rpm package
opensuse/kernel-source-longterm&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/kernel-source-longterm&distro=openSUSE%20Tumbleweed
Vulnerabilities (694)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-50127 | Hig | 7.8 | < 6.12.11-1.1 | 6.12.11-1.1 | Nov 5, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: sched: fix use-after-free in taprio_change() In 'taprio_change()', 'admin' pointer may become dangling due to sched switch / removal caused by 'advance_sched()', and critical section protected by 'q->curre | |
| CVE-2024-50121 | Hig | 7.8 | < 6.12.11-1.1 | 6.12.11-1.1 | Nov 5, 2024 | In the Linux kernel, the following vulnerability has been resolved: nfsd: cancel nfsd_shrinker_work using sync mode in nfs4_state_shutdown_net In the normal case, when we excute `echo 0 > /proc/fs/nfsd/threads`, the function `nfs4_state_destroy_net` in `nfs4_state_shutdown_net` | |
| CVE-2024-50120 | Med | 5.5 | < 6.12.11-1.1 | 6.12.11-1.1 | Nov 5, 2024 | In the Linux kernel, the following vulnerability has been resolved: smb: client: Handle kstrdup failures for passwords In smb3_reconfigure(), after duplicating ctx->password and ctx->password2 with kstrdup(), we need to check for allocation failures. If ses->password allocatio | |
| CVE-2024-50095 | Med | 5.5 | < 6.12.11-1.1 | 6.12.11-1.1 | Nov 5, 2024 | In the Linux kernel, the following vulnerability has been resolved: RDMA/mad: Improve handling of timed out WRs of mad agent Current timeout handler of mad agent acquires/releases mad_agent_priv lock for every timed out WRs. This causes heavy locking contention when higher no. | |
| CVE-2024-50138 | — | < 6.12.11-1.1 | 6.12.11-1.1 | Nov 5, 2024 | In the Linux kernel, the following vulnerability has been resolved: bpf: Use raw_spinlock_t in ringbuf The function __bpf_ringbuf_reserve is invoked from a tracepoint, which disables preemption. Using spinlock_t in this context can lead to a "sleep in atomic" warning in the RT | ||
| CVE-2024-50137 | — | < 6.12.11-1.1 | 6.12.11-1.1 | Nov 5, 2024 | In the Linux kernel, the following vulnerability has been resolved: reset: starfive: jh71x0: Fix accessing the empty member on JH7110 SoC data->asserted will be NULL on JH7110 SoC since commit 82327b127d41 ("reset: starfive: Add StarFive JH7110 reset driver") was added. Add the | ||
| CVE-2024-50136 | — | < 6.12.11-1.1 | 6.12.11-1.1 | Nov 5, 2024 | In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Unregister notifier on eswitch init failure It otherwise remains registered and a subsequent attempt at eswitch enabling might trigger warnings of the sort: [ 682.589148] ------------[ cut here ]--- | ||
| CVE-2024-50135 | — | < 6.12.11-1.1 | 6.12.11-1.1 | Nov 5, 2024 | In the Linux kernel, the following vulnerability has been resolved: nvme-pci: fix race condition between reset and nvme_dev_disable() nvme_dev_disable() modifies the dev->online_queues field, therefore nvme_pci_update_nr_queues() should avoid racing against it, otherwise we cou | ||
| CVE-2024-50133 | — | < 6.12.11-1.1 | 6.12.11-1.1 | Nov 5, 2024 | In the Linux kernel, the following vulnerability has been resolved: LoongArch: Don't crash in stack_top() for tasks without vDSO Not all tasks have a vDSO mapped, for example kthreads never do. If such a task ever ends up calling stack_top(), it will derefence the NULL vdso poi | ||
| CVE-2024-50132 | — | < 6.12.11-1.1 | 6.12.11-1.1 | Nov 5, 2024 | In the Linux kernel, the following vulnerability has been resolved: tracing/probes: Fix MAX_TRACE_ARGS limit handling When creating a trace_probe we would set nr_args prior to truncating the arguments to MAX_TRACE_ARGS. However, we would only initialize arguments up to the limi | ||
| CVE-2024-50130 | — | < 6.12.11-1.1 | 6.12.11-1.1 | Nov 5, 2024 | In the Linux kernel, the following vulnerability has been resolved: netfilter: bpf: must hold reference on net namespace BUG: KASAN: slab-use-after-free in __nf_unregister_net_hook+0x640/0x6b0 Read of size 8 at addr ffff8880106fe400 by task repro/72= bpf_nf_link_release+0xda/0x | ||
| CVE-2024-50129 | — | < 6.12.11-1.1 | 6.12.11-1.1 | Nov 5, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: pse-pd: Fix out of bound for loop Adjust the loop limit to prevent out-of-bounds access when iterating over PI structures. The loop should not reach the index pcdev->nr_lines since we allocate exactly pcde | ||
| CVE-2024-50128 | — | < 6.12.11-1.1 | 6.12.11-1.1 | Nov 5, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: wwan: fix global oob in wwan_rtnl_policy The variable wwan_rtnl_link_ops assign a *bigger* maxtype which leads to a global out-of-bounds read when parsing the netlink attributes. Exactly same bug cause as | ||
| CVE-2024-50126 | — | < 6.12.11-1.1 | 6.12.11-1.1 | Nov 5, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: sched: use RCU read-side critical section in taprio_dump() Fix possible use-after-free in 'taprio_dump()' by adding RCU read-side critical section there. Never seen on x86 but found on a KASAN-enabled arm6 | ||
| CVE-2024-50125 | — | < 6.12.11-1.1 | 6.12.11-1.1 | Nov 5, 2024 | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SCO: Fix UAF on sco_sock_timeout conn->sk maybe have been unlinked/freed while waiting for sco_conn_lock so this checks if the conn->sk is still valid by checking if it part of sco_sk_list. | ||
| CVE-2024-50124 | — | < 6.12.11-1.1 | 6.12.11-1.1 | Nov 5, 2024 | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ISO: Fix UAF on iso_sock_timeout conn->sk maybe have been unlinked/freed while waiting for iso_conn_lock so this checks if the conn->sk is still valid by checking if it part of iso_sk_list. | ||
| CVE-2024-50123 | — | < 6.12.11-1.1 | 6.12.11-1.1 | Nov 5, 2024 | In the Linux kernel, the following vulnerability has been resolved: bpf: Add the missing BPF_LINK_TYPE invocation for sockmap There is an out-of-bounds read in bpf_link_show_fdinfo() for the sockmap link fd. Fix it by adding the missing BPF_LINK_TYPE invocation for sockmap link | ||
| CVE-2024-50122 | — | < 6.12.11-1.1 | 6.12.11-1.1 | Nov 5, 2024 | In the Linux kernel, the following vulnerability has been resolved: PCI: Hold rescan lock while adding devices during host probe Since adding the PCI power control code, we may end up with a race between the pwrctl platform device rescanning the bus and host controller probe fu | ||
| CVE-2024-50119 | — | < 6.12.11-1.1 | 6.12.11-1.1 | Nov 5, 2024 | In the Linux kernel, the following vulnerability has been resolved: cifs: fix warning when destroy 'cifs_io_request_pool' There's a issue as follows: WARNING: CPU: 1 PID: 27826 at mm/slub.c:4698 free_large_kmalloc+0xac/0xe0 RIP: 0010:free_large_kmalloc+0xac/0xe0 Call Trace: <T | ||
| CVE-2024-50118 | — | < 6.12.11-1.1 | 6.12.11-1.1 | Nov 5, 2024 | In the Linux kernel, the following vulnerability has been resolved: btrfs: reject ro->rw reconfiguration if there are hard ro requirements [BUG] Syzbot reports the following crash: BTRFS info (device loop0 state MCS): disabling free space tree BTRFS info (device loop0 stat |
- affected < 6.12.11-1.1fixed 6.12.11-1.1
In the Linux kernel, the following vulnerability has been resolved: net: sched: fix use-after-free in taprio_change() In 'taprio_change()', 'admin' pointer may become dangling due to sched switch / removal caused by 'advance_sched()', and critical section protected by 'q->curre
- affected < 6.12.11-1.1fixed 6.12.11-1.1
In the Linux kernel, the following vulnerability has been resolved: nfsd: cancel nfsd_shrinker_work using sync mode in nfs4_state_shutdown_net In the normal case, when we excute `echo 0 > /proc/fs/nfsd/threads`, the function `nfs4_state_destroy_net` in `nfs4_state_shutdown_net`
- affected < 6.12.11-1.1fixed 6.12.11-1.1
In the Linux kernel, the following vulnerability has been resolved: smb: client: Handle kstrdup failures for passwords In smb3_reconfigure(), after duplicating ctx->password and ctx->password2 with kstrdup(), we need to check for allocation failures. If ses->password allocatio
- affected < 6.12.11-1.1fixed 6.12.11-1.1
In the Linux kernel, the following vulnerability has been resolved: RDMA/mad: Improve handling of timed out WRs of mad agent Current timeout handler of mad agent acquires/releases mad_agent_priv lock for every timed out WRs. This causes heavy locking contention when higher no.
- CVE-2024-50138Nov 5, 2024affected < 6.12.11-1.1fixed 6.12.11-1.1
In the Linux kernel, the following vulnerability has been resolved: bpf: Use raw_spinlock_t in ringbuf The function __bpf_ringbuf_reserve is invoked from a tracepoint, which disables preemption. Using spinlock_t in this context can lead to a "sleep in atomic" warning in the RT
- CVE-2024-50137Nov 5, 2024affected < 6.12.11-1.1fixed 6.12.11-1.1
In the Linux kernel, the following vulnerability has been resolved: reset: starfive: jh71x0: Fix accessing the empty member on JH7110 SoC data->asserted will be NULL on JH7110 SoC since commit 82327b127d41 ("reset: starfive: Add StarFive JH7110 reset driver") was added. Add the
- CVE-2024-50136Nov 5, 2024affected < 6.12.11-1.1fixed 6.12.11-1.1
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Unregister notifier on eswitch init failure It otherwise remains registered and a subsequent attempt at eswitch enabling might trigger warnings of the sort: [ 682.589148] ------------[ cut here ]---
- CVE-2024-50135Nov 5, 2024affected < 6.12.11-1.1fixed 6.12.11-1.1
In the Linux kernel, the following vulnerability has been resolved: nvme-pci: fix race condition between reset and nvme_dev_disable() nvme_dev_disable() modifies the dev->online_queues field, therefore nvme_pci_update_nr_queues() should avoid racing against it, otherwise we cou
- CVE-2024-50133Nov 5, 2024affected < 6.12.11-1.1fixed 6.12.11-1.1
In the Linux kernel, the following vulnerability has been resolved: LoongArch: Don't crash in stack_top() for tasks without vDSO Not all tasks have a vDSO mapped, for example kthreads never do. If such a task ever ends up calling stack_top(), it will derefence the NULL vdso poi
- CVE-2024-50132Nov 5, 2024affected < 6.12.11-1.1fixed 6.12.11-1.1
In the Linux kernel, the following vulnerability has been resolved: tracing/probes: Fix MAX_TRACE_ARGS limit handling When creating a trace_probe we would set nr_args prior to truncating the arguments to MAX_TRACE_ARGS. However, we would only initialize arguments up to the limi
- CVE-2024-50130Nov 5, 2024affected < 6.12.11-1.1fixed 6.12.11-1.1
In the Linux kernel, the following vulnerability has been resolved: netfilter: bpf: must hold reference on net namespace BUG: KASAN: slab-use-after-free in __nf_unregister_net_hook+0x640/0x6b0 Read of size 8 at addr ffff8880106fe400 by task repro/72= bpf_nf_link_release+0xda/0x
- CVE-2024-50129Nov 5, 2024affected < 6.12.11-1.1fixed 6.12.11-1.1
In the Linux kernel, the following vulnerability has been resolved: net: pse-pd: Fix out of bound for loop Adjust the loop limit to prevent out-of-bounds access when iterating over PI structures. The loop should not reach the index pcdev->nr_lines since we allocate exactly pcde
- CVE-2024-50128Nov 5, 2024affected < 6.12.11-1.1fixed 6.12.11-1.1
In the Linux kernel, the following vulnerability has been resolved: net: wwan: fix global oob in wwan_rtnl_policy The variable wwan_rtnl_link_ops assign a *bigger* maxtype which leads to a global out-of-bounds read when parsing the netlink attributes. Exactly same bug cause as
- CVE-2024-50126Nov 5, 2024affected < 6.12.11-1.1fixed 6.12.11-1.1
In the Linux kernel, the following vulnerability has been resolved: net: sched: use RCU read-side critical section in taprio_dump() Fix possible use-after-free in 'taprio_dump()' by adding RCU read-side critical section there. Never seen on x86 but found on a KASAN-enabled arm6
- CVE-2024-50125Nov 5, 2024affected < 6.12.11-1.1fixed 6.12.11-1.1
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SCO: Fix UAF on sco_sock_timeout conn->sk maybe have been unlinked/freed while waiting for sco_conn_lock so this checks if the conn->sk is still valid by checking if it part of sco_sk_list.
- CVE-2024-50124Nov 5, 2024affected < 6.12.11-1.1fixed 6.12.11-1.1
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ISO: Fix UAF on iso_sock_timeout conn->sk maybe have been unlinked/freed while waiting for iso_conn_lock so this checks if the conn->sk is still valid by checking if it part of iso_sk_list.
- CVE-2024-50123Nov 5, 2024affected < 6.12.11-1.1fixed 6.12.11-1.1
In the Linux kernel, the following vulnerability has been resolved: bpf: Add the missing BPF_LINK_TYPE invocation for sockmap There is an out-of-bounds read in bpf_link_show_fdinfo() for the sockmap link fd. Fix it by adding the missing BPF_LINK_TYPE invocation for sockmap link
- CVE-2024-50122Nov 5, 2024affected < 6.12.11-1.1fixed 6.12.11-1.1
In the Linux kernel, the following vulnerability has been resolved: PCI: Hold rescan lock while adding devices during host probe Since adding the PCI power control code, we may end up with a race between the pwrctl platform device rescanning the bus and host controller probe fu
- CVE-2024-50119Nov 5, 2024affected < 6.12.11-1.1fixed 6.12.11-1.1
In the Linux kernel, the following vulnerability has been resolved: cifs: fix warning when destroy 'cifs_io_request_pool' There's a issue as follows: WARNING: CPU: 1 PID: 27826 at mm/slub.c:4698 free_large_kmalloc+0xac/0xe0 RIP: 0010:free_large_kmalloc+0xac/0xe0 Call Trace: <T
- CVE-2024-50118Nov 5, 2024affected < 6.12.11-1.1fixed 6.12.11-1.1
In the Linux kernel, the following vulnerability has been resolved: btrfs: reject ro->rw reconfiguration if there are hard ro requirements [BUG] Syzbot reports the following crash: BTRFS info (device loop0 state MCS): disabling free space tree BTRFS info (device loop0 stat
Page 17 of 35