rpm package
opensuse/kernel-syms&distro=openSUSE Leap 15.5
pkg:rpm/opensuse/kernel-syms&distro=openSUSE%20Leap%2015.5
Vulnerabilities (1,895)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-42238 | — | < 5.14.21-150500.55.80.1 | 5.14.21-150500.55.80.1 | Aug 7, 2024 | In the Linux kernel, the following vulnerability has been resolved: firmware: cs_dsp: Return error if block header overflows file Return an error from cs_dsp_power_up() if a block header is longer than the amount of data left in the file. The previous code in cs_dsp_load() and | ||
| CVE-2024-42237 | — | < 5.14.21-150500.55.80.1 | 5.14.21-150500.55.80.1 | Aug 7, 2024 | In the Linux kernel, the following vulnerability has been resolved: firmware: cs_dsp: Validate payload length before processing block Move the payload length check in cs_dsp_load() and cs_dsp_coeff_load() to be done before the block is processed. The check that the length of a | ||
| CVE-2024-42236 | — | < 5.14.21-150500.55.80.1 | 5.14.21-150500.55.80.1 | Aug 7, 2024 | In the Linux kernel, the following vulnerability has been resolved: usb: gadget: configfs: Prevent OOB read/write in usb_string_copy() Userspace provided string 's' could trivially have the length zero. Left unchecked this will firstly result in an OOB read in the form `if (str | ||
| CVE-2024-42232 | — | < 5.14.21-150500.55.80.1 | 5.14.21-150500.55.80.1 | Aug 7, 2024 | In the Linux kernel, the following vulnerability has been resolved: libceph: fix race between delayed_work() and ceph_monc_stop() The way the delayed work is handled in ceph_monc_stop() is prone to races with mon_fault() and possibly also finish_hunting(). Both of these can re | ||
| CVE-2024-42114 | Med | 4.4 | < 5.14.21-150500.55.80.1 | 5.14.21-150500.55.80.1 | Jul 30, 2024 | In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values syzbot is able to trigger softlockups, setting NL80211_ATTR_TXQ_QUANTUM to 2^31. We had a similar issue in sch_fq, fixed with commit d9e15a273306 ("pkt_ | |
| CVE-2024-42230 | — | < 5.14.21-150500.55.73.1 | 5.14.21-150500.55.73.1 | Jul 30, 2024 | In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries: Fix scv instruction crash with kexec kexec on pseries disables AIL (reloc_on_exc), required for scv instruction support, before other CPUs have been shut down. This means they can execute scv i | ||
| CVE-2024-42229 | — | < 5.14.21-150500.55.80.1 | 5.14.21-150500.55.80.1 | Jul 30, 2024 | In the Linux kernel, the following vulnerability has been resolved: crypto: aead,cipher - zeroize key buffer after use I.G 9.7.B for FIPS 140-3 specifies that variables temporarily holding cryptographic information should be zeroized once they are no longer needed. Accomplish t | ||
| CVE-2024-42228 | — | < 5.14.21-150500.55.80.1 | 5.14.21-150500.55.80.1 | Jul 30, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc Initialize the size before calling amdgpu_vce_cs_reloc, such as case 0x03000001. V2: To really improve the handling we would actually | ||
| CVE-2024-42225 | — | < 5.14.21-150500.55.80.1 | 5.14.21-150500.55.80.1 | Jul 30, 2024 | In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: replace skb_put with skb_put_zero Avoid potentially reusing uninitialized data | ||
| CVE-2024-42224 | — | < 5.14.21-150500.55.73.1 | 5.14.21-150500.55.73.1 | Jul 30, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: dsa: mv88e6xxx: Correct check for empty list Since commit a3c53be55c95 ("net: dsa: mv88e6xxx: Support multiple MDIO busses") mv88e6xxx_default_mdio_bus() has checked that the return value of list_first_ent | ||
| CVE-2024-42223 | — | < 5.14.21-150500.55.80.1 | 5.14.21-150500.55.80.1 | Jul 30, 2024 | In the Linux kernel, the following vulnerability has been resolved: media: dvb-frontends: tda10048: Fix integer overflow state->xtal_hz can be up to 16M, so it can overflow a 32 bit integer when multiplied by pll_mfactor. Create a new 64 bit variable to hold the calculations. | ||
| CVE-2024-42162 | — | < 5.14.21-150500.55.80.1 | 5.14.21-150500.55.80.1 | Jul 30, 2024 | In the Linux kernel, the following vulnerability has been resolved: gve: Account for stopped queues when reading NIC stats We now account for the fact that the NIC might send us stats for a subset of queues. Without this change, gve_get_ethtool_stats might make an invalid acces | ||
| CVE-2024-42161 | — | < 5.14.21-150500.55.73.1 | 5.14.21-150500.55.73.1 | Jul 30, 2024 | In the Linux kernel, the following vulnerability has been resolved: bpf: Avoid uninitialized value in BPF_CORE_READ_BITFIELD [Changes from V1: - Use a default branch in the switch statement to initialize `val'.] GCC warns that `val' may be used uninitialized in the BPF_CRE_RE | ||
| CVE-2024-42158 | — | < 5.14.21-150500.55.80.1 | 5.14.21-150500.55.80.1 | Jul 30, 2024 | In the Linux kernel, the following vulnerability has been resolved: s390/pkey: Use kfree_sensitive() to fix Coccinelle warnings Replace memzero_explicit() and kfree() with kfree_sensitive() to fix warnings reported by Coccinelle: WARNING opportunity for kfree_sensitive/kvfree_ | ||
| CVE-2024-42157 | — | < 5.14.21-150500.55.80.1 | 5.14.21-150500.55.80.1 | Jul 30, 2024 | In the Linux kernel, the following vulnerability has been resolved: s390/pkey: Wipe sensitive data on failure Wipe sensitive data from stack also if the copy_to_user() fails. | ||
| CVE-2024-42156 | — | < 5.14.21-150500.55.80.1 | 5.14.21-150500.55.80.1 | Jul 30, 2024 | In the Linux kernel, the following vulnerability has been resolved: s390/pkey: Wipe copies of clear-key structures on failure Wipe all sensitive data from stack for all IOCTLs, which convert a clear-key into a protected- or secure-key. | ||
| CVE-2024-42155 | — | < 5.14.21-150500.55.80.1 | 5.14.21-150500.55.80.1 | Jul 30, 2024 | In the Linux kernel, the following vulnerability has been resolved: s390/pkey: Wipe copies of protected- and secure-keys Although the clear-key of neither protected- nor secure-keys is accessible, this key material should only be visible to the calling process. So wipe all copi | ||
| CVE-2024-42152 | — | < 5.14.21-150500.55.80.1 | 5.14.21-150500.55.80.1 | Jul 30, 2024 | In the Linux kernel, the following vulnerability has been resolved: nvmet: fix a possible leak when destroy a ctrl during qp establishment In nvmet_sq_destroy we capture sq->ctrl early and if it is non-NULL we know that a ctrl was allocated (in the admin connect request handler | ||
| CVE-2024-42148 | — | < 5.14.21-150500.55.80.1 | 5.14.21-150500.55.80.1 | Jul 30, 2024 | In the Linux kernel, the following vulnerability has been resolved: bnx2x: Fix multiple UBSAN array-index-out-of-bounds Fix UBSAN warnings that occur when using a system with 32 physical cpu cores or more, or when the user defines a number of Ethernet queues greater than or equ | ||
| CVE-2024-42145 | — | < 5.14.21-150500.55.73.1 | 5.14.21-150500.55.73.1 | Jul 30, 2024 | In the Linux kernel, the following vulnerability has been resolved: IB/core: Implement a limit on UMAD receive List The existing behavior of ib_umad, which maintains received MAD packets in an unbounded list, poses a risk of uncontrolled growth. As user-space applications extra |
- CVE-2024-42238Aug 7, 2024affected < 5.14.21-150500.55.80.1fixed 5.14.21-150500.55.80.1
In the Linux kernel, the following vulnerability has been resolved: firmware: cs_dsp: Return error if block header overflows file Return an error from cs_dsp_power_up() if a block header is longer than the amount of data left in the file. The previous code in cs_dsp_load() and
- CVE-2024-42237Aug 7, 2024affected < 5.14.21-150500.55.80.1fixed 5.14.21-150500.55.80.1
In the Linux kernel, the following vulnerability has been resolved: firmware: cs_dsp: Validate payload length before processing block Move the payload length check in cs_dsp_load() and cs_dsp_coeff_load() to be done before the block is processed. The check that the length of a
- CVE-2024-42236Aug 7, 2024affected < 5.14.21-150500.55.80.1fixed 5.14.21-150500.55.80.1
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: configfs: Prevent OOB read/write in usb_string_copy() Userspace provided string 's' could trivially have the length zero. Left unchecked this will firstly result in an OOB read in the form `if (str
- CVE-2024-42232Aug 7, 2024affected < 5.14.21-150500.55.80.1fixed 5.14.21-150500.55.80.1
In the Linux kernel, the following vulnerability has been resolved: libceph: fix race between delayed_work() and ceph_monc_stop() The way the delayed work is handled in ceph_monc_stop() is prone to races with mon_fault() and possibly also finish_hunting(). Both of these can re
- affected < 5.14.21-150500.55.80.1fixed 5.14.21-150500.55.80.1
In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: restrict NL80211_ATTR_TXQ_QUANTUM values syzbot is able to trigger softlockups, setting NL80211_ATTR_TXQ_QUANTUM to 2^31. We had a similar issue in sch_fq, fixed with commit d9e15a273306 ("pkt_
- CVE-2024-42230Jul 30, 2024affected < 5.14.21-150500.55.73.1fixed 5.14.21-150500.55.73.1
In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries: Fix scv instruction crash with kexec kexec on pseries disables AIL (reloc_on_exc), required for scv instruction support, before other CPUs have been shut down. This means they can execute scv i
- CVE-2024-42229Jul 30, 2024affected < 5.14.21-150500.55.80.1fixed 5.14.21-150500.55.80.1
In the Linux kernel, the following vulnerability has been resolved: crypto: aead,cipher - zeroize key buffer after use I.G 9.7.B for FIPS 140-3 specifies that variables temporarily holding cryptographic information should be zeroized once they are no longer needed. Accomplish t
- CVE-2024-42228Jul 30, 2024affected < 5.14.21-150500.55.80.1fixed 5.14.21-150500.55.80.1
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc Initialize the size before calling amdgpu_vce_cs_reloc, such as case 0x03000001. V2: To really improve the handling we would actually
- CVE-2024-42225Jul 30, 2024affected < 5.14.21-150500.55.80.1fixed 5.14.21-150500.55.80.1
In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: replace skb_put with skb_put_zero Avoid potentially reusing uninitialized data
- CVE-2024-42224Jul 30, 2024affected < 5.14.21-150500.55.73.1fixed 5.14.21-150500.55.73.1
In the Linux kernel, the following vulnerability has been resolved: net: dsa: mv88e6xxx: Correct check for empty list Since commit a3c53be55c95 ("net: dsa: mv88e6xxx: Support multiple MDIO busses") mv88e6xxx_default_mdio_bus() has checked that the return value of list_first_ent
- CVE-2024-42223Jul 30, 2024affected < 5.14.21-150500.55.80.1fixed 5.14.21-150500.55.80.1
In the Linux kernel, the following vulnerability has been resolved: media: dvb-frontends: tda10048: Fix integer overflow state->xtal_hz can be up to 16M, so it can overflow a 32 bit integer when multiplied by pll_mfactor. Create a new 64 bit variable to hold the calculations.
- CVE-2024-42162Jul 30, 2024affected < 5.14.21-150500.55.80.1fixed 5.14.21-150500.55.80.1
In the Linux kernel, the following vulnerability has been resolved: gve: Account for stopped queues when reading NIC stats We now account for the fact that the NIC might send us stats for a subset of queues. Without this change, gve_get_ethtool_stats might make an invalid acces
- CVE-2024-42161Jul 30, 2024affected < 5.14.21-150500.55.73.1fixed 5.14.21-150500.55.73.1
In the Linux kernel, the following vulnerability has been resolved: bpf: Avoid uninitialized value in BPF_CORE_READ_BITFIELD [Changes from V1: - Use a default branch in the switch statement to initialize `val'.] GCC warns that `val' may be used uninitialized in the BPF_CRE_RE
- CVE-2024-42158Jul 30, 2024affected < 5.14.21-150500.55.80.1fixed 5.14.21-150500.55.80.1
In the Linux kernel, the following vulnerability has been resolved: s390/pkey: Use kfree_sensitive() to fix Coccinelle warnings Replace memzero_explicit() and kfree() with kfree_sensitive() to fix warnings reported by Coccinelle: WARNING opportunity for kfree_sensitive/kvfree_
- CVE-2024-42157Jul 30, 2024affected < 5.14.21-150500.55.80.1fixed 5.14.21-150500.55.80.1
In the Linux kernel, the following vulnerability has been resolved: s390/pkey: Wipe sensitive data on failure Wipe sensitive data from stack also if the copy_to_user() fails.
- CVE-2024-42156Jul 30, 2024affected < 5.14.21-150500.55.80.1fixed 5.14.21-150500.55.80.1
In the Linux kernel, the following vulnerability has been resolved: s390/pkey: Wipe copies of clear-key structures on failure Wipe all sensitive data from stack for all IOCTLs, which convert a clear-key into a protected- or secure-key.
- CVE-2024-42155Jul 30, 2024affected < 5.14.21-150500.55.80.1fixed 5.14.21-150500.55.80.1
In the Linux kernel, the following vulnerability has been resolved: s390/pkey: Wipe copies of protected- and secure-keys Although the clear-key of neither protected- nor secure-keys is accessible, this key material should only be visible to the calling process. So wipe all copi
- CVE-2024-42152Jul 30, 2024affected < 5.14.21-150500.55.80.1fixed 5.14.21-150500.55.80.1
In the Linux kernel, the following vulnerability has been resolved: nvmet: fix a possible leak when destroy a ctrl during qp establishment In nvmet_sq_destroy we capture sq->ctrl early and if it is non-NULL we know that a ctrl was allocated (in the admin connect request handler
- CVE-2024-42148Jul 30, 2024affected < 5.14.21-150500.55.80.1fixed 5.14.21-150500.55.80.1
In the Linux kernel, the following vulnerability has been resolved: bnx2x: Fix multiple UBSAN array-index-out-of-bounds Fix UBSAN warnings that occur when using a system with 32 physical cpu cores or more, or when the user defines a number of Ethernet queues greater than or equ
- CVE-2024-42145Jul 30, 2024affected < 5.14.21-150500.55.73.1fixed 5.14.21-150500.55.73.1
In the Linux kernel, the following vulnerability has been resolved: IB/core: Implement a limit on UMAD receive List The existing behavior of ib_umad, which maintains received MAD packets in an unbounded list, poses a risk of uncontrolled growth. As user-space applications extra
Page 9 of 95