rpm package
suse/kernel-azure&distro=SUSE Linux Enterprise Module for Public Cloud 15 SP5
pkg:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP5
Vulnerabilities (2,432)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-43853 | — | < 5.14.21-150500.33.66.1 | 5.14.21-150500.33.66.1 | Aug 17, 2024 | In the Linux kernel, the following vulnerability has been resolved: cgroup/cpuset: Prevent UAF in proc_cpuset_show() An UAF can happen when /proc/cpuset is read as reported in [1]. This can be reproduced by the following methods: 1.add an mdelay(1000) before acquiring the cgro | ||
| CVE-2024-43849 | — | < 5.14.21-150500.33.66.1 | 5.14.21-150500.33.66.1 | Aug 17, 2024 | In the Linux kernel, the following vulnerability has been resolved: soc: qcom: pdr: protect locator_addr with the main mutex If the service locator server is restarted fast enough, the PDR can rewrite locator_addr fields concurrently. Protect them by placing modification of tho | ||
| CVE-2024-43846 | — | < 5.14.21-150500.33.66.1 | 5.14.21-150500.33.66.1 | Aug 17, 2024 | In the Linux kernel, the following vulnerability has been resolved: lib: objagg: Fix general protection fault The library supports aggregation of objects into other objects only if the parent object does not have a parent itself. That is, nesting is not supported. Aggregation | ||
| CVE-2024-43842 | — | < 5.14.21-150500.33.66.1 | 5.14.21-150500.33.66.1 | Aug 17, 2024 | In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: Fix array index mistake in rtw89_sta_info_get_iter() In rtw89_sta_info_get_iter() 'status->he_gi' is compared to array size. But then 'rate->he_gi' is used as array index instead of 'status->he_gi' | ||
| CVE-2024-43841 | — | < 5.14.21-150500.33.66.1 | 5.14.21-150500.33.66.1 | Aug 17, 2024 | In the Linux kernel, the following vulnerability has been resolved: wifi: virt_wifi: avoid reporting connection success with wrong SSID When user issues a connection with a different SSID than the one virt_wifi has advertised, the __cfg80211_connect_result() will trigger the wa | ||
| CVE-2024-43839 | — | < 5.14.21-150500.33.66.1 | 5.14.21-150500.33.66.1 | Aug 17, 2024 | In the Linux kernel, the following vulnerability has been resolved: bna: adjust 'name' buf size of bna_tcb and bna_ccb structures To have enough space to write all possible sprintf() args. Currently 'name' size is 16, but the first '%s' specifier may already need at least 16 ch | ||
| CVE-2024-43837 | — | < 5.14.21-150500.33.66.1 | 5.14.21-150500.33.66.1 | Aug 17, 2024 | In the Linux kernel, the following vulnerability has been resolved: bpf: Fix null pointer dereference in resolve_prog_type() for BPF_PROG_TYPE_EXT When loading a EXT program without specifying `attr->attach_prog_fd`, the `prog->aux->dst_prog` will be null. At this time, calling | ||
| CVE-2024-43831 | — | < 5.14.21-150500.33.66.1 | 5.14.21-150500.33.66.1 | Aug 17, 2024 | In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Handle invalid decoder vsi Handle an invalid decoder vsi in vpu_dec_init to ensure the decoder vsi is valid for future use. | ||
| CVE-2024-43829 | — | < 5.14.21-150500.33.66.1 | 5.14.21-150500.33.66.1 | Aug 17, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/qxl: Add check for drm_cvt_mode Add check for the return value of drm_cvt_mode() and return the error if it fails in order to avoid NULL pointer dereference. | ||
| CVE-2024-43823 | — | < 5.14.21-150500.33.66.1 | 5.14.21-150500.33.66.1 | Aug 17, 2024 | In the Linux kernel, the following vulnerability has been resolved: PCI: keystone: Fix NULL pointer dereference in case of DT error in ks_pcie_setup_rc_app_regs() If IORESOURCE_MEM is not provided in Device Tree due to any error, resource_list_first_type() will return NULL and | ||
| CVE-2024-43821 | — | < 5.14.21-150500.33.66.1 | 5.14.21-150500.33.66.1 | Aug 17, 2024 | In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix a possible null pointer dereference In function lpfc_xcvr_data_show, the memory allocation with kmalloc might fail, thereby making rdp_context a null pointer. In the following context and functi | ||
| CVE-2024-43819 | — | < 5.14.21-150500.33.66.1 | 5.14.21-150500.33.66.1 | Aug 17, 2024 | In the Linux kernel, the following vulnerability has been resolved: kvm: s390: Reject memory region operations for ucontrol VMs This change rejects the KVM_SET_USER_MEMORY_REGION and KVM_SET_USER_MEMORY_REGION2 ioctls when called on a ucontrol VM. This is necessary since ucontr | ||
| CVE-2024-43818 | — | < 5.14.21-150500.33.66.1 | 5.14.21-150500.33.66.1 | Aug 17, 2024 | In the Linux kernel, the following vulnerability has been resolved: ASoC: amd: Adjust error handling in case of absent codec device acpi_get_first_physical_node() can return NULL in several cases (no such device, ACPI table error, reference count drop to 0, etc). Existing check | ||
| CVE-2024-43817 | — | < 5.14.21-150500.33.75.1 | 5.14.21-150500.33.75.1 | Aug 17, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: missing check virtio Two missing check in virtio_net_hdr_to_skb() allowed syzbot to crash kernels again 1. After the skb_segment function the buffer may become non-linear (nr_frags != 0), but since the SK | ||
| CVE-2024-43816 | — | < 5.14.21-150500.33.66.1 | 5.14.21-150500.33.66.1 | Aug 17, 2024 | In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Revise lpfc_prep_embed_io routine with proper endian macro usages On big endian architectures, it is possible to run into a memory out of bounds pointer dereference when FCP targets are zoned. In l | ||
| CVE-2024-42312 | Med | 5.5 | < 5.14.21-150500.33.66.1 | 5.14.21-150500.33.66.1 | Aug 17, 2024 | In the Linux kernel, the following vulnerability has been resolved: sysctl: always initialize i_uid/i_gid Always initialize i_uid/i_gid inside the sysfs core so set_ownership() can safely skip setting them. Commit 5ec27ec735ba ("fs/proc/proc_sysctl.c: fix the default values of | |
| CVE-2024-42306 | Med | 5.5 | < 5.14.21-150500.33.69.1 | 5.14.21-150500.33.69.1 | Aug 17, 2024 | In the Linux kernel, the following vulnerability has been resolved: udf: Avoid using corrupted block bitmap buffer When the filesystem block bitmap is corrupted, we detect the corruption while loading the bitmap and fail the allocation with error. However the next allocation fr | |
| CVE-2024-42305 | Med | 5.5 | < 5.14.21-150500.33.69.1 | 5.14.21-150500.33.69.1 | Aug 17, 2024 | In the Linux kernel, the following vulnerability has been resolved: ext4: check dot and dotdot of dx_root before making dir indexed Syzbot reports a issue as follows: ============================================ BUG: unable to handle page fault for address: ffffed11022e24fe PGD | |
| CVE-2024-42304 | Med | 5.5 | < 5.14.21-150500.33.69.1 | 5.14.21-150500.33.69.1 | Aug 17, 2024 | In the Linux kernel, the following vulnerability has been resolved: ext4: make sure the first directory block is not a hole The syzbot constructs a directory that has no dirblock but is non-inline, i.e. the first directory block is a hole. And no errors are reported when creati | |
| CVE-2024-42302 | Hig | 7.8 | < 5.14.21-150500.33.66.1 | 5.14.21-150500.33.66.1 | Aug 17, 2024 | In the Linux kernel, the following vulnerability has been resolved: PCI/DPC: Fix use-after-free on concurrent DPC and hot-removal Keith reports a use-after-free when a DPC event occurs concurrently to hot-removal of the same portion of the hierarchy: The dpc_handler() awaits r |
- CVE-2024-43853Aug 17, 2024affected < 5.14.21-150500.33.66.1fixed 5.14.21-150500.33.66.1
In the Linux kernel, the following vulnerability has been resolved: cgroup/cpuset: Prevent UAF in proc_cpuset_show() An UAF can happen when /proc/cpuset is read as reported in [1]. This can be reproduced by the following methods: 1.add an mdelay(1000) before acquiring the cgro
- CVE-2024-43849Aug 17, 2024affected < 5.14.21-150500.33.66.1fixed 5.14.21-150500.33.66.1
In the Linux kernel, the following vulnerability has been resolved: soc: qcom: pdr: protect locator_addr with the main mutex If the service locator server is restarted fast enough, the PDR can rewrite locator_addr fields concurrently. Protect them by placing modification of tho
- CVE-2024-43846Aug 17, 2024affected < 5.14.21-150500.33.66.1fixed 5.14.21-150500.33.66.1
In the Linux kernel, the following vulnerability has been resolved: lib: objagg: Fix general protection fault The library supports aggregation of objects into other objects only if the parent object does not have a parent itself. That is, nesting is not supported. Aggregation
- CVE-2024-43842Aug 17, 2024affected < 5.14.21-150500.33.66.1fixed 5.14.21-150500.33.66.1
In the Linux kernel, the following vulnerability has been resolved: wifi: rtw89: Fix array index mistake in rtw89_sta_info_get_iter() In rtw89_sta_info_get_iter() 'status->he_gi' is compared to array size. But then 'rate->he_gi' is used as array index instead of 'status->he_gi'
- CVE-2024-43841Aug 17, 2024affected < 5.14.21-150500.33.66.1fixed 5.14.21-150500.33.66.1
In the Linux kernel, the following vulnerability has been resolved: wifi: virt_wifi: avoid reporting connection success with wrong SSID When user issues a connection with a different SSID than the one virt_wifi has advertised, the __cfg80211_connect_result() will trigger the wa
- CVE-2024-43839Aug 17, 2024affected < 5.14.21-150500.33.66.1fixed 5.14.21-150500.33.66.1
In the Linux kernel, the following vulnerability has been resolved: bna: adjust 'name' buf size of bna_tcb and bna_ccb structures To have enough space to write all possible sprintf() args. Currently 'name' size is 16, but the first '%s' specifier may already need at least 16 ch
- CVE-2024-43837Aug 17, 2024affected < 5.14.21-150500.33.66.1fixed 5.14.21-150500.33.66.1
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix null pointer dereference in resolve_prog_type() for BPF_PROG_TYPE_EXT When loading a EXT program without specifying `attr->attach_prog_fd`, the `prog->aux->dst_prog` will be null. At this time, calling
- CVE-2024-43831Aug 17, 2024affected < 5.14.21-150500.33.66.1fixed 5.14.21-150500.33.66.1
In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Handle invalid decoder vsi Handle an invalid decoder vsi in vpu_dec_init to ensure the decoder vsi is valid for future use.
- CVE-2024-43829Aug 17, 2024affected < 5.14.21-150500.33.66.1fixed 5.14.21-150500.33.66.1
In the Linux kernel, the following vulnerability has been resolved: drm/qxl: Add check for drm_cvt_mode Add check for the return value of drm_cvt_mode() and return the error if it fails in order to avoid NULL pointer dereference.
- CVE-2024-43823Aug 17, 2024affected < 5.14.21-150500.33.66.1fixed 5.14.21-150500.33.66.1
In the Linux kernel, the following vulnerability has been resolved: PCI: keystone: Fix NULL pointer dereference in case of DT error in ks_pcie_setup_rc_app_regs() If IORESOURCE_MEM is not provided in Device Tree due to any error, resource_list_first_type() will return NULL and
- CVE-2024-43821Aug 17, 2024affected < 5.14.21-150500.33.66.1fixed 5.14.21-150500.33.66.1
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix a possible null pointer dereference In function lpfc_xcvr_data_show, the memory allocation with kmalloc might fail, thereby making rdp_context a null pointer. In the following context and functi
- CVE-2024-43819Aug 17, 2024affected < 5.14.21-150500.33.66.1fixed 5.14.21-150500.33.66.1
In the Linux kernel, the following vulnerability has been resolved: kvm: s390: Reject memory region operations for ucontrol VMs This change rejects the KVM_SET_USER_MEMORY_REGION and KVM_SET_USER_MEMORY_REGION2 ioctls when called on a ucontrol VM. This is necessary since ucontr
- CVE-2024-43818Aug 17, 2024affected < 5.14.21-150500.33.66.1fixed 5.14.21-150500.33.66.1
In the Linux kernel, the following vulnerability has been resolved: ASoC: amd: Adjust error handling in case of absent codec device acpi_get_first_physical_node() can return NULL in several cases (no such device, ACPI table error, reference count drop to 0, etc). Existing check
- CVE-2024-43817Aug 17, 2024affected < 5.14.21-150500.33.75.1fixed 5.14.21-150500.33.75.1
In the Linux kernel, the following vulnerability has been resolved: net: missing check virtio Two missing check in virtio_net_hdr_to_skb() allowed syzbot to crash kernels again 1. After the skb_segment function the buffer may become non-linear (nr_frags != 0), but since the SK
- CVE-2024-43816Aug 17, 2024affected < 5.14.21-150500.33.66.1fixed 5.14.21-150500.33.66.1
In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Revise lpfc_prep_embed_io routine with proper endian macro usages On big endian architectures, it is possible to run into a memory out of bounds pointer dereference when FCP targets are zoned. In l
- affected < 5.14.21-150500.33.66.1fixed 5.14.21-150500.33.66.1
In the Linux kernel, the following vulnerability has been resolved: sysctl: always initialize i_uid/i_gid Always initialize i_uid/i_gid inside the sysfs core so set_ownership() can safely skip setting them. Commit 5ec27ec735ba ("fs/proc/proc_sysctl.c: fix the default values of
- affected < 5.14.21-150500.33.69.1fixed 5.14.21-150500.33.69.1
In the Linux kernel, the following vulnerability has been resolved: udf: Avoid using corrupted block bitmap buffer When the filesystem block bitmap is corrupted, we detect the corruption while loading the bitmap and fail the allocation with error. However the next allocation fr
- affected < 5.14.21-150500.33.69.1fixed 5.14.21-150500.33.69.1
In the Linux kernel, the following vulnerability has been resolved: ext4: check dot and dotdot of dx_root before making dir indexed Syzbot reports a issue as follows: ============================================ BUG: unable to handle page fault for address: ffffed11022e24fe PGD
- affected < 5.14.21-150500.33.69.1fixed 5.14.21-150500.33.69.1
In the Linux kernel, the following vulnerability has been resolved: ext4: make sure the first directory block is not a hole The syzbot constructs a directory that has no dirblock but is non-inline, i.e. the first directory block is a hole. And no errors are reported when creati
- affected < 5.14.21-150500.33.66.1fixed 5.14.21-150500.33.66.1
In the Linux kernel, the following vulnerability has been resolved: PCI/DPC: Fix use-after-free on concurrent DPC and hot-removal Keith reports a use-after-free when a DPC event occurs concurrently to hot-removal of the same portion of the hierarchy: The dpc_handler() awaits r
Page 31 of 122