rpm package
opensuse/kernel-source-longterm&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/kernel-source-longterm&distro=openSUSE%20Tumbleweed
Vulnerabilities (694)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-50263 | — | < 6.12.11-1.1 | 6.12.11-1.1 | Nov 11, 2024 | In the Linux kernel, the following vulnerability has been resolved: fork: only invoke khugepaged, ksm hooks if no error There is no reason to invoke these hooks early against an mm that is in an incomplete state. The change in commit d24062914837 ("fork: use __mt_dup() to dupl | ||
| CVE-2024-50262 | Hig | 7.8 | < 6.12.11-1.1 | 6.12.11-1.1 | Nov 9, 2024 | In the Linux kernel, the following vulnerability has been resolved: bpf: Fix out-of-bounds write in trie_get_next_key() trie_get_next_key() allocates a node stack with size trie->max_prefixlen, while it writes (trie->max_prefixlen + 1) nodes to the stack when it has full paths | |
| CVE-2024-50251 | Med | 6.2 | < 6.12.11-1.1 | 6.12.11-1.1 | Nov 9, 2024 | In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_payload: sanitize offset and length before calling skb_checksum() If access to offset + length is larger than the skbuff length, then skb_checksum() triggers BUG_ON(). skb_checksum() internally | |
| CVE-2024-50246 | Hig | 7.8 | < 6.12.11-1.1 | 6.12.11-1.1 | Nov 9, 2024 | In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Add rough attr alloc_size check | |
| CVE-2024-50261 | — | < 6.12.11-1.1 | 6.12.11-1.1 | Nov 9, 2024 | In the Linux kernel, the following vulnerability has been resolved: macsec: Fix use-after-free while sending the offloading packet KASAN reports the following UAF. The metadata_dst, which is used to store the SCI value for macsec offload, is already freed by metadata_dst_free() | ||
| CVE-2024-50260 | — | < 6.12.11-1.1 | 6.12.11-1.1 | Nov 9, 2024 | In the Linux kernel, the following vulnerability has been resolved: sock_map: fix a NULL pointer dereference in sock_map_link_update_prog() The following race condition could trigger a NULL pointer dereference: sock_map_link_detach(): sock_map_link_update_prog(): mutex_loc | ||
| CVE-2024-50259 | — | < 6.12.11-1.1 | 6.12.11-1.1 | Nov 9, 2024 | In the Linux kernel, the following vulnerability has been resolved: netdevsim: Add trailing zero to terminate the string in nsim_nexthop_bucket_activity_write() This was found by a static analyzer. We should not forget the trailing zero after copy_from_user() if we will further | ||
| CVE-2024-50258 | — | < 6.12.11-1.1 | 6.12.11-1.1 | Nov 9, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: fix crash when config small gso_max_size/gso_ipv4_max_size Config a small gso_max_size/gso_ipv4_max_size will lead to an underflow in sk_dst_gso_max_size(), which may trigger a BUG_ON crash, because sk->sk | ||
| CVE-2024-50257 | — | < 6.12.11-1.1 | 6.12.11-1.1 | Nov 9, 2024 | In the Linux kernel, the following vulnerability has been resolved: netfilter: Fix use-after-free in get_info() ip6table_nat module unload has refcnt warning for UAF. call trace is: WARNING: CPU: 1 PID: 379 at kernel/module/main.c:853 module_put+0x6f/0x80 Modules linked in: ip | ||
| CVE-2024-50256 | — | < 6.12.11-1.1 | 6.12.11-1.1 | Nov 9, 2024 | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6() I got a syzbot report without a repro [1] crashing in nf_send_reset6() I think the issue is that dev->hard_header_len is zero, and we attempt | ||
| CVE-2024-50255 | — | < 6.12.11-1.1 | 6.12.11-1.1 | Nov 9, 2024 | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci: fix null-ptr-deref in hci_read_supported_codecs Fix __hci_cmd_sync_sk() to return not NULL for unknown opcodes. __hci_cmd_sync_sk() returns NULL if a command returns a status event. However, it | ||
| CVE-2024-50254 | — | < 6.12.11-1.1 | 6.12.11-1.1 | Nov 9, 2024 | In the Linux kernel, the following vulnerability has been resolved: bpf: Free dynamically allocated bits in bpf_iter_bits_destroy() bpf_iter_bits_destroy() uses "kit->nr_bits <= 64" to check whether the bits are dynamically allocated. However, the check is incorrect and may cau | ||
| CVE-2024-50253 | — | < 6.12.11-1.1 | 6.12.11-1.1 | Nov 9, 2024 | In the Linux kernel, the following vulnerability has been resolved: bpf: Check the validity of nr_words in bpf_iter_bits_new() Check the validity of nr_words in bpf_iter_bits_new(). Without this check, when multiplication overflow occurs for nr_bits (e.g., when nr_words = 0x040 | ||
| CVE-2024-50252 | — | < 6.12.11-1.1 | 6.12.11-1.1 | Nov 9, 2024 | In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_ipip: Fix memory leak when changing remote IPv6 address The device stores IPv6 addresses that are used for encapsulation in linear memory that is managed by the driver. Changing the remote addr | ||
| CVE-2024-50250 | — | < 6.12.11-1.1 | 6.12.11-1.1 | Nov 9, 2024 | In the Linux kernel, the following vulnerability has been resolved: fsdax: dax_unshare_iter needs to copy entire blocks The code that copies data from srcmap to iomap in dax_unshare_iter is very very broken, which bfoster's recent fsx changes have exposed. If the pos and len p | ||
| CVE-2024-50249 | — | < 6.12.11-1.1 | 6.12.11-1.1 | Nov 9, 2024 | In the Linux kernel, the following vulnerability has been resolved: ACPI: CPPC: Make rmw_lock a raw_spin_lock The following BUG was triggered: ============================= [ BUG: Invalid wait context ] 6.12.0-rc2-XXX #406 Not tainted ----------------------------- kworker/1:1/ | ||
| CVE-2024-50248 | — | < 6.12.11-1.1 | 6.12.11-1.1 | Nov 9, 2024 | In the Linux kernel, the following vulnerability has been resolved: ntfs3: Add bounds checking to mi_enum_attr() Added bounds checking to make sure that every attr don't stray beyond valid memory region. | ||
| CVE-2024-50247 | — | < 6.12.11-1.1 | 6.12.11-1.1 | Nov 9, 2024 | In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Check if more than chunk-size bytes are written A incorrectly formatted chunk may decompress into more than LZNT_CHUNK_SIZE bytes and a index out of bounds will occur in s_max_off. | ||
| CVE-2024-50245 | — | < 6.12.11-1.1 | 6.12.11-1.1 | Nov 9, 2024 | In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix possible deadlock in mi_read Mutex lock with another subclass used in ni_lock_dir(). | ||
| CVE-2024-50244 | — | < 6.12.11-1.1 | 6.12.11-1.1 | Nov 9, 2024 | In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Additional check in ni_clear() Checking of NTFS_FLAGS_LOG_REPLAYING added to prevent access to uninitialized bitmap during replay process. |
- CVE-2024-50263Nov 11, 2024affected < 6.12.11-1.1fixed 6.12.11-1.1
In the Linux kernel, the following vulnerability has been resolved: fork: only invoke khugepaged, ksm hooks if no error There is no reason to invoke these hooks early against an mm that is in an incomplete state. The change in commit d24062914837 ("fork: use __mt_dup() to dupl
- affected < 6.12.11-1.1fixed 6.12.11-1.1
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix out-of-bounds write in trie_get_next_key() trie_get_next_key() allocates a node stack with size trie->max_prefixlen, while it writes (trie->max_prefixlen + 1) nodes to the stack when it has full paths
- affected < 6.12.11-1.1fixed 6.12.11-1.1
In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_payload: sanitize offset and length before calling skb_checksum() If access to offset + length is larger than the skbuff length, then skb_checksum() triggers BUG_ON(). skb_checksum() internally
- affected < 6.12.11-1.1fixed 6.12.11-1.1
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Add rough attr alloc_size check
- CVE-2024-50261Nov 9, 2024affected < 6.12.11-1.1fixed 6.12.11-1.1
In the Linux kernel, the following vulnerability has been resolved: macsec: Fix use-after-free while sending the offloading packet KASAN reports the following UAF. The metadata_dst, which is used to store the SCI value for macsec offload, is already freed by metadata_dst_free()
- CVE-2024-50260Nov 9, 2024affected < 6.12.11-1.1fixed 6.12.11-1.1
In the Linux kernel, the following vulnerability has been resolved: sock_map: fix a NULL pointer dereference in sock_map_link_update_prog() The following race condition could trigger a NULL pointer dereference: sock_map_link_detach(): sock_map_link_update_prog(): mutex_loc
- CVE-2024-50259Nov 9, 2024affected < 6.12.11-1.1fixed 6.12.11-1.1
In the Linux kernel, the following vulnerability has been resolved: netdevsim: Add trailing zero to terminate the string in nsim_nexthop_bucket_activity_write() This was found by a static analyzer. We should not forget the trailing zero after copy_from_user() if we will further
- CVE-2024-50258Nov 9, 2024affected < 6.12.11-1.1fixed 6.12.11-1.1
In the Linux kernel, the following vulnerability has been resolved: net: fix crash when config small gso_max_size/gso_ipv4_max_size Config a small gso_max_size/gso_ipv4_max_size will lead to an underflow in sk_dst_gso_max_size(), which may trigger a BUG_ON crash, because sk->sk
- CVE-2024-50257Nov 9, 2024affected < 6.12.11-1.1fixed 6.12.11-1.1
In the Linux kernel, the following vulnerability has been resolved: netfilter: Fix use-after-free in get_info() ip6table_nat module unload has refcnt warning for UAF. call trace is: WARNING: CPU: 1 PID: 379 at kernel/module/main.c:853 module_put+0x6f/0x80 Modules linked in: ip
- CVE-2024-50256Nov 9, 2024affected < 6.12.11-1.1fixed 6.12.11-1.1
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6() I got a syzbot report without a repro [1] crashing in nf_send_reset6() I think the issue is that dev->hard_header_len is zero, and we attempt
- CVE-2024-50255Nov 9, 2024affected < 6.12.11-1.1fixed 6.12.11-1.1
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci: fix null-ptr-deref in hci_read_supported_codecs Fix __hci_cmd_sync_sk() to return not NULL for unknown opcodes. __hci_cmd_sync_sk() returns NULL if a command returns a status event. However, it
- CVE-2024-50254Nov 9, 2024affected < 6.12.11-1.1fixed 6.12.11-1.1
In the Linux kernel, the following vulnerability has been resolved: bpf: Free dynamically allocated bits in bpf_iter_bits_destroy() bpf_iter_bits_destroy() uses "kit->nr_bits <= 64" to check whether the bits are dynamically allocated. However, the check is incorrect and may cau
- CVE-2024-50253Nov 9, 2024affected < 6.12.11-1.1fixed 6.12.11-1.1
In the Linux kernel, the following vulnerability has been resolved: bpf: Check the validity of nr_words in bpf_iter_bits_new() Check the validity of nr_words in bpf_iter_bits_new(). Without this check, when multiplication overflow occurs for nr_bits (e.g., when nr_words = 0x040
- CVE-2024-50252Nov 9, 2024affected < 6.12.11-1.1fixed 6.12.11-1.1
In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrum_ipip: Fix memory leak when changing remote IPv6 address The device stores IPv6 addresses that are used for encapsulation in linear memory that is managed by the driver. Changing the remote addr
- CVE-2024-50250Nov 9, 2024affected < 6.12.11-1.1fixed 6.12.11-1.1
In the Linux kernel, the following vulnerability has been resolved: fsdax: dax_unshare_iter needs to copy entire blocks The code that copies data from srcmap to iomap in dax_unshare_iter is very very broken, which bfoster's recent fsx changes have exposed. If the pos and len p
- CVE-2024-50249Nov 9, 2024affected < 6.12.11-1.1fixed 6.12.11-1.1
In the Linux kernel, the following vulnerability has been resolved: ACPI: CPPC: Make rmw_lock a raw_spin_lock The following BUG was triggered: ============================= [ BUG: Invalid wait context ] 6.12.0-rc2-XXX #406 Not tainted ----------------------------- kworker/1:1/
- CVE-2024-50248Nov 9, 2024affected < 6.12.11-1.1fixed 6.12.11-1.1
In the Linux kernel, the following vulnerability has been resolved: ntfs3: Add bounds checking to mi_enum_attr() Added bounds checking to make sure that every attr don't stray beyond valid memory region.
- CVE-2024-50247Nov 9, 2024affected < 6.12.11-1.1fixed 6.12.11-1.1
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Check if more than chunk-size bytes are written A incorrectly formatted chunk may decompress into more than LZNT_CHUNK_SIZE bytes and a index out of bounds will occur in s_max_off.
- CVE-2024-50245Nov 9, 2024affected < 6.12.11-1.1fixed 6.12.11-1.1
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix possible deadlock in mi_read Mutex lock with another subclass used in ni_lock_dir().
- CVE-2024-50244Nov 9, 2024affected < 6.12.11-1.1fixed 6.12.11-1.1
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Additional check in ni_clear() Checking of NTFS_FLAGS_LOG_REPLAYING added to prevent access to uninitialized bitmap during replay process.
Page 11 of 35