rpm package
suse/kernel-coco&distro=SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6
pkg:rpm/suse/kernel-coco&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Confidential%20Computing%20Technical%20Preview%2015%20SP6
Vulnerabilities (2,052)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-50006 | Med | 4.7 | < 6.4.0-15061.9.coco15sp6.1 | 6.4.0-15061.9.coco15sp6.1 | Oct 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: ext4: fix i_data_sem unlock order in ext4_ind_migrate() Fuzzing reports a possible deadlock in jbd2_log_wait_commit. This issue is triggered when an EXT4_IOC_MIGRATE ioctl is set to require synchronous updates | |
| CVE-2024-50017 | — | < 6.4.0-15061.9.coco15sp6.1 | 6.4.0-15061.9.coco15sp6.1 | Oct 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: x86/mm/ident_map: Use gbpages only where full GB page should be mapped. When ident_pud_init() uses only GB pages to create identity maps, large ranges of addresses not actually requested can be included in the | ||
| CVE-2024-50014 | — | < 6.4.0-15061.9.coco15sp6.1 | 6.4.0-15061.9.coco15sp6.1 | Oct 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: ext4: fix access to uninitialised lock in fc replay path The following kernel trace can be triggered with fstest generic/629 when executed against a filesystem with fast-commit feature enabled: INFO: trying to | ||
| CVE-2024-50013 | — | < 6.4.0-15061.9.coco15sp6.1 | 6.4.0-15061.9.coco15sp6.1 | Oct 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: exfat: fix memory leak in exfat_load_bitmap() If the first directory entry in the root directory is not a bitmap directory entry, 'bh' will not be released and reassigned, which will cause a memory leak. | ||
| CVE-2024-50009 | — | < 6.4.0-15061.9.coco15sp6.1 | 6.4.0-15061.9.coco15sp6.1 | Oct 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: cpufreq: amd-pstate: add check for cpufreq_cpu_get's return value cpufreq_cpu_get may return NULL. To avoid NULL-dereference check it and return in case of error. Found by Linux Verification Center (linuxtesti | ||
| CVE-2024-50004 | — | < 6.4.0-15061.9.coco15sp6.1 | 6.4.0-15061.9.coco15sp6.1 | Oct 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: update DML2 policy EnhancedPrefetchScheduleAccelerationFinal DCN35 [WHY & HOW] Mismatch in DCN35 DML2 cause bw validation failed to acquire unexpected DPP pipe to cause grey screen and system h | ||
| CVE-2024-50003 | — | < 6.4.0-15061.9.coco15sp6.1 | 6.4.0-15061.9.coco15sp6.1 | Oct 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix system hang while resume with TBT monitor [Why] Connected with a Thunderbolt monitor and do the suspend and the system may hang while resume. The TBT monitor HPD will be triggered during t | ||
| CVE-2024-50001 | Med | 5.5 | < 6.4.0-15061.9.coco15sp6.1 | 6.4.0-15061.9.coco15sp6.1 | Oct 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix error path in multi-packet WQE transmit Remove the erroneous unmap in case no DMA mapping was established The multi-packet WQE transmit code attempts to obtain a DMA mapping for the skb. This cou | |
| CVE-2024-49996 | Hig | 7.8 | < 6.4.0-15061.9.coco15sp6.1 | 6.4.0-15061.9.coco15sp6.1 | Oct 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: cifs: Fix buffer overflow when parsing NFS reparse points ReparseDataLength is sum of the InodeType size and DataBuffer size. So to get DataBuffer size it is needed to subtract InodeType's size from ReparseData | |
| CVE-2024-49991 | Hig | 7.8 | < 6.4.0-15061.9.coco15sp6.1 | 6.4.0-15061.9.coco15sp6.1 | Oct 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: amdkfd_free_gtt_mem clear the correct pointer Pass pointer reference to amdgpu_bo_unref to clear the correct pointer, otherwise amdgpu_bo_unref clear the local variable, the original pointer not set | |
| CVE-2024-49989 | Hig | 7.8 | < 6.4.0-15061.9.coco15sp6.1 | 6.4.0-15061.9.coco15sp6.1 | Oct 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix double free issue during amdgpu module unload Flexible endpoints use DIGs from available inflexible endpoints, so only the encoders of inflexible links need to be freed. Otherwise, a double | |
| CVE-2024-49986 | Hig | 7.8 | < 6.4.0-15061.9.coco15sp6.1 | 6.4.0-15061.9.coco15sp6.1 | Oct 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: platform/x86: x86-android-tablets: Fix use after free on platform_device_register() errors x86_android_tablet_remove() frees the pdevs[] array, so it should not be used after calling x86_android_tablet_remove() | |
| CVE-2024-49973 | Med | 5.5 | < 6.4.0-15061.9.coco15sp6.1 | 6.4.0-15061.9.coco15sp6.1 | Oct 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: r8169: add tally counter fields added with RTL8125 RTL8125 added fields to the tally counter, what may result in the chip dma'ing these new fields to unallocated memory. Therefore make sure that the allocated m | |
| CVE-2024-49966 | Hig | 7.8 | < 6.4.0-15061.9.coco15sp6.1 | 6.4.0-15061.9.coco15sp6.1 | Oct 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: ocfs2: cancel dqi_sync_work before freeing oinfo ocfs2_global_read_info() will initialize and schedule dqi_sync_work at the end, if error occurs after successfully reading global quota, it will trigger the foll | |
| CVE-2024-49960 | Hig | 7.8 | < 6.4.0-15061.9.coco15sp6.1 | 6.4.0-15061.9.coco15sp6.1 | Oct 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: ext4: fix timer use-after-free on failed mount Syzbot has found an ODEBUG bug in ext4_fill_super The del_timer_sync function cancels the s_err_report timer, which reminds about filesystem errors daily. We shou | |
| CVE-2024-49955 | Med | 5.5 | < 6.4.0-15061.9.coco15sp6.1 | 6.4.0-15061.9.coco15sp6.1 | Oct 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: ACPI: battery: Fix possible crash when unregistering a battery hook When a battery hook returns an error when adding a new battery, then the battery hook is automatically unregistered. However the battery hook | |
| CVE-2024-49952 | Med | 5.5 | < 6.4.0-15061.12.coco15sp6.1 | 6.4.0-15061.12.coco15sp6.1 | Oct 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: prevent nf_skb_duplicated corruption syzbot found that nf_dup_ipv4() or nf_dup_ipv6() could write per-cpu variable nf_skb_duplicated in an unsafe way [1]. Disabling preemption as hinted b | |
| CVE-2024-49950 | Hig | 7.8 | < 6.4.0-15061.9.coco15sp6.1 | 6.4.0-15061.9.coco15sp6.1 | Oct 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix uaf in l2cap_connect [Syzbot reported] BUG: KASAN: slab-use-after-free in l2cap_connect.constprop.0+0x10d8/0x1270 net/bluetooth/l2cap_core.c:3949 Read of size 8 at addr ffff8880241e9800 by | |
| CVE-2024-49949 | Med | 5.5 | < 6.4.0-15061.9.coco15sp6.1 | 6.4.0-15061.9.coco15sp6.1 | Oct 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: avoid potential underflow in qdisc_pkt_len_init() with UFO After commit 7c6d2ecbda83 ("net: be more gentle about silly gso requests coming from user") virtio_net_hdr_to_skb() had sanity check to detect mal | |
| CVE-2024-49948 | Med | 5.5 | < 6.4.0-15061.15.coco15sp6.1 | 6.4.0-15061.15.coco15sp6.1 | Oct 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: add more sanity checks to qdisc_pkt_len_init() One path takes care of SKB_GSO_DODGY, assuming skb->len is bigger than hdr_len. virtio_net_hdr_to_skb() does not fully dissect TCP headers, it only make sure |
- affected < 6.4.0-15061.9.coco15sp6.1fixed 6.4.0-15061.9.coco15sp6.1
In the Linux kernel, the following vulnerability has been resolved: ext4: fix i_data_sem unlock order in ext4_ind_migrate() Fuzzing reports a possible deadlock in jbd2_log_wait_commit. This issue is triggered when an EXT4_IOC_MIGRATE ioctl is set to require synchronous updates
- CVE-2024-50017Oct 21, 2024affected < 6.4.0-15061.9.coco15sp6.1fixed 6.4.0-15061.9.coco15sp6.1
In the Linux kernel, the following vulnerability has been resolved: x86/mm/ident_map: Use gbpages only where full GB page should be mapped. When ident_pud_init() uses only GB pages to create identity maps, large ranges of addresses not actually requested can be included in the
- CVE-2024-50014Oct 21, 2024affected < 6.4.0-15061.9.coco15sp6.1fixed 6.4.0-15061.9.coco15sp6.1
In the Linux kernel, the following vulnerability has been resolved: ext4: fix access to uninitialised lock in fc replay path The following kernel trace can be triggered with fstest generic/629 when executed against a filesystem with fast-commit feature enabled: INFO: trying to
- CVE-2024-50013Oct 21, 2024affected < 6.4.0-15061.9.coco15sp6.1fixed 6.4.0-15061.9.coco15sp6.1
In the Linux kernel, the following vulnerability has been resolved: exfat: fix memory leak in exfat_load_bitmap() If the first directory entry in the root directory is not a bitmap directory entry, 'bh' will not be released and reassigned, which will cause a memory leak.
- CVE-2024-50009Oct 21, 2024affected < 6.4.0-15061.9.coco15sp6.1fixed 6.4.0-15061.9.coco15sp6.1
In the Linux kernel, the following vulnerability has been resolved: cpufreq: amd-pstate: add check for cpufreq_cpu_get's return value cpufreq_cpu_get may return NULL. To avoid NULL-dereference check it and return in case of error. Found by Linux Verification Center (linuxtesti
- CVE-2024-50004Oct 21, 2024affected < 6.4.0-15061.9.coco15sp6.1fixed 6.4.0-15061.9.coco15sp6.1
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: update DML2 policy EnhancedPrefetchScheduleAccelerationFinal DCN35 [WHY & HOW] Mismatch in DCN35 DML2 cause bw validation failed to acquire unexpected DPP pipe to cause grey screen and system h
- CVE-2024-50003Oct 21, 2024affected < 6.4.0-15061.9.coco15sp6.1fixed 6.4.0-15061.9.coco15sp6.1
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix system hang while resume with TBT monitor [Why] Connected with a Thunderbolt monitor and do the suspend and the system may hang while resume. The TBT monitor HPD will be triggered during t
- affected < 6.4.0-15061.9.coco15sp6.1fixed 6.4.0-15061.9.coco15sp6.1
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix error path in multi-packet WQE transmit Remove the erroneous unmap in case no DMA mapping was established The multi-packet WQE transmit code attempts to obtain a DMA mapping for the skb. This cou
- affected < 6.4.0-15061.9.coco15sp6.1fixed 6.4.0-15061.9.coco15sp6.1
In the Linux kernel, the following vulnerability has been resolved: cifs: Fix buffer overflow when parsing NFS reparse points ReparseDataLength is sum of the InodeType size and DataBuffer size. So to get DataBuffer size it is needed to subtract InodeType's size from ReparseData
- affected < 6.4.0-15061.9.coco15sp6.1fixed 6.4.0-15061.9.coco15sp6.1
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: amdkfd_free_gtt_mem clear the correct pointer Pass pointer reference to amdgpu_bo_unref to clear the correct pointer, otherwise amdgpu_bo_unref clear the local variable, the original pointer not set
- affected < 6.4.0-15061.9.coco15sp6.1fixed 6.4.0-15061.9.coco15sp6.1
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: fix double free issue during amdgpu module unload Flexible endpoints use DIGs from available inflexible endpoints, so only the encoders of inflexible links need to be freed. Otherwise, a double
- affected < 6.4.0-15061.9.coco15sp6.1fixed 6.4.0-15061.9.coco15sp6.1
In the Linux kernel, the following vulnerability has been resolved: platform/x86: x86-android-tablets: Fix use after free on platform_device_register() errors x86_android_tablet_remove() frees the pdevs[] array, so it should not be used after calling x86_android_tablet_remove()
- affected < 6.4.0-15061.9.coco15sp6.1fixed 6.4.0-15061.9.coco15sp6.1
In the Linux kernel, the following vulnerability has been resolved: r8169: add tally counter fields added with RTL8125 RTL8125 added fields to the tally counter, what may result in the chip dma'ing these new fields to unallocated memory. Therefore make sure that the allocated m
- affected < 6.4.0-15061.9.coco15sp6.1fixed 6.4.0-15061.9.coco15sp6.1
In the Linux kernel, the following vulnerability has been resolved: ocfs2: cancel dqi_sync_work before freeing oinfo ocfs2_global_read_info() will initialize and schedule dqi_sync_work at the end, if error occurs after successfully reading global quota, it will trigger the foll
- affected < 6.4.0-15061.9.coco15sp6.1fixed 6.4.0-15061.9.coco15sp6.1
In the Linux kernel, the following vulnerability has been resolved: ext4: fix timer use-after-free on failed mount Syzbot has found an ODEBUG bug in ext4_fill_super The del_timer_sync function cancels the s_err_report timer, which reminds about filesystem errors daily. We shou
- affected < 6.4.0-15061.9.coco15sp6.1fixed 6.4.0-15061.9.coco15sp6.1
In the Linux kernel, the following vulnerability has been resolved: ACPI: battery: Fix possible crash when unregistering a battery hook When a battery hook returns an error when adding a new battery, then the battery hook is automatically unregistered. However the battery hook
- affected < 6.4.0-15061.12.coco15sp6.1fixed 6.4.0-15061.12.coco15sp6.1
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: prevent nf_skb_duplicated corruption syzbot found that nf_dup_ipv4() or nf_dup_ipv6() could write per-cpu variable nf_skb_duplicated in an unsafe way [1]. Disabling preemption as hinted b
- affected < 6.4.0-15061.9.coco15sp6.1fixed 6.4.0-15061.9.coco15sp6.1
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: L2CAP: Fix uaf in l2cap_connect [Syzbot reported] BUG: KASAN: slab-use-after-free in l2cap_connect.constprop.0+0x10d8/0x1270 net/bluetooth/l2cap_core.c:3949 Read of size 8 at addr ffff8880241e9800 by
- affected < 6.4.0-15061.9.coco15sp6.1fixed 6.4.0-15061.9.coco15sp6.1
In the Linux kernel, the following vulnerability has been resolved: net: avoid potential underflow in qdisc_pkt_len_init() with UFO After commit 7c6d2ecbda83 ("net: be more gentle about silly gso requests coming from user") virtio_net_hdr_to_skb() had sanity check to detect mal
- affected < 6.4.0-15061.15.coco15sp6.1fixed 6.4.0-15061.15.coco15sp6.1
In the Linux kernel, the following vulnerability has been resolved: net: add more sanity checks to qdisc_pkt_len_init() One path takes care of SKB_GSO_DODGY, assuming skb->len is bigger than hdr_len. virtio_net_hdr_to_skb() does not fully dissect TCP headers, it only make sure
Page 79 of 103