rpm package
opensuse/kernel-source-longterm&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/kernel-source-longterm&distro=openSUSE%20Tumbleweed
Vulnerabilities (694)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-50117 | — | < 6.12.11-1.1 | 6.12.11-1.1 | Nov 5, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/amd: Guard against bad data for ATIF ACPI method If a BIOS provides bad data in response to an ATIF method call this causes a NULL pointer dereference in the caller. ``` ? show_regs (arch/x86/kernel/dumpst | ||
| CVE-2024-50116 | — | < 6.12.11-1.1 | 6.12.11-1.1 | Nov 5, 2024 | In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix kernel bug due to missing clearing of buffer delay flag Syzbot reported that after nilfs2 reads a corrupted file system image and degrades to read-only, the BUG_ON check for the buffer delay flag in | ||
| CVE-2024-50115 | — | < 6.12.11-1.1 | 6.12.11-1.1 | Nov 5, 2024 | In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory Ignore nCR3[4:0] when loading PDPTEs from memory for nested SVM, as bits 4:0 of CR3 are ignored when PAE paging is used, and thus VMRUN doesn't enforc | ||
| CVE-2024-50114 | — | < 6.12.11-1.1 | 6.12.11-1.1 | Nov 5, 2024 | In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Unregister redistributor for failed vCPU creation Alex reports that syzkaller has managed to trigger a use-after-free when tearing down a VM: BUG: KASAN: slab-use-after-free in kvm_put_kvm+0x300/ | ||
| CVE-2024-50113 | — | < 6.12.11-1.1 | 6.12.11-1.1 | Nov 5, 2024 | In the Linux kernel, the following vulnerability has been resolved: firewire: core: fix invalid port index for parent device In a commit 24b7f8e5cd65 ("firewire: core: use helper functions for self ID sequence"), the enumeration over self ID sequence was refactored with some he | ||
| CVE-2024-50112 | — | < 6.12.11-1.1 | 6.12.11-1.1 | Nov 5, 2024 | In the Linux kernel, the following vulnerability has been resolved: x86/lam: Disable ADDRESS_MASKING in most cases Linear Address Masking (LAM) has a weakness related to transient execution as described in the SLAM paper[1]. Unless Linear Address Space Separation (LASS) is enab | ||
| CVE-2024-50111 | — | < 6.12.11-1.1 | 6.12.11-1.1 | Nov 5, 2024 | In the Linux kernel, the following vulnerability has been resolved: LoongArch: Enable IRQ if do_ale() triggered in irq-enabled context Unaligned access exception can be triggered in irq-enabled context such as user mode, in this case do_ale() may call get_user() which may cause | ||
| CVE-2024-50110 | — | < 6.12.11-1.1 | 6.12.11-1.1 | Nov 5, 2024 | In the Linux kernel, the following vulnerability has been resolved: xfrm: fix one more kernel-infoleak in algo dumping During fuzz testing, the following issue was discovered: BUG: KMSAN: kernel-infoleak in _copy_to_iter+0x598/0x2a30 _copy_to_iter+0x598/0x2a30 __skb_datagram | ||
| CVE-2024-50109 | — | < 6.12.11-1.1 | 6.12.11-1.1 | Nov 5, 2024 | In the Linux kernel, the following vulnerability has been resolved: md/raid10: fix null ptr dereference in raid10_size() In raid10_run() if raid10_set_queue_limits() succeed, the return value is set to zero, and if following procedures failed raid10_run() will return zero while | ||
| CVE-2024-50108 | — | < 6.12.11-1.1 | 6.12.11-1.1 | Nov 5, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Disable PSR-SU on Parade 08-01 TCON too Stuart Hayhurst has found that both at bootup and fullscreen VA-API video is leading to black screens for around 1 second and kernel WARNING [1] traces w | ||
| CVE-2024-50107 | — | < 6.12.11-1.1 | 6.12.11-1.1 | Nov 5, 2024 | In the Linux kernel, the following vulnerability has been resolved: platform/x86/intel/pmc: Fix pmc_core_iounmap to call iounmap for valid addresses Commit 50c6dbdfd16e ("x86/ioremap: Improve iounmap() address range checks") introduces a WARN when adrress ranges of iounmap are | ||
| CVE-2024-50106 | — | < 6.12.11-1.1 | 6.12.11-1.1 | Nov 5, 2024 | In the Linux kernel, the following vulnerability has been resolved: nfsd: fix race between laundromat and free_stateid There is a race between laundromat handling of revoked delegations and a client sending free_stateid operation. Laundromat thread finds that delegation has exp | ||
| CVE-2024-50105 | — | < 6.12.11-1.1 | 6.12.11-1.1 | Nov 5, 2024 | In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: sc7280: Fix missing Soundwire runtime stream alloc Commit 15c7fab0e047 ("ASoC: qcom: Move Soundwire runtime stream alloc to soundcards") moved the allocation of Soundwire stream runtime from the Qua | ||
| CVE-2024-50104 | — | < 6.12.11-1.1 | 6.12.11-1.1 | Nov 5, 2024 | In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: sdm845: add missing soundwire runtime stream alloc During the migration of Soundwire runtime stream allocation from the Qualcomm Soundwire controller to SoC's soundcard drivers the sdm845 soundcard | ||
| CVE-2024-50103 | — | < 6.12.11-1.1 | 6.12.11-1.1 | Nov 5, 2024 | In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: Fix NULL Dereference in asoc_qcom_lpass_cpu_platform_probe() A devm_kzalloc() in asoc_qcom_lpass_cpu_platform_probe() could possibly return NULL pointer. NULL Pointer Dereference may be triggerred w | ||
| CVE-2024-50102 | — | < 6.12.11-1.1 | 6.12.11-1.1 | Nov 5, 2024 | In the Linux kernel, the following vulnerability has been resolved: x86: fix user address masking non-canonical speculation issue It turns out that AMD has a "Meltdown Lite(tm)" issue with non-canonical accesses in kernel space. And so using just the high bit to decide whether | ||
| CVE-2024-50101 | — | < 6.12.11-1.1 | 6.12.11-1.1 | Nov 5, 2024 | In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix incorrect pci_for_each_dma_alias() for non-PCI devices Previously, the domain_context_clear() function incorrectly called pci_for_each_dma_alias() to set up context entries for non-PCI devices. | ||
| CVE-2024-50100 | — | < 6.12.11-1.1 | 6.12.11-1.1 | Nov 5, 2024 | In the Linux kernel, the following vulnerability has been resolved: USB: gadget: dummy-hcd: Fix "task hung" problem The syzbot fuzzer has been encountering "task hung" problems ever since the dummy-hcd driver was changed to use hrtimers instead of regular timers. It turns out | ||
| CVE-2024-50099 | — | < 6.12.11-1.1 | 6.12.11-1.1 | Nov 5, 2024 | In the Linux kernel, the following vulnerability has been resolved: arm64: probes: Remove broken LDR (literal) uprobe support The simulate_ldr_literal() and simulate_ldrsw_literal() functions are unsafe to use for uprobes. Both functions were originally written for use with kpr | ||
| CVE-2024-50098 | — | < 6.12.11-1.1 | 6.12.11-1.1 | Nov 5, 2024 | In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Set SDEV_OFFLINE when UFS is shut down There is a history of deadlock if reboot is performed at the beginning of booting. SDEV_QUIESCE was set for all LU's scsi_devices by UFS shutdown, and at |
- CVE-2024-50117Nov 5, 2024affected < 6.12.11-1.1fixed 6.12.11-1.1
In the Linux kernel, the following vulnerability has been resolved: drm/amd: Guard against bad data for ATIF ACPI method If a BIOS provides bad data in response to an ATIF method call this causes a NULL pointer dereference in the caller. ``` ? show_regs (arch/x86/kernel/dumpst
- CVE-2024-50116Nov 5, 2024affected < 6.12.11-1.1fixed 6.12.11-1.1
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix kernel bug due to missing clearing of buffer delay flag Syzbot reported that after nilfs2 reads a corrupted file system image and degrades to read-only, the BUG_ON check for the buffer delay flag in
- CVE-2024-50115Nov 5, 2024affected < 6.12.11-1.1fixed 6.12.11-1.1
In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory Ignore nCR3[4:0] when loading PDPTEs from memory for nested SVM, as bits 4:0 of CR3 are ignored when PAE paging is used, and thus VMRUN doesn't enforc
- CVE-2024-50114Nov 5, 2024affected < 6.12.11-1.1fixed 6.12.11-1.1
In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Unregister redistributor for failed vCPU creation Alex reports that syzkaller has managed to trigger a use-after-free when tearing down a VM: BUG: KASAN: slab-use-after-free in kvm_put_kvm+0x300/
- CVE-2024-50113Nov 5, 2024affected < 6.12.11-1.1fixed 6.12.11-1.1
In the Linux kernel, the following vulnerability has been resolved: firewire: core: fix invalid port index for parent device In a commit 24b7f8e5cd65 ("firewire: core: use helper functions for self ID sequence"), the enumeration over self ID sequence was refactored with some he
- CVE-2024-50112Nov 5, 2024affected < 6.12.11-1.1fixed 6.12.11-1.1
In the Linux kernel, the following vulnerability has been resolved: x86/lam: Disable ADDRESS_MASKING in most cases Linear Address Masking (LAM) has a weakness related to transient execution as described in the SLAM paper[1]. Unless Linear Address Space Separation (LASS) is enab
- CVE-2024-50111Nov 5, 2024affected < 6.12.11-1.1fixed 6.12.11-1.1
In the Linux kernel, the following vulnerability has been resolved: LoongArch: Enable IRQ if do_ale() triggered in irq-enabled context Unaligned access exception can be triggered in irq-enabled context such as user mode, in this case do_ale() may call get_user() which may cause
- CVE-2024-50110Nov 5, 2024affected < 6.12.11-1.1fixed 6.12.11-1.1
In the Linux kernel, the following vulnerability has been resolved: xfrm: fix one more kernel-infoleak in algo dumping During fuzz testing, the following issue was discovered: BUG: KMSAN: kernel-infoleak in _copy_to_iter+0x598/0x2a30 _copy_to_iter+0x598/0x2a30 __skb_datagram
- CVE-2024-50109Nov 5, 2024affected < 6.12.11-1.1fixed 6.12.11-1.1
In the Linux kernel, the following vulnerability has been resolved: md/raid10: fix null ptr dereference in raid10_size() In raid10_run() if raid10_set_queue_limits() succeed, the return value is set to zero, and if following procedures failed raid10_run() will return zero while
- CVE-2024-50108Nov 5, 2024affected < 6.12.11-1.1fixed 6.12.11-1.1
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Disable PSR-SU on Parade 08-01 TCON too Stuart Hayhurst has found that both at bootup and fullscreen VA-API video is leading to black screens for around 1 second and kernel WARNING [1] traces w
- CVE-2024-50107Nov 5, 2024affected < 6.12.11-1.1fixed 6.12.11-1.1
In the Linux kernel, the following vulnerability has been resolved: platform/x86/intel/pmc: Fix pmc_core_iounmap to call iounmap for valid addresses Commit 50c6dbdfd16e ("x86/ioremap: Improve iounmap() address range checks") introduces a WARN when adrress ranges of iounmap are
- CVE-2024-50106Nov 5, 2024affected < 6.12.11-1.1fixed 6.12.11-1.1
In the Linux kernel, the following vulnerability has been resolved: nfsd: fix race between laundromat and free_stateid There is a race between laundromat handling of revoked delegations and a client sending free_stateid operation. Laundromat thread finds that delegation has exp
- CVE-2024-50105Nov 5, 2024affected < 6.12.11-1.1fixed 6.12.11-1.1
In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: sc7280: Fix missing Soundwire runtime stream alloc Commit 15c7fab0e047 ("ASoC: qcom: Move Soundwire runtime stream alloc to soundcards") moved the allocation of Soundwire stream runtime from the Qua
- CVE-2024-50104Nov 5, 2024affected < 6.12.11-1.1fixed 6.12.11-1.1
In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: sdm845: add missing soundwire runtime stream alloc During the migration of Soundwire runtime stream allocation from the Qualcomm Soundwire controller to SoC's soundcard drivers the sdm845 soundcard
- CVE-2024-50103Nov 5, 2024affected < 6.12.11-1.1fixed 6.12.11-1.1
In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: Fix NULL Dereference in asoc_qcom_lpass_cpu_platform_probe() A devm_kzalloc() in asoc_qcom_lpass_cpu_platform_probe() could possibly return NULL pointer. NULL Pointer Dereference may be triggerred w
- CVE-2024-50102Nov 5, 2024affected < 6.12.11-1.1fixed 6.12.11-1.1
In the Linux kernel, the following vulnerability has been resolved: x86: fix user address masking non-canonical speculation issue It turns out that AMD has a "Meltdown Lite(tm)" issue with non-canonical accesses in kernel space. And so using just the high bit to decide whether
- CVE-2024-50101Nov 5, 2024affected < 6.12.11-1.1fixed 6.12.11-1.1
In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix incorrect pci_for_each_dma_alias() for non-PCI devices Previously, the domain_context_clear() function incorrectly called pci_for_each_dma_alias() to set up context entries for non-PCI devices.
- CVE-2024-50100Nov 5, 2024affected < 6.12.11-1.1fixed 6.12.11-1.1
In the Linux kernel, the following vulnerability has been resolved: USB: gadget: dummy-hcd: Fix "task hung" problem The syzbot fuzzer has been encountering "task hung" problems ever since the dummy-hcd driver was changed to use hrtimers instead of regular timers. It turns out
- CVE-2024-50099Nov 5, 2024affected < 6.12.11-1.1fixed 6.12.11-1.1
In the Linux kernel, the following vulnerability has been resolved: arm64: probes: Remove broken LDR (literal) uprobe support The simulate_ldr_literal() and simulate_ldrsw_literal() functions are unsafe to use for uprobes. Both functions were originally written for use with kpr
- CVE-2024-50098Nov 5, 2024affected < 6.12.11-1.1fixed 6.12.11-1.1
In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Set SDEV_OFFLINE when UFS is shut down There is a history of deadlock if reboot is performed at the beginning of booting. SDEV_QUIESCE was set for all LU's scsi_devices by UFS shutdown, and at
Page 18 of 35