VYPR

rpm package

suse/kernel-azure&distro=SUSE Linux Enterprise Module for Public Cloud 15 SP5

pkg:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP5

Vulnerabilities (2,432)

  • CVE-2024-39469Jun 25, 2024
    affected < 5.14.21-150500.33.60.1fixed 5.14.21-150500.33.60.1

    In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix nilfs_empty_dir() misjudgment and long loop on I/O errors The error handling in nilfs_empty_dir() when a directory folio/page read fails is incorrect, as in the old ext2 implementation, and if the f

  • CVE-2024-39463Jun 25, 2024
    affected < 5.14.21-150500.33.63.1fixed 5.14.21-150500.33.63.1

    In the Linux kernel, the following vulnerability has been resolved: 9p: add missing locking around taking dentry fid list Fix a use-after-free on dentry's d_fsdata fid list when a thread looks up a fid through dentry while another thread unlinks it: UAF thread: refcount_t: add

  • CVE-2024-39371Jun 25, 2024
    affected < 5.14.21-150500.33.63.1fixed 5.14.21-150500.33.63.1

    In the Linux kernel, the following vulnerability has been resolved: io_uring: check for non-NULL file pointer in io_file_can_poll() In earlier kernels, it was possible to trigger a NULL pointer dereference off the forced async preparation path, if no file had been assigned. The

  • CVE-2024-39301Jun 25, 2024
    affected < 5.14.21-150500.33.60.1fixed 5.14.21-150500.33.60.1

    In the Linux kernel, the following vulnerability has been resolved: net/9p: fix uninit-value in p9_client_rpc() Syzbot with the help of KMSAN reported the following error: BUG: KMSAN: uninit-value in trace_9p_client_res include/trace/events/9p.h:146 [inline] BUG: KMSAN: uninit

  • CVE-2024-39276Jun 25, 2024
    affected < 5.14.21-150500.33.63.1fixed 5.14.21-150500.33.63.1

    In the Linux kernel, the following vulnerability has been resolved: ext4: fix mb_cache_entry's e_refcnt leak in ext4_xattr_block_cache_find() Syzbot reports a warning as follows: ============================================ WARNING: CPU: 0 PID: 5075 at fs/mbcache.c:419 mb_cach

  • CVE-2024-38661Jun 25, 2024
    affected < 5.14.21-150500.33.60.1fixed 5.14.21-150500.33.60.1

    In the Linux kernel, the following vulnerability has been resolved: s390/ap: Fix crash in AP internal function modify_bitmap() A system crash like this Failing address: 200000cb7df6f000 TEID: 200000cb7df6f403 Fault in home space mode while using kernel ASCE. AS:00000002d

  • CVE-2024-37354Jun 25, 2024
    affected < 5.14.21-150500.33.60.1fixed 5.14.21-150500.33.60.1

    In the Linux kernel, the following vulnerability has been resolved: btrfs: fix crash on racing fsync and size-extending write into prealloc We have been seeing crashes on duplicate keys in btrfs_set_item_key_safe(): BTRFS critical (device vdb): slot 4 key (450 108 8192) new

  • CVE-2024-37078Jun 25, 2024
    affected < 5.14.21-150500.33.60.1fixed 5.14.21-150500.33.60.1

    In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential kernel bug due to lack of writeback flag waiting Destructive writes to a block device on which nilfs2 is mounted can cause a kernel bug in the folio/page writeback start routine or writeba

  • CVE-2022-48772Jun 25, 2024
    affected < 5.14.21-150500.33.60.1fixed 5.14.21-150500.33.60.1

    In the Linux kernel, the following vulnerability has been resolved: media: lgdt3306a: Add a check against null-pointer-def The driver should check whether the client provides the platform_data. The following log reveals it: [ 29.610324] BUG: KASAN: null-ptr-deref in kmemdup

  • CVE-2024-37021Jun 24, 2024
    affected < 5.14.21-150500.33.60.1fixed 5.14.21-150500.33.60.1

    In the Linux kernel, the following vulnerability has been resolved: fpga: manager: add owner module and take its refcount The current implementation of the fpga manager assumes that the low-level module registers a driver for the parent device and uses its owner pointer to take

  • CVE-2024-36479Jun 24, 2024
    affected < 5.14.21-150500.33.60.1fixed 5.14.21-150500.33.60.1

    In the Linux kernel, the following vulnerability has been resolved: fpga: bridge: add owner module and take its refcount The current implementation of the fpga bridge assumes that the low-level module registers a driver for the parent device and uses its owner pointer to take t

  • CVE-2024-35247Jun 24, 2024
    affected < 5.14.21-150500.33.60.1fixed 5.14.21-150500.33.60.1

    In the Linux kernel, the following vulnerability has been resolved: fpga: region: add owner module and take its refcount The current implementation of the fpga region assumes that the low-level module registers a driver for the parent device and uses its owner pointer to take t

  • CVE-2024-38780MedJun 21, 2024
    affected < 5.14.21-150500.33.60.1fixed 5.14.21-150500.33.60.1

    In the Linux kernel, the following vulnerability has been resolved: dma-buf/sw-sync: don't enable IRQ from sync_print_obj() Since commit a6aa8fca4d79 ("dma-buf/sw-sync: Reduce irqsave/irqrestore from known context") by error replaced spin_unlock_irqrestore() with spin_unlock_ir

  • CVE-2024-38662MedJun 21, 2024
    affected < 5.14.21-150500.33.66.1fixed 5.14.21-150500.33.66.1

    In the Linux kernel, the following vulnerability has been resolved: bpf: Allow delete from sockmap/sockhash only if update is allowed We have seen an influx of syzkaller reports where a BPF program attached to a tracepoint triggers a locking rule violation by performing a map_d

  • CVE-2024-36288MedJun 21, 2024
    affected < 5.14.21-150500.33.63.1fixed 5.14.21-150500.33.63.1

    In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix loop termination condition in gss_free_in_token_pages() The in_token->pages[] array is not NULL terminated. This results in the following KASAN splat: KASAN: maybe wild-memory-access in range [0x

  • CVE-2024-36477Jun 21, 2024
    affected < 5.14.21-150500.33.60.1fixed 5.14.21-150500.33.60.1

    In the Linux kernel, the following vulnerability has been resolved: tpm_tis_spi: Account for SPI header when allocating TPM SPI xfer buffer The TPM SPI transfer mechanism uses MAX_SPI_FRAMESIZE for computing the maximum transfer length and the size of the transfer buffer. As su

  • CVE-2024-38659HigJun 21, 2024
    affected < 5.14.21-150500.33.60.1fixed 5.14.21-150500.33.60.1

    In the Linux kernel, the following vulnerability has been resolved: enic: Validate length of nl attributes in enic_set_vf_port enic_set_vf_port assumes that the nl attribute IFLA_PORT_PROFILE is of length PORT_PROFILE_MAX and that the nl attributes IFLA_PORT_INSTANCE_UUID, IFLA

  • CVE-2024-38635HigJun 21, 2024
    affected < 5.14.21-150500.33.60.1fixed 5.14.21-150500.33.60.1

    In the Linux kernel, the following vulnerability has been resolved: soundwire: cadence: fix invalid PDI offset For some reason, we add an offset to the PDI, presumably to skip the PDI0 and PDI1 which are reserved for BPT. This code is however completely wrong and leads to an o

  • CVE-2024-38381HigJun 21, 2024
    affected < 5.14.21-150500.33.60.1fixed 5.14.21-150500.33.60.1

    In the Linux kernel, the following vulnerability has been resolved: nfc: nci: Fix uninit-value in nci_rx_work syzbot reported the following uninit-value access issue [1] nci_rx_work() parses received packet from ndev->rx_q. It should be validated header size, payload size and

  • CVE-2024-36489MedJun 21, 2024
    affected < 5.14.21-150500.33.66.1fixed 5.14.21-150500.33.66.1

    In the Linux kernel, the following vulnerability has been resolved: tls: fix missing memory barrier in tls_init In tls_init(), a write memory barrier is missing, and store-store reordering may cause NULL dereference in tls_{setsockopt,getsockopt}. CPU0

Page 48 of 122