VYPR

rpm package

suse/kernel-azure&distro=SUSE Linux Enterprise Server 12 SP5

pkg:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5

Vulnerabilities (1,481)

  • CVE-2024-35984MedMay 20, 2024
    affected < 4.12.14-16.188.1fixed 4.12.14-16.188.1

    In the Linux kernel, the following vulnerability has been resolved: i2c: smbus: fix NULL function pointer dereference Baruch reported an OOPS when using the designware controller as target only. Target-only modes break the assumption of one transfer function always being availa

  • CVE-2024-35982MedMay 20, 2024
    affected < 4.12.14-16.188.1fixed 4.12.14-16.188.1

    In the Linux kernel, the following vulnerability has been resolved: batman-adv: Avoid infinite loop trying to resize local TT If the MTU of one of an attached interface becomes too small to transmit the local translation table then it must be resized to fit inside all fragments

  • CVE-2024-35979HigMay 20, 2024
    affected < 4.12.14-16.191.1fixed 4.12.14-16.191.1

    In the Linux kernel, the following vulnerability has been resolved: raid1: fix use-after-free for original bio in raid1_write_request() r1_bio->bios[] is used to record new bios that will be issued to underlying disks, however, in raid1_write_request(), r1_bio->bios[] will set

  • CVE-2024-35978MedMay 20, 2024
    affected < 4.12.14-16.194.1fixed 4.12.14-16.194.1

    In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix memory leak in hci_req_sync_complete() In 'hci_req_sync_complete()', always free the previous sync request state before assigning reference to a new one.

  • CVE-2024-35976MedMay 20, 2024
    affected < 4.12.14-16.191.1fixed 4.12.14-16.191.1

    In the Linux kernel, the following vulnerability has been resolved: xsk: validate user input for XDP_{UMEM|COMPLETION}_FILL_RING syzbot reported an illegal copy in xsk_setsockopt() [1] Make sure to validate setsockopt() @optlen parameter. [1] BUG: KASAN: slab-out-of-bounds

  • CVE-2024-35969MedMay 20, 2024
    affected < 4.12.14-16.188.1fixed 4.12.14-16.188.1

    In the Linux kernel, the following vulnerability has been resolved: ipv6: fix race condition between ipv6_get_ifaddr and ipv6_del_addr Although ipv6_get_ifaddr walks inet6_addr_lst under the RCU lock, it still means hlist_for_each_entry_rcu can return an item that got removed f

  • CVE-2024-35967HigMay 20, 2024
    affected < 4.12.14-16.194.1fixed 4.12.14-16.194.1

    In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SCO: Fix not validating setsockopt user input syzbot reported sco_sock_setsockopt() is copying data without checking user input length. BUG: KASAN: slab-out-of-bounds in copy_from_sockptr_offset inc

  • CVE-2024-35966HigMay 20, 2024
    affected < 4.12.14-16.194.1fixed 4.12.14-16.194.1

    In the Linux kernel, the following vulnerability has been resolved: Bluetooth: RFCOMM: Fix not validating setsockopt user input syzbot reported rfcomm_sock_setsockopt_old() is copying data without checking user input length. BUG: KASAN: slab-out-of-bounds in copy_from_sockptr_

  • CVE-2024-35965HigMay 20, 2024
    affected < 4.12.14-16.197.1fixed 4.12.14-16.197.1

    In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix not validating setsockopt user input Check user input length before copying data.

  • CVE-2024-35962MedMay 20, 2024
    affected < 4.12.14-16.191.1fixed 4.12.14-16.191.1

    In the Linux kernel, the following vulnerability has been resolved: netfilter: complete validation of user input In my recent commit, I missed that do_replace() handlers use copy_from_sockptr() (which I fixed), followed by unsafe copy_from_sockptr_offset() calls. In all functi

  • CVE-2024-35960CriMay 20, 2024
    affected < 4.12.14-16.191.1fixed 4.12.14-16.191.1

    In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Properly link new fs rules into the tree Previously, add_rule_fg would only add newly created rules from the handle into the tree when they had a refcount of 1. On the other hand, create_flow_handle t

  • CVE-2024-35958MedMay 20, 2024
    affected < 4.12.14-16.191.1fixed 4.12.14-16.191.1

    In the Linux kernel, the following vulnerability has been resolved: net: ena: Fix incorrect descriptor free behavior ENA has two types of TX queues: - queues which only process TX packets arriving from the network stack - queues which only process TX packets forwarded to it by

  • CVE-2024-35956MedMay 20, 2024
    affected < 4.12.14-16.191.1fixed 4.12.14-16.191.1

    In the Linux kernel, the following vulnerability has been resolved: btrfs: qgroup: fix qgroup prealloc rsv leak in subvolume operations Create subvolume, create snapshot and delete subvolume all use btrfs_subvolume_reserve_metadata() to reserve metadata for the changes done to

  • CVE-2024-35955HigMay 20, 2024
    affected < 4.12.14-16.188.1fixed 4.12.14-16.188.1

    In the Linux kernel, the following vulnerability has been resolved: kprobes: Fix possible use-after-free issue on kprobe registration When unloading a module, its state is changing MODULE_STATE_LIVE -> MODULE_STATE_GOING -> MODULE_STATE_UNFORMED. Each change will take a time.

  • CVE-2024-35950MedMay 20, 2024
    affected < 4.12.14-16.191.1fixed 4.12.14-16.191.1

    In the Linux kernel, the following vulnerability has been resolved: drm/client: Fully protect modes[] with dev->mode_config.mutex The modes[] array contains pointers to modes on the connectors' mode lists, which are protected by dev->mode_config.mutex. Thus we need to extend mo

  • CVE-2024-35949HigMay 20, 2024
    affected < 4.12.14-16.194.1fixed 4.12.14-16.194.1

    In the Linux kernel, the following vulnerability has been resolved: btrfs: make sure that WRITTEN is set on all metadata blocks We previously would call btrfs_check_leaf() if we had the check integrity code enabled, which meant that we could only run the extended leaf checks if

  • CVE-2024-35947MedMay 19, 2024
    affected < 4.12.14-16.194.1fixed 4.12.14-16.194.1

    In the Linux kernel, the following vulnerability has been resolved: dyndbg: fix old BUG_ON in >control parser Fix a BUG_ON from 2009. Even if it looks "unreachable" (I didn't really look), lets make sure by removing it, doing pr_err and return -EINVAL instead.

  • CVE-2024-35944MedMay 19, 2024
    affected < 4.12.14-16.188.1fixed 4.12.14-16.188.1

    In the Linux kernel, the following vulnerability has been resolved: VMCI: Fix memcpy() run-time warning in dg_dispatch_as_host() Syzkaller hit 'WARNING in dg_dispatch_as_host' bug. memcpy: detected field-spanning write (size 56) of single field "&dg_info->msg" at drivers/misc/

  • CVE-2024-35936MedMay 19, 2024
    affected < 4.12.14-16.188.1fixed 4.12.14-16.188.1

    In the Linux kernel, the following vulnerability has been resolved: btrfs: handle chunk tree lookup error in btrfs_relocate_sys_chunks() The unhandled case in btrfs_relocate_sys_chunks() loop is a corruption, as it could be caused only by two impossible conditions: - at first

  • CVE-2024-35935LowMay 19, 2024
    affected < 4.12.14-16.188.1fixed 4.12.14-16.188.1

    In the Linux kernel, the following vulnerability has been resolved: btrfs: send: handle path ref underflow in header iterate_inode_ref() Change BUG_ON to proper error handling if building the path buffer fails. The pointers are not printed so we don't accidentally leak kernel a

Page 26 of 75