VYPR

rpm package

opensuse/kernel-source&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/kernel-source&distro=openSUSE%20Tumbleweed

Vulnerabilities (1,435)

  • CVE-2024-49957Oct 21, 2024
    affected < 6.11.8-1.1fixed 6.11.8-1.1

    In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix null-ptr-deref when journal load failed. During the mounting process, if journal_reset() fails because of too short journal, then lead to jbd2_journal_load() fails with NULL j_sb_buffer. Subsequentl

  • CVE-2024-49956Oct 21, 2024
    affected < 6.11.8-1.1fixed 6.11.8-1.1

    In the Linux kernel, the following vulnerability has been resolved: gfs2: fix double destroy_workqueue error When gfs2_fill_super() fails, destroy_workqueue() is called within gfs2_gl_hash_clear(), and the subsequent code path calls destroy_workqueue() on the same work queue ag

  • CVE-2024-49954Oct 21, 2024
    affected < 6.11.8-1.1fixed 6.11.8-1.1

    In the Linux kernel, the following vulnerability has been resolved: static_call: Replace pointless WARN_ON() in static_call_module_notify() static_call_module_notify() triggers a WARN_ON(), when memory allocation fails in __static_call_add_module(). That's not really justified

  • CVE-2024-49953Oct 21, 2024
    affected < 6.11.8-1.1fixed 6.11.8-1.1

    In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix crash caused by calling __xfrm_state_delete() twice The km.state is not checked in driver's delayed work. When xfrm_state_check_expire() is called, the state can be reset to XFRM_STATE_EXPIRED, e

  • CVE-2024-49951Oct 21, 2024
    affected < 6.11.8-1.1fixed 6.11.8-1.1

    In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Fix possible crash on mgmt_index_removed If mgmt_index_removed is called while there are commands queued on cmd_sync it could lead to crashes like the bellow trace: 0x0000053D: __list_del_entr

  • CVE-2024-49947Oct 21, 2024
    affected < 6.11.8-1.1fixed 6.11.8-1.1

    In the Linux kernel, the following vulnerability has been resolved: net: test for not too small csum_start in virtio_net_hdr_to_skb() syzbot was able to trigger this warning [1], after injecting a malicious packet through af_packet, setting skb->csum_start and thus the transpor

  • CVE-2024-49946Oct 21, 2024
    affected < 6.11.8-1.1fixed 6.11.8-1.1

    In the Linux kernel, the following vulnerability has been resolved: ppp: do not assume bh is held in ppp_channel_bridge_input() Networking receive path is usually handled from BH handler. However, some protocols need to acquire the socket lock, and packets might be stored in th

  • CVE-2024-49945Oct 21, 2024
    affected < 6.11.8-1.1fixed 6.11.8-1.1

    In the Linux kernel, the following vulnerability has been resolved: net/ncsi: Disable the ncsi work before freeing the associated structure The work function can run after the ncsi device is freed, resulting in use-after-free bugs or kernel panic.

  • CVE-2024-49943Oct 21, 2024
    affected < 6.11.8-1.1fixed 6.11.8-1.1

    In the Linux kernel, the following vulnerability has been resolved: drm/xe/guc_submit: add missing locking in wedged_fini Any non-wedged queue can have a zero refcount here and can be running concurrently with an async queue destroy, therefore dereferencing the queue ptr to che

  • CVE-2024-49942Oct 21, 2024
    affected < 6.11.8-1.1fixed 6.11.8-1.1

    In the Linux kernel, the following vulnerability has been resolved: drm/xe: Prevent null pointer access in xe_migrate_copy xe_migrate_copy designed to copy content of TTM resources. When source resource is null, it will trigger a NULL pointer dereference in xe_migrate_copy. To

  • CVE-2024-49941Oct 21, 2024
    affected < 6.11.8-1.1fixed 6.11.8-1.1

    In the Linux kernel, the following vulnerability has been resolved: gpiolib: Fix potential NULL pointer dereference in gpiod_get_label() In `gpiod_get_label()`, it is possible that `srcu_dereference_check()` may return a NULL pointer, leading to a scenario where `label->str` is

  • CVE-2024-49940Oct 21, 2024
    affected < 6.11.8-1.1fixed 6.11.8-1.1

    In the Linux kernel, the following vulnerability has been resolved: l2tp: prevent possible tunnel refcount underflow When a session is created, it sets a backpointer to its tunnel. When the session refcount drops to 0, l2tp_session_free drops the tunnel refcount if session->tun

  • CVE-2024-49939Oct 21, 2024
    affected < 6.11.8-1.1fixed 6.11.8-1.1

    In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: avoid to add interface to list twice when SER If SER L2 occurs during the WoWLAN resume flow, the add interface flow is triggered by ieee80211_reconfig(). However, due to rtw89_wow_resume() return

  • CVE-2024-49937Oct 21, 2024
    affected < 6.11.8-1.1fixed 6.11.8-1.1

    In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: Set correct chandef when starting CAC When starting CAC in a mode other than AP mode, it return a "WARNING: CPU: 0 PID: 63 at cfg80211_chandef_dfs_usable+0x20/0xaf [cfg80211]" caused by the chan

  • CVE-2024-49936Oct 21, 2024
    affected < 6.11.8-1.1fixed 6.11.8-1.1

    In the Linux kernel, the following vulnerability has been resolved: net/xen-netback: prevent UAF in xenvif_flush_hash() During the list_for_each_entry_rcu iteration call of xenvif_flush_hash, kfree_rcu does not exist inside the rcu read critical section, so if kfree_rcu is call

  • CVE-2024-49935Oct 21, 2024
    affected < 6.11.8-1.1fixed 6.11.8-1.1

    In the Linux kernel, the following vulnerability has been resolved: ACPI: PAD: fix crash in exit_round_robin() The kernel occasionally crashes in cpumask_clear_cpu(), which is called within exit_round_robin(), because when executing clear_bit(nr, addr) with nr set to 0xffffffff

  • CVE-2024-49934Oct 21, 2024
    affected < 6.11.8-1.1fixed 6.11.8-1.1

    In the Linux kernel, the following vulnerability has been resolved: fs/inode: Prevent dump_mapping() accessing invalid dentry.d_name.name It's observed that a crash occurs during hot-remove a memory device, in which user is accessing the hugetlb. See calltrace as following: --

  • CVE-2024-49933Oct 21, 2024
    affected < 6.11.8-1.1fixed 6.11.8-1.1

    In the Linux kernel, the following vulnerability has been resolved: blk_iocost: fix more out of bound shifts Recently running UBSAN caught few out of bound shifts in the ioc_forgive_debts() function: UBSAN: shift-out-of-bounds in block/blk-iocost.c:2142:38 shift exponent 80 is

  • CVE-2024-49932Oct 21, 2024
    affected < 6.11.8-1.1fixed 6.11.8-1.1

    In the Linux kernel, the following vulnerability has been resolved: btrfs: don't readahead the relocation inode on RST On relocation we're doing readahead on the relocation inode, but if the filesystem is backed by a RAID stripe tree we can get ENOENT (e.g. due to preallocated

  • CVE-2024-49931Oct 21, 2024
    affected < 6.11.8-1.1fixed 6.11.8-1.1

    In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: fix array out-of-bound access in SoC stats Currently, the ath12k_soc_dp_stats::hal_reo_error array is defined with a maximum size of DP_REO_DST_RING_MAX. However, the ath12k_dp_rx_process() functi

Page 50 of 72