprivileged device UBLK_F_USER_COPY requires userspace to call write() on ublk char device for filling request buffer, and unprivileged device can't be trusted. So don't allow | ||
| CVE-2024-50079 | — | < 6.11.8-1.1 | 6.11.8-1.1 | Oct 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: io_uring/sqpoll: ensure task state is TASK_RUNNING when running task_work When the sqpoll is exiting and cancels pending work items, it may need to run task_work. If this happens from within io_uring_cancel_gen | ||
| CVE-2024-50078 | — | < 6.11.8-1.1 | 6.11.8-1.1 | Oct 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Call iso_exit() on module unload If iso_init() has been called, iso_exit() must be called on module unload. Without that, the struct proto that iso_init() registered with proto_register() becomes inv | ||
| CVE-2024-50077 | — | < 6.11.8-1.1 | 6.11.8-1.1 | Oct 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ISO: Fix multiple init when debugfs is disabled If bt_debugfs is not created successfully, which happens if either CONFIG_DEBUG_FS or CONFIG_DEBUG_FS_ALLOW_ALL is unset, then iso_init() returns early | ||
| CVE-2024-50076 | — | < 6.11.8-1.1 | 6.11.8-1.1 | Oct 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: vt: prevent kernel-infoleak in con_font_get() font.data may not initialize all memory spaces depending on the implementation of vc->vc_sw->con_font_get. This may cause info-leak, so to prevent this, it is safes | ||
| CVE-2024-50075 | — | < 6.11.8-1.1 | 6.11.8-1.1 | Oct 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: xhci: tegra: fix checked USB2 port number If USB virtualizatoin is enabled, USB2 ports are shared between all Virtual Functions. The USB2 port number owned by an USB2 root hub in a Virtual Function may be less | ||
| CVE-2024-50074 | — | < 6.11.8-1.1 | 6.11.8-1.1 | Oct 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: parport: Proper fix for array out-of-bounds access The recent fix for array out-of-bounds accesses replaced sprintf() calls blindly with snprintf(). However, since snprintf() returns the would-be-printed size, | ||
| CVE-2024-50073 | — | < 6.11.8-1.1 | 6.11.8-1.1 | Oct 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: tty: n_gsm: Fix use-after-free in gsm_cleanup_mux BUG: KASAN: slab-use-after-free in gsm_cleanup_mux+0x77b/0x7b0 drivers/tty/n_gsm.c:3160 [n_gsm] Read of size 8 at addr ffff88815fe99c00 by task poc/3379 CPU: 0 | ||
| CVE-2024-50072 | — | < 6.11.8-1.1 | 6.11.8-1.1 | Oct 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: x86/bugs: Use code segment selector for VERW operand Robert Gill reported below #GP in 32-bit mode when dosemu software was executing vm86() system call: general protection fault: 0000 [#1] PREEMPT SMP CPU | ||
| CVE-2024-50071 | — | < 6.11.8-1.1 | 6.11.8-1.1 | Oct 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: pinctrl: nuvoton: fix a double free in ma35_pinctrl_dt_node_to_map_func() 'new_map' is allocated using devm_* which takes care of freeing the allocated data on device removal, call to .dt_free_map = pinconf_g | ||
| CVE-2024-50070 | — | < 6.11.8-1.1 | 6.11.8-1.1 | Oct 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: pinctrl: stm32: check devm_kasprintf() returned value devm_kasprintf() can return a NULL pointer on failure but this returned value is not checked. Fix this lack and check the returned value. Found by code rev | ||
| CVE-2024-50069 | — | < 6.11.8-1.1 | 6.11.8-1.1 | Oct 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: pinctrl: apple: check devm_kasprintf() returned value devm_kasprintf() can return a NULL pointer on failure but this returned value is not checked. Fix this lack and check the returned value. Found by code rev |
- CVE-2024-50088Oct 29, 2024affected < 6.11.8-1.1fixed 6.11.8-1.1
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix uninitialized pointer free in add_inode_ref() The add_inode_ref() function does not initialize the "name" struct when it is declared. If any of the following calls to "read_one_inode() returns NULL,
- CVE-2024-50087Oct 29, 2024affected < 6.11.8-1.1fixed 6.11.8-1.1
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix uninitialized pointer free on read_alloc_one_name() error The function read_alloc_one_name() does not initialize the name field of the passed fscrypt_str struct if kmalloc fails to allocate the corre
- CVE-2024-50086Oct 29, 2024affected < 6.11.8-1.1fixed 6.11.8-1.1
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix user-after-free from session log off There is racy issue between smb2 session log off and smb2 session setup. It will cause user-after-free from session log off. This add session_lock when setting SM
- CVE-2024-50085Oct 29, 2024affected < 6.11.8-1.1fixed 6.11.8-1.1
In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow Syzkaller reported this splat: ================================================================== BUG: KASAN: slab-use-after-free in mptcp_pm_nl_rm
- CVE-2024-50084Oct 29, 2024affected < 6.11.8-1.1fixed 6.11.8-1.1
In the Linux kernel, the following vulnerability has been resolved: net: microchip: vcap api: Fix memory leaks in vcap_api_encode_rule_test() Commit a3c1e45156ad ("net: microchip: vcap: Fix use-after-free error in kunit test") fixed the use-after-free error, but introduced belo
- CVE-2024-50083Oct 29, 2024affected < 6.11.8-1.1fixed 6.11.8-1.1
In the Linux kernel, the following vulnerability has been resolved: tcp: fix mptcp DSS corruption due to large pmtu xmit Syzkaller was able to trigger a DSS corruption: TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. ------------[ c
- CVE-2024-50082Oct 29, 2024affected < 6.11.8-1.1fixed 6.11.8-1.1
In the Linux kernel, the following vulnerability has been resolved: blk-rq-qos: fix crash on rq_qos_wait vs. rq_qos_wake_function race We're seeing crashes from rq_qos_wake_function that look like this: BUG: unable to handle page fault for address: ffffafe180a40084 #PF: su
- CVE-2024-50081Oct 29, 2024affected < 6.11.8-1.1fixed 6.11.8-1.1
In the Linux kernel, the following vulnerability has been resolved: blk-mq: setup queue ->tag_set before initializing hctx Commit 7b815817aa58 ("blk-mq: add helper for checking if one CPU is mapped to specified hctx") needs to check queue mapping via tag set in hctx's cpuhp han
- CVE-2024-50080Oct 29, 2024affected < 6.11.8-1.1fixed 6.11.8-1.1
In the Linux kernel, the following vulnerability has been resolved: ublk: don't allow user copy for unprivileged device UBLK_F_USER_COPY requires userspace to call write() on ublk char device for filling request buffer, and unprivileged device can't be trusted. So don't allow
- CVE-2024-50079Oct 29, 2024affected < 6.11.8-1.1fixed 6.11.8-1.1
In the Linux kernel, the following vulnerability has been resolved: io_uring/sqpoll: ensure task state is TASK_RUNNING when running task_work When the sqpoll is exiting and cancels pending work items, it may need to run task_work. If this happens from within io_uring_cancel_gen
- CVE-2024-50078Oct 29, 2024affected < 6.11.8-1.1fixed 6.11.8-1.1
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Call iso_exit() on module unload If iso_init() has been called, iso_exit() must be called on module unload. Without that, the struct proto that iso_init() registered with proto_register() becomes inv
- CVE-2024-50077Oct 29, 2024affected < 6.11.8-1.1fixed 6.11.8-1.1
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ISO: Fix multiple init when debugfs is disabled If bt_debugfs is not created successfully, which happens if either CONFIG_DEBUG_FS or CONFIG_DEBUG_FS_ALLOW_ALL is unset, then iso_init() returns early
- CVE-2024-50076Oct 29, 2024affected < 6.11.8-1.1fixed 6.11.8-1.1
In the Linux kernel, the following vulnerability has been resolved: vt: prevent kernel-infoleak in con_font_get() font.data may not initialize all memory spaces depending on the implementation of vc->vc_sw->con_font_get. This may cause info-leak, so to prevent this, it is safes
- CVE-2024-50075Oct 29, 2024affected < 6.11.8-1.1fixed 6.11.8-1.1
In the Linux kernel, the following vulnerability has been resolved: xhci: tegra: fix checked USB2 port number If USB virtualizatoin is enabled, USB2 ports are shared between all Virtual Functions. The USB2 port number owned by an USB2 root hub in a Virtual Function may be less
- CVE-2024-50074Oct 29, 2024affected < 6.11.8-1.1fixed 6.11.8-1.1
In the Linux kernel, the following vulnerability has been resolved: parport: Proper fix for array out-of-bounds access The recent fix for array out-of-bounds accesses replaced sprintf() calls blindly with snprintf(). However, since snprintf() returns the would-be-printed size,
- CVE-2024-50073Oct 29, 2024affected < 6.11.8-1.1fixed 6.11.8-1.1
In the Linux kernel, the following vulnerability has been resolved: tty: n_gsm: Fix use-after-free in gsm_cleanup_mux BUG: KASAN: slab-use-after-free in gsm_cleanup_mux+0x77b/0x7b0 drivers/tty/n_gsm.c:3160 [n_gsm] Read of size 8 at addr ffff88815fe99c00 by task poc/3379 CPU: 0
- CVE-2024-50072Oct 29, 2024affected < 6.11.8-1.1fixed 6.11.8-1.1
In the Linux kernel, the following vulnerability has been resolved: x86/bugs: Use code segment selector for VERW operand Robert Gill reported below #GP in 32-bit mode when dosemu software was executing vm86() system call: general protection fault: 0000 [#1] PREEMPT SMP CPU
- CVE-2024-50071Oct 29, 2024affected < 6.11.8-1.1fixed 6.11.8-1.1
In the Linux kernel, the following vulnerability has been resolved: pinctrl: nuvoton: fix a double free in ma35_pinctrl_dt_node_to_map_func() 'new_map' is allocated using devm_* which takes care of freeing the allocated data on device removal, call to .dt_free_map = pinconf_g
- CVE-2024-50070Oct 29, 2024affected < 6.11.8-1.1fixed 6.11.8-1.1
In the Linux kernel, the following vulnerability has been resolved: pinctrl: stm32: check devm_kasprintf() returned value devm_kasprintf() can return a NULL pointer on failure but this returned value is not checked. Fix this lack and check the returned value. Found by code rev
- CVE-2024-50069Oct 29, 2024affected < 6.11.8-1.1fixed 6.11.8-1.1
In the Linux kernel, the following vulnerability has been resolved: pinctrl: apple: check devm_kasprintf() returned value devm_kasprintf() can return a NULL pointer on failure but this returned value is not checked. Fix this lack and check the returned value. Found by code rev
Page 43 of 72