VYPR

rpm package

opensuse/kernel-source-longterm&distro=openSUSE Tumbleweed

pkg:rpm/opensuse/kernel-source-longterm&distro=openSUSE%20Tumbleweed

Vulnerabilities (694)

  • CVE-2024-49992Oct 21, 2024
    affected < 6.12.11-1.1fixed 6.12.11-1.1

    In the Linux kernel, the following vulnerability has been resolved: drm/stm: Avoid use-after-free issues with crtc and plane ltdc_load() calls functions drm_crtc_init_with_planes(), drm_universal_plane_init() and drm_encoder_init(). These functions should not be called with par

  • CVE-2024-49990Oct 21, 2024
    affected < 6.12.11-1.1fixed 6.12.11-1.1

    In the Linux kernel, the following vulnerability has been resolved: drm/xe/hdcp: Check GSC structure validity Sometimes xe_gsc is not initialized when checked at HDCP capability check. Add gsc structure check to avoid null pointer error.

  • CVE-2024-49988Oct 21, 2024
    affected < 6.12.11-1.1fixed 6.12.11-1.1

    In the Linux kernel, the following vulnerability has been resolved: ksmbd: add refcnt to ksmbd_conn struct When sending an oplock break request, opinfo->conn is used, But freed ->conn can be used on multichannel. This patch add a reference count to the ksmbd_conn struct so that

  • CVE-2024-49987Oct 21, 2024
    affected < 6.12.11-1.1fixed 6.12.11-1.1

    In the Linux kernel, the following vulnerability has been resolved: bpftool: Fix undefined behavior in qsort(NULL, 0, ...) When netfilter has no entry to display, qsort is called with qsort(NULL, 0, ...). This results in undefined behavior, as UBSan reports: net.c:827:2: runti

  • CVE-2024-49985Oct 21, 2024
    affected < 6.12.11-1.1fixed 6.12.11-1.1

    In the Linux kernel, the following vulnerability has been resolved: i2c: stm32f7: Do not prepare/unprepare clock during runtime suspend/resume In case there is any sort of clock controller attached to this I2C bus controller, for example Versaclock or even an AIC32x4 I2C codec,

  • CVE-2024-49984Oct 21, 2024
    affected < 6.12.11-1.1fixed 6.12.11-1.1

    In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Prevent out of bounds access in performance query extensions Check that the number of perfmons userspace is passing in the copy and reset extensions is not greater than the internal kernel storage wher

  • CVE-2024-49983Oct 21, 2024
    affected < 6.12.11-1.1fixed 6.12.11-1.1

    In the Linux kernel, the following vulnerability has been resolved: ext4: drop ppath from ext4_ext_replay_update_ex() to avoid double-free When calling ext4_force_split_extent_at() in ext4_ext_replay_update_ex(), the 'ppath' is updated but it is the 'path' that is freed, thus p

  • CVE-2024-49982Oct 21, 2024
    affected < 6.12.11-1.1fixed 6.12.11-1.1

    In the Linux kernel, the following vulnerability has been resolved: aoe: fix the potential use-after-free problem in more places For fixing CVE-2023-6270, f98364e92662 ("aoe: fix the potential use-after-free problem in aoecmd_cfg_pkts") makes tx() calling dev_put() instead of d

  • CVE-2024-49981Oct 21, 2024
    affected < 6.12.11-1.1fixed 6.12.11-1.1

    In the Linux kernel, the following vulnerability has been resolved: media: venus: fix use after free bug in venus_remove due to race condition in venus_probe, core->work is bound with venus_sys_error_handler, which is used to handle error. The code use core->sys_err_done to mak

  • CVE-2024-49980Oct 21, 2024
    affected < 6.12.11-1.1fixed 6.12.11-1.1

    In the Linux kernel, the following vulnerability has been resolved: vrf: revert "vrf: Remove unnecessary RCU-bh critical section" This reverts commit 504fc6f4f7f681d2a03aa5f68aad549d90eab853. dev_queue_xmit_nit is expected to be called with BH disabled. __dev_queue_xmit has th

  • CVE-2024-49979Oct 21, 2024
    affected < 6.12.11-1.1fixed 6.12.11-1.1

    In the Linux kernel, the following vulnerability has been resolved: net: gso: fix tcp fraglist segmentation after pull from frag_list Detect tcp gso fraglist skbs with corrupted geometry (see below) and pass these to skb_segment instead of skb_segment_list, as the first can seg

  • CVE-2024-49978Oct 21, 2024
    affected < 6.12.11-1.1fixed 6.12.11-1.1

    In the Linux kernel, the following vulnerability has been resolved: gso: fix udp gso fraglist segmentation after pull from frag_list Detect gso fraglist skbs with corrupted geometry (see below) and pass these to skb_segment instead of skb_segment_list, as the first can segment

  • CVE-2024-49976Oct 21, 2024
    affected < 6.12.11-1.1fixed 6.12.11-1.1

    In the Linux kernel, the following vulnerability has been resolved: tracing/timerlat: Drop interface_lock in stop_kthread() stop_kthread() is the offline callback for "trace/osnoise:online", since commit 5bfbcd1ee57b ("tracing/timerlat: Add interface_lock around clearing of kth

  • CVE-2024-49975Oct 21, 2024
    affected < 6.12.11-1.1fixed 6.12.11-1.1

    In the Linux kernel, the following vulnerability has been resolved: uprobes: fix kernel info leak via "[uprobes]" vma xol_add_vma() maps the uninitialized page allocated by __create_xol_area() into userspace. On some architectures (x86) this memory is readable even without VM_R

  • CVE-2024-49974Oct 21, 2024
    affected < 6.12.11-1.1fixed 6.12.11-1.1

    In the Linux kernel, the following vulnerability has been resolved: NFSD: Limit the number of concurrent async COPY operations Nothing appears to limit the number of concurrent async COPY operations that clients can start. In addition, AFAICT each async COPY can copy an unlimit

  • CVE-2024-49972Oct 21, 2024
    affected < 6.12.11-1.1fixed 6.12.11-1.1

    In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Deallocate DML memory if allocation fails [Why] When DC state create DML memory allocation fails, memory is not deallocated subsequently, resulting in uninitialized structure that is not NULL.

  • CVE-2024-49971Oct 21, 2024
    affected < 6.12.11-1.1fixed 6.12.11-1.1

    In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Increase array size of dummy_boolean [WHY] dml2_core_shared_mode_support and dml_core_mode_support access the third element of dummy_boolean, i.e. hw_debug5 = &s->dummy_boolean[2], when dummy_b

  • CVE-2024-49970Oct 21, 2024
    affected < 6.12.11-1.1fixed 6.12.11-1.1

    In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Implement bounds check for stream encoder creation in DCN401 'stream_enc_regs' array is an array of dcn10_stream_enc_registers structures. The array is initialized with four elements, correspon

  • CVE-2024-49969Oct 21, 2024
    affected < 6.12.11-1.1fixed 6.12.11-1.1

    In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix index out of bounds in DCN30 color transformation This commit addresses a potential index out of bounds issue in the `cm3_helper_translate_curve_to_hw_format` function in the DCN30 color ma

  • CVE-2024-49968Oct 21, 2024
    affected < 6.12.11-1.1fixed 6.12.11-1.1

    In the Linux kernel, the following vulnerability has been resolved: ext4: filesystems without casefold feature cannot be mounted with siphash When mounting the ext4 filesystem, if the default hash version is set to DX_HASH_SIPHASH but the casefold feature is not set, exit the m

Page 25 of 35