rpm package
suse/kernel-azure&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP5
pkg:rpm/suse/kernel-azure&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5
Vulnerabilities (1,481)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-39489 | Med | 5.5 | < 4.12.14-16.197.1 | 4.12.14-16.197.1 | Jul 10, 2024 | In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: fix memleak in seg6_hmac_init_algo seg6_hmac_init_algo returns without cleaning up the previous allocations if one fails, so it's going to leak all that memory and the crypto tfms. Update seg6_hmac_e | |
| CVE-2024-39490 | — | < 4.12.14-16.194.1 | 4.12.14-16.194.1 | Jul 10, 2024 | In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: fix missing sk_buff release in seg6_input_core The seg6_input() function is responsible for adding the SRH into a packet, delegating the operation to the seg6_input_core(). This function uses the skb_ | ||
| CVE-2024-39488 | — | < 4.12.14-16.194.1 | 4.12.14-16.194.1 | Jul 10, 2024 | In the Linux kernel, the following vulnerability has been resolved: arm64: asm-bug: Add .align 2 to the end of __BUG_ENTRY When CONFIG_DEBUG_BUGVERBOSE=n, we fail to add necessary padding bytes to bug_table entries, and as a result the last entry in a bug table will be ignored, | ||
| CVE-2024-39487 | — | < 4.12.14-16.194.1 | 4.12.14-16.194.1 | Jul 9, 2024 | In the Linux kernel, the following vulnerability has been resolved: bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() In function bond_option_arp_ip_targets_set(), if newval->string is an empty string, newval->string+1 will point to the byte after the string, | ||
| CVE-2024-39475 | — | < 4.12.14-16.194.1 | 4.12.14-16.194.1 | Jul 5, 2024 | In the Linux kernel, the following vulnerability has been resolved: fbdev: savage: Handle err return when savagefb_check_var failed The commit 04e5eac8f3ab("fbdev: savage: Error out if pixclock equals zero") checks the value of pixclock to avoid divide-by-zero error. However th | ||
| CVE-2023-52340 | — | < 4.12.14-16.173.1 | 4.12.14-16.173.1 | Jul 5, 2024 | The IPv6 implementation in the Linux kernel before 6.3 has a net/ipv6/route.c max_size threshold that can be consumed easily, e.g., leading to a denial of service (network is unreachable errors) when IPv6 packets are sent in a loop via a raw socket. | ||
| CVE-2024-39301 | — | < 4.12.14-16.194.1 | 4.12.14-16.194.1 | Jun 25, 2024 | In the Linux kernel, the following vulnerability has been resolved: net/9p: fix uninit-value in p9_client_rpc() Syzbot with the help of KMSAN reported the following error: BUG: KMSAN: uninit-value in trace_9p_client_res include/trace/events/9p.h:146 [inline] BUG: KMSAN: uninit | ||
| CVE-2024-38661 | — | < 4.12.14-16.191.1 | 4.12.14-16.191.1 | Jun 25, 2024 | In the Linux kernel, the following vulnerability has been resolved: s390/ap: Fix crash in AP internal function modify_bitmap() A system crash like this Failing address: 200000cb7df6f000 TEID: 200000cb7df6f403 Fault in home space mode while using kernel ASCE. AS:00000002d | ||
| CVE-2024-37354 | — | < 4.12.14-16.191.1 | 4.12.14-16.191.1 | Jun 25, 2024 | In the Linux kernel, the following vulnerability has been resolved: btrfs: fix crash on racing fsync and size-extending write into prealloc We have been seeing crashes on duplicate keys in btrfs_set_item_key_safe(): BTRFS critical (device vdb): slot 4 key (450 108 8192) new | ||
| CVE-2022-48772 | — | < 4.12.14-16.191.1 | 4.12.14-16.191.1 | Jun 25, 2024 | In the Linux kernel, the following vulnerability has been resolved: media: lgdt3306a: Add a check against null-pointer-def The driver should check whether the client provides the platform_data. The following log reveals it: [ 29.610324] BUG: KASAN: null-ptr-deref in kmemdup | ||
| CVE-2021-4440 | — | < 4.12.14-16.197.1 | 4.12.14-16.197.1 | Jun 25, 2024 | In the Linux kernel, the following vulnerability has been resolved: x86/xen: Drop USERGS_SYSRET64 paravirt call commit afd30525a659ac0ae0904f0cb4a2ca75522c3123 upstream. USERGS_SYSRET64 is used to return from a syscall via SYSRET, but a Xen PV guest will nevertheless use the I | ||
| CVE-2024-37021 | — | < 4.12.14-16.191.1 | 4.12.14-16.191.1 | Jun 24, 2024 | In the Linux kernel, the following vulnerability has been resolved: fpga: manager: add owner module and take its refcount The current implementation of the fpga manager assumes that the low-level module registers a driver for the parent device and uses its owner pointer to take | ||
| CVE-2024-36479 | — | < 4.12.14-16.191.1 | 4.12.14-16.191.1 | Jun 24, 2024 | In the Linux kernel, the following vulnerability has been resolved: fpga: bridge: add owner module and take its refcount The current implementation of the fpga bridge assumes that the low-level module registers a driver for the parent device and uses its owner pointer to take t | ||
| CVE-2024-35247 | — | < 4.12.14-16.191.1 | 4.12.14-16.191.1 | Jun 24, 2024 | In the Linux kernel, the following vulnerability has been resolved: fpga: region: add owner module and take its refcount The current implementation of the fpga region assumes that the low-level module registers a driver for the parent device and uses its owner pointer to take t | ||
| CVE-2024-38780 | Med | 5.5 | < 4.12.14-16.191.1 | 4.12.14-16.191.1 | Jun 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: dma-buf/sw-sync: don't enable IRQ from sync_print_obj() Since commit a6aa8fca4d79 ("dma-buf/sw-sync: Reduce irqsave/irqrestore from known context") by error replaced spin_unlock_irqrestore() with spin_unlock_ir | |
| CVE-2024-38662 | Med | 4.7 | < 4.12.14-16.197.1 | 4.12.14-16.197.1 | Jun 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: bpf: Allow delete from sockmap/sockhash only if update is allowed We have seen an influx of syzkaller reports where a BPF program attached to a tracepoint triggers a locking rule violation by performing a map_d | |
| CVE-2024-36288 | Med | 5.5 | < 4.12.14-16.194.1 | 4.12.14-16.194.1 | Jun 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix loop termination condition in gss_free_in_token_pages() The in_token->pages[] array is not NULL terminated. This results in the following KASAN splat: KASAN: maybe wild-memory-access in range [0x | |
| CVE-2024-38659 | Hig | 7.1 | < 4.12.14-16.191.1 | 4.12.14-16.191.1 | Jun 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: enic: Validate length of nl attributes in enic_set_vf_port enic_set_vf_port assumes that the nl attribute IFLA_PORT_PROFILE is of length PORT_PROFILE_MAX and that the nl attributes IFLA_PORT_INSTANCE_UUID, IFLA | |
| CVE-2024-38381 | Hig | 7.1 | < 4.12.14-16.200.1 | 4.12.14-16.200.1 | Jun 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: nfc: nci: Fix uninit-value in nci_rx_work syzbot reported the following uninit-value access issue [1] nci_rx_work() parses received packet from ndev->rx_q. It should be validated header size, payload size and | |
| CVE-2024-36286 | Med | 5.5 | < 4.12.14-16.197.1 | 4.12.14-16.197.1 | Jun 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu() syzbot reported that nf_reinject() could be called without rcu_read_lock() : WARNING: suspicious RCU usage 6.9.0-rc7-syzkaller-0206 |
- affected < 4.12.14-16.197.1fixed 4.12.14-16.197.1
In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: fix memleak in seg6_hmac_init_algo seg6_hmac_init_algo returns without cleaning up the previous allocations if one fails, so it's going to leak all that memory and the crypto tfms. Update seg6_hmac_e
- CVE-2024-39490Jul 10, 2024affected < 4.12.14-16.194.1fixed 4.12.14-16.194.1
In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: fix missing sk_buff release in seg6_input_core The seg6_input() function is responsible for adding the SRH into a packet, delegating the operation to the seg6_input_core(). This function uses the skb_
- CVE-2024-39488Jul 10, 2024affected < 4.12.14-16.194.1fixed 4.12.14-16.194.1
In the Linux kernel, the following vulnerability has been resolved: arm64: asm-bug: Add .align 2 to the end of __BUG_ENTRY When CONFIG_DEBUG_BUGVERBOSE=n, we fail to add necessary padding bytes to bug_table entries, and as a result the last entry in a bug table will be ignored,
- CVE-2024-39487Jul 9, 2024affected < 4.12.14-16.194.1fixed 4.12.14-16.194.1
In the Linux kernel, the following vulnerability has been resolved: bonding: Fix out-of-bounds read in bond_option_arp_ip_targets_set() In function bond_option_arp_ip_targets_set(), if newval->string is an empty string, newval->string+1 will point to the byte after the string,
- CVE-2024-39475Jul 5, 2024affected < 4.12.14-16.194.1fixed 4.12.14-16.194.1
In the Linux kernel, the following vulnerability has been resolved: fbdev: savage: Handle err return when savagefb_check_var failed The commit 04e5eac8f3ab("fbdev: savage: Error out if pixclock equals zero") checks the value of pixclock to avoid divide-by-zero error. However th
- CVE-2023-52340Jul 5, 2024affected < 4.12.14-16.173.1fixed 4.12.14-16.173.1
The IPv6 implementation in the Linux kernel before 6.3 has a net/ipv6/route.c max_size threshold that can be consumed easily, e.g., leading to a denial of service (network is unreachable errors) when IPv6 packets are sent in a loop via a raw socket.
- CVE-2024-39301Jun 25, 2024affected < 4.12.14-16.194.1fixed 4.12.14-16.194.1
In the Linux kernel, the following vulnerability has been resolved: net/9p: fix uninit-value in p9_client_rpc() Syzbot with the help of KMSAN reported the following error: BUG: KMSAN: uninit-value in trace_9p_client_res include/trace/events/9p.h:146 [inline] BUG: KMSAN: uninit
- CVE-2024-38661Jun 25, 2024affected < 4.12.14-16.191.1fixed 4.12.14-16.191.1
In the Linux kernel, the following vulnerability has been resolved: s390/ap: Fix crash in AP internal function modify_bitmap() A system crash like this Failing address: 200000cb7df6f000 TEID: 200000cb7df6f403 Fault in home space mode while using kernel ASCE. AS:00000002d
- CVE-2024-37354Jun 25, 2024affected < 4.12.14-16.191.1fixed 4.12.14-16.191.1
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix crash on racing fsync and size-extending write into prealloc We have been seeing crashes on duplicate keys in btrfs_set_item_key_safe(): BTRFS critical (device vdb): slot 4 key (450 108 8192) new
- CVE-2022-48772Jun 25, 2024affected < 4.12.14-16.191.1fixed 4.12.14-16.191.1
In the Linux kernel, the following vulnerability has been resolved: media: lgdt3306a: Add a check against null-pointer-def The driver should check whether the client provides the platform_data. The following log reveals it: [ 29.610324] BUG: KASAN: null-ptr-deref in kmemdup
- CVE-2021-4440Jun 25, 2024affected < 4.12.14-16.197.1fixed 4.12.14-16.197.1
In the Linux kernel, the following vulnerability has been resolved: x86/xen: Drop USERGS_SYSRET64 paravirt call commit afd30525a659ac0ae0904f0cb4a2ca75522c3123 upstream. USERGS_SYSRET64 is used to return from a syscall via SYSRET, but a Xen PV guest will nevertheless use the I
- CVE-2024-37021Jun 24, 2024affected < 4.12.14-16.191.1fixed 4.12.14-16.191.1
In the Linux kernel, the following vulnerability has been resolved: fpga: manager: add owner module and take its refcount The current implementation of the fpga manager assumes that the low-level module registers a driver for the parent device and uses its owner pointer to take
- CVE-2024-36479Jun 24, 2024affected < 4.12.14-16.191.1fixed 4.12.14-16.191.1
In the Linux kernel, the following vulnerability has been resolved: fpga: bridge: add owner module and take its refcount The current implementation of the fpga bridge assumes that the low-level module registers a driver for the parent device and uses its owner pointer to take t
- CVE-2024-35247Jun 24, 2024affected < 4.12.14-16.191.1fixed 4.12.14-16.191.1
In the Linux kernel, the following vulnerability has been resolved: fpga: region: add owner module and take its refcount The current implementation of the fpga region assumes that the low-level module registers a driver for the parent device and uses its owner pointer to take t
- affected < 4.12.14-16.191.1fixed 4.12.14-16.191.1
In the Linux kernel, the following vulnerability has been resolved: dma-buf/sw-sync: don't enable IRQ from sync_print_obj() Since commit a6aa8fca4d79 ("dma-buf/sw-sync: Reduce irqsave/irqrestore from known context") by error replaced spin_unlock_irqrestore() with spin_unlock_ir
- affected < 4.12.14-16.197.1fixed 4.12.14-16.197.1
In the Linux kernel, the following vulnerability has been resolved: bpf: Allow delete from sockmap/sockhash only if update is allowed We have seen an influx of syzkaller reports where a BPF program attached to a tracepoint triggers a locking rule violation by performing a map_d
- affected < 4.12.14-16.194.1fixed 4.12.14-16.194.1
In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix loop termination condition in gss_free_in_token_pages() The in_token->pages[] array is not NULL terminated. This results in the following KASAN splat: KASAN: maybe wild-memory-access in range [0x
- affected < 4.12.14-16.191.1fixed 4.12.14-16.191.1
In the Linux kernel, the following vulnerability has been resolved: enic: Validate length of nl attributes in enic_set_vf_port enic_set_vf_port assumes that the nl attribute IFLA_PORT_PROFILE is of length PORT_PROFILE_MAX and that the nl attributes IFLA_PORT_INSTANCE_UUID, IFLA
- affected < 4.12.14-16.200.1fixed 4.12.14-16.200.1
In the Linux kernel, the following vulnerability has been resolved: nfc: nci: Fix uninit-value in nci_rx_work syzbot reported the following uninit-value access issue [1] nci_rx_work() parses received packet from ndev->rx_q. It should be validated header size, payload size and
- affected < 4.12.14-16.197.1fixed 4.12.14-16.197.1
In the Linux kernel, the following vulnerability has been resolved: netfilter: nfnetlink_queue: acquire rcu_read_lock() in instance_destroy_rcu() syzbot reported that nf_reinject() could be called without rcu_read_lock() : WARNING: suspicious RCU usage 6.9.0-rc7-syzkaller-0206
Page 12 of 75