rpm package
suse/kernel-coco_debug&distro=SUSE Linux Enterprise Module for Confidential Computing Technical Preview 15 SP6
pkg:rpm/suse/kernel-coco_debug&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Confidential%20Computing%20Technical%20Preview%2015%20SP6
Vulnerabilities (2,052)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-44990 | Med | 5.5 | < 6.4.0-15061.6.coco15sp6.1 | 6.4.0-15061.6.coco15sp6.1 | Sep 4, 2024 | In the Linux kernel, the following vulnerability has been resolved: bonding: fix null pointer deref in bond_ipsec_offload_ok We must check if there is an active slave before dereferencing the pointer. | |
| CVE-2024-44989 | Med | 5.5 | < 6.4.0-15061.6.coco15sp6.1 | 6.4.0-15061.6.coco15sp6.1 | Sep 4, 2024 | In the Linux kernel, the following vulnerability has been resolved: bonding: fix xfrm real_dev null pointer dereference We shouldn't set real_dev to NULL because packets can be in transit and xfrm might call xdo_dev_offload_ok() in parallel. All callbacks assume real_dev is set | |
| CVE-2024-44987 | Hig | 7.8 | < 6.4.0-15061.6.coco15sp6.1 | 6.4.0-15061.6.coco15sp6.1 | Sep 4, 2024 | In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent UAF in ip6_send_skb() syzbot reported an UAF in ip6_send_skb() [1] After ip6_local_out() has returned, we no longer can safely dereference rt, unless we hold rcu_read_lock(). A similar issue has | |
| CVE-2024-44986 | Hig | 7.8 | < 6.4.0-15061.6.coco15sp6.1 | 6.4.0-15061.6.coco15sp6.1 | Sep 4, 2024 | In the Linux kernel, the following vulnerability has been resolved: ipv6: fix possible UAF in ip6_finish_output2() If skb_expand_head() returns NULL, skb has been freed and associated dst/idev could also have been freed. We need to hold rcu_read_lock() to make sure the dst and | |
| CVE-2024-44977 | Hig | 7.8 | < 6.4.0-15061.6.coco15sp6.1 | 6.4.0-15061.6.coco15sp6.1 | Sep 4, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Validate TA binary size Add TA binary size validation to avoid OOB write. (cherry picked from commit c0a04e3570d72aaf090962156ad085e37c62e442) | |
| CVE-2024-44974 | Hig | 7.8 | < 6.4.0-15061.18.coco15sp6.1 | 6.4.0-15061.18.coco15sp6.1 | Sep 4, 2024 | In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: avoid possible UaF when selecting endp select_local_address() and select_signal_address() both select an endpoint entry from the list inside an RCU protected section, but return a reference to it, to | |
| CVE-2024-45008 | — | < 6.4.0-15061.6.coco15sp6.1 | 6.4.0-15061.6.coco15sp6.1 | Sep 4, 2024 | In the Linux kernel, the following vulnerability has been resolved: Input: MT - limit max slots syzbot is reporting too large allocation at input_mt_init_slots(), for num_slots is supplied from userspace using ioctl(UI_DEV_CREATE). Since nobody knows possible max slots, this p | ||
| CVE-2024-45007 | — | < 6.4.0-15061.6.coco15sp6.1 | 6.4.0-15061.6.coco15sp6.1 | Sep 4, 2024 | In the Linux kernel, the following vulnerability has been resolved: char: xillybus: Don't destroy workqueue from work item running on it Triggered by a kref decrement, destroy_workqueue() may be called from within a work item for destroying its own workqueue. This illegal situa | ||
| CVE-2024-45006 | — | < 6.4.0-15061.6.coco15sp6.1 | 6.4.0-15061.6.coco15sp6.1 | Sep 4, 2024 | In the Linux kernel, the following vulnerability has been resolved: xhci: Fix Panther point NULL pointer deref at full-speed re-enumeration re-enumerating full-speed devices after a failed address device command can trigger a NULL pointer dereference. Full-speed devices may ne | ||
| CVE-2024-45005 | — | < 6.4.0-15061.6.coco15sp6.1 | 6.4.0-15061.6.coco15sp6.1 | Sep 4, 2024 | In the Linux kernel, the following vulnerability has been resolved: KVM: s390: fix validity interception issue when gisa is switched off We might run into a SIE validity if gisa has been disabled either via using kernel parameter "kvm.use_gisa=0" or by setting the related sysfs | ||
| CVE-2024-45002 | — | < 6.4.0-15061.6.coco15sp6.1 | 6.4.0-15061.6.coco15sp6.1 | Sep 4, 2024 | In the Linux kernel, the following vulnerability has been resolved: rtla/osnoise: Prevent NULL dereference in error handling If the "tool->data" allocation fails then there is no need to call osnoise_free_top() and, in fact, doing so will lead to a NULL dereference. | ||
| CVE-2024-45001 | — | < 6.4.0-15061.6.coco15sp6.1 | 6.4.0-15061.6.coco15sp6.1 | Sep 4, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: mana: Fix RX buf alloc_size alignment and atomic op panic The MANA driver's RX buffer alloc_size is passed into napi_build_skb() to create SKB. skb_shinfo(skb) is located at the end of skb, and its alignme | ||
| CVE-2024-45000 | — | < 6.4.0-15061.6.coco15sp6.1 | 6.4.0-15061.6.coco15sp6.1 | Sep 4, 2024 | In the Linux kernel, the following vulnerability has been resolved: fs/netfs/fscache_cookie: add missing "n_accesses" check This fixes a NULL pointer dereference bug due to a data race which looks like this: BUG: kernel NULL pointer dereference, address: 0000000000000008 # | ||
| CVE-2024-44999 | — | < 6.4.0-15061.6.coco15sp6.1 | 6.4.0-15061.6.coco15sp6.1 | Sep 4, 2024 | In the Linux kernel, the following vulnerability has been resolved: gtp: pull network headers in gtp_dev_xmit() syzbot/KMSAN reported use of uninit-value in get_dev_xmit() [1] We must make sure the IPv4 or Ipv6 header is pulled in skb->head before accessing fields in them. Us | ||
| CVE-2024-44997 | — | < 6.4.0-15061.6.coco15sp6.1 | 6.4.0-15061.6.coco15sp6.1 | Sep 4, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mtk_wed: fix use-after-free panic in mtk_wed_setup_tc_block_cb() When there are multiple ap interfaces on one band and with WED on, turning the interface down will cause a kernel panic on MT798X. | ||
| CVE-2024-44996 | — | < 6.4.0-15061.12.coco15sp6.1 | 6.4.0-15061.12.coco15sp6.1 | Sep 4, 2024 | In the Linux kernel, the following vulnerability has been resolved: vsock: fix recursive ->recvmsg calls After a vsock socket has been added to a BPF sockmap, its prot->recvmsg has been replaced with vsock_bpf_recvmsg(). Thus the following recursiion could happen: vsock_bpf_re | ||
| CVE-2024-44995 | — | < 6.4.0-15061.9.coco15sp6.1 | 6.4.0-15061.9.coco15sp6.1 | Sep 4, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix a deadlock problem when config TC during resetting When config TC during the reset process, may cause a deadlock, the flow is as below: pf reset start | ||
| CVE-2024-44991 | — | < 6.4.0-15061.6.coco15sp6.1 | 6.4.0-15061.6.coco15sp6.1 | Sep 4, 2024 | In the Linux kernel, the following vulnerability has been resolved: tcp: prevent concurrent execution of tcp_sk_exit_batch Its possible that two threads call tcp_sk_exit_batch() concurrently, once from the cleanup_net workqueue, once from a task that failed to clone a new netns | ||
| CVE-2024-44988 | — | < 6.4.0-15061.6.coco15sp6.1 | 6.4.0-15061.6.coco15sp6.1 | Sep 4, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: dsa: mv88e6xxx: Fix out-of-bound access If an ATU violation was caused by a CPU Load operation, the SPID could be larger than DSA_MAX_PORTS (the size of mv88e6xxx_chip.ports[] array). | ||
| CVE-2024-44984 | — | < 6.4.0-15061.6.coco15sp6.1 | 6.4.0-15061.6.coco15sp6.1 | Sep 4, 2024 | In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix double DMA unmapping for XDP_REDIRECT Remove the dma_unmap_page_attrs() call in the driver's XDP_REDIRECT code path. This should have been removed when we let the page pool handle the DMA mapping. |
- affected < 6.4.0-15061.6.coco15sp6.1fixed 6.4.0-15061.6.coco15sp6.1
In the Linux kernel, the following vulnerability has been resolved: bonding: fix null pointer deref in bond_ipsec_offload_ok We must check if there is an active slave before dereferencing the pointer.
- affected < 6.4.0-15061.6.coco15sp6.1fixed 6.4.0-15061.6.coco15sp6.1
In the Linux kernel, the following vulnerability has been resolved: bonding: fix xfrm real_dev null pointer dereference We shouldn't set real_dev to NULL because packets can be in transit and xfrm might call xdo_dev_offload_ok() in parallel. All callbacks assume real_dev is set
- affected < 6.4.0-15061.6.coco15sp6.1fixed 6.4.0-15061.6.coco15sp6.1
In the Linux kernel, the following vulnerability has been resolved: ipv6: prevent UAF in ip6_send_skb() syzbot reported an UAF in ip6_send_skb() [1] After ip6_local_out() has returned, we no longer can safely dereference rt, unless we hold rcu_read_lock(). A similar issue has
- affected < 6.4.0-15061.6.coco15sp6.1fixed 6.4.0-15061.6.coco15sp6.1
In the Linux kernel, the following vulnerability has been resolved: ipv6: fix possible UAF in ip6_finish_output2() If skb_expand_head() returns NULL, skb has been freed and associated dst/idev could also have been freed. We need to hold rcu_read_lock() to make sure the dst and
- affected < 6.4.0-15061.6.coco15sp6.1fixed 6.4.0-15061.6.coco15sp6.1
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Validate TA binary size Add TA binary size validation to avoid OOB write. (cherry picked from commit c0a04e3570d72aaf090962156ad085e37c62e442)
- affected < 6.4.0-15061.18.coco15sp6.1fixed 6.4.0-15061.18.coco15sp6.1
In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: avoid possible UaF when selecting endp select_local_address() and select_signal_address() both select an endpoint entry from the list inside an RCU protected section, but return a reference to it, to
- CVE-2024-45008Sep 4, 2024affected < 6.4.0-15061.6.coco15sp6.1fixed 6.4.0-15061.6.coco15sp6.1
In the Linux kernel, the following vulnerability has been resolved: Input: MT - limit max slots syzbot is reporting too large allocation at input_mt_init_slots(), for num_slots is supplied from userspace using ioctl(UI_DEV_CREATE). Since nobody knows possible max slots, this p
- CVE-2024-45007Sep 4, 2024affected < 6.4.0-15061.6.coco15sp6.1fixed 6.4.0-15061.6.coco15sp6.1
In the Linux kernel, the following vulnerability has been resolved: char: xillybus: Don't destroy workqueue from work item running on it Triggered by a kref decrement, destroy_workqueue() may be called from within a work item for destroying its own workqueue. This illegal situa
- CVE-2024-45006Sep 4, 2024affected < 6.4.0-15061.6.coco15sp6.1fixed 6.4.0-15061.6.coco15sp6.1
In the Linux kernel, the following vulnerability has been resolved: xhci: Fix Panther point NULL pointer deref at full-speed re-enumeration re-enumerating full-speed devices after a failed address device command can trigger a NULL pointer dereference. Full-speed devices may ne
- CVE-2024-45005Sep 4, 2024affected < 6.4.0-15061.6.coco15sp6.1fixed 6.4.0-15061.6.coco15sp6.1
In the Linux kernel, the following vulnerability has been resolved: KVM: s390: fix validity interception issue when gisa is switched off We might run into a SIE validity if gisa has been disabled either via using kernel parameter "kvm.use_gisa=0" or by setting the related sysfs
- CVE-2024-45002Sep 4, 2024affected < 6.4.0-15061.6.coco15sp6.1fixed 6.4.0-15061.6.coco15sp6.1
In the Linux kernel, the following vulnerability has been resolved: rtla/osnoise: Prevent NULL dereference in error handling If the "tool->data" allocation fails then there is no need to call osnoise_free_top() and, in fact, doing so will lead to a NULL dereference.
- CVE-2024-45001Sep 4, 2024affected < 6.4.0-15061.6.coco15sp6.1fixed 6.4.0-15061.6.coco15sp6.1
In the Linux kernel, the following vulnerability has been resolved: net: mana: Fix RX buf alloc_size alignment and atomic op panic The MANA driver's RX buffer alloc_size is passed into napi_build_skb() to create SKB. skb_shinfo(skb) is located at the end of skb, and its alignme
- CVE-2024-45000Sep 4, 2024affected < 6.4.0-15061.6.coco15sp6.1fixed 6.4.0-15061.6.coco15sp6.1
In the Linux kernel, the following vulnerability has been resolved: fs/netfs/fscache_cookie: add missing "n_accesses" check This fixes a NULL pointer dereference bug due to a data race which looks like this: BUG: kernel NULL pointer dereference, address: 0000000000000008 #
- CVE-2024-44999Sep 4, 2024affected < 6.4.0-15061.6.coco15sp6.1fixed 6.4.0-15061.6.coco15sp6.1
In the Linux kernel, the following vulnerability has been resolved: gtp: pull network headers in gtp_dev_xmit() syzbot/KMSAN reported use of uninit-value in get_dev_xmit() [1] We must make sure the IPv4 or Ipv6 header is pulled in skb->head before accessing fields in them. Us
- CVE-2024-44997Sep 4, 2024affected < 6.4.0-15061.6.coco15sp6.1fixed 6.4.0-15061.6.coco15sp6.1
In the Linux kernel, the following vulnerability has been resolved: net: ethernet: mtk_wed: fix use-after-free panic in mtk_wed_setup_tc_block_cb() When there are multiple ap interfaces on one band and with WED on, turning the interface down will cause a kernel panic on MT798X.
- CVE-2024-44996Sep 4, 2024affected < 6.4.0-15061.12.coco15sp6.1fixed 6.4.0-15061.12.coco15sp6.1
In the Linux kernel, the following vulnerability has been resolved: vsock: fix recursive ->recvmsg calls After a vsock socket has been added to a BPF sockmap, its prot->recvmsg has been replaced with vsock_bpf_recvmsg(). Thus the following recursiion could happen: vsock_bpf_re
- CVE-2024-44995Sep 4, 2024affected < 6.4.0-15061.9.coco15sp6.1fixed 6.4.0-15061.9.coco15sp6.1
In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix a deadlock problem when config TC during resetting When config TC during the reset process, may cause a deadlock, the flow is as below: pf reset start
- CVE-2024-44991Sep 4, 2024affected < 6.4.0-15061.6.coco15sp6.1fixed 6.4.0-15061.6.coco15sp6.1
In the Linux kernel, the following vulnerability has been resolved: tcp: prevent concurrent execution of tcp_sk_exit_batch Its possible that two threads call tcp_sk_exit_batch() concurrently, once from the cleanup_net workqueue, once from a task that failed to clone a new netns
- CVE-2024-44988Sep 4, 2024affected < 6.4.0-15061.6.coco15sp6.1fixed 6.4.0-15061.6.coco15sp6.1
In the Linux kernel, the following vulnerability has been resolved: net: dsa: mv88e6xxx: Fix out-of-bound access If an ATU violation was caused by a CPU Load operation, the SPID could be larger than DSA_MAX_PORTS (the size of mv88e6xxx_chip.ports[] array).
- CVE-2024-44984Sep 4, 2024affected < 6.4.0-15061.6.coco15sp6.1fixed 6.4.0-15061.6.coco15sp6.1
In the Linux kernel, the following vulnerability has been resolved: bnxt_en: Fix double DMA unmapping for XDP_REDIRECT Remove the dma_unmap_page_attrs() call in the driver's XDP_REDIRECT code path. This should have been removed when we let the page pool handle the DMA mapping.
Page 97 of 103