VYPR

rpm package

suse/kernel-default&distro=SUSE Linux Enterprise High Availability Extension 15 SP2

pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP2

Vulnerabilities (997)

  • CVE-2023-52451HigFeb 22, 2024
    affected < 5.3.18-150200.24.183.1fixed 5.3.18-150200.24.183.1

    In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries/memhp: Fix access beyond end of drmem array dlpar_memory_remove_by_index() may access beyond the bounds of the drmem lmb array when the LMB lookup fails to match an entry with the given DRC inde

  • CVE-2023-52449MedFeb 22, 2024
    affected < 5.3.18-150200.24.183.1fixed 5.3.18-150200.24.183.1

    In the Linux kernel, the following vulnerability has been resolved: mtd: Fix gluebi NULL pointer dereference caused by ftl notifier If both ftl.ko and gluebi.ko are loaded, the notifier of ftl triggers NULL pointer dereference when trying to access ‘gluebi->desc’ in gluebi_read

  • CVE-2023-52448MedFeb 22, 2024
    affected < 5.3.18-150200.24.183.1fixed 5.3.18-150200.24.183.1

    In the Linux kernel, the following vulnerability has been resolved: gfs2: Fix kernel NULL pointer dereference in gfs2_rgrp_dump Syzkaller has reported a NULL pointer dereference when accessing rgd->rd_rgl in gfs2_rgrp_dump(). This can happen when creating rgd->rd_gl fails in r

  • CVE-2023-52445HigFeb 22, 2024
    affected < 5.3.18-150200.24.183.1fixed 5.3.18-150200.24.183.1

    In the Linux kernel, the following vulnerability has been resolved: media: pvrusb2: fix use after free on context disconnection Upon module load, a kthread is created targeting the pvr2_context_thread_func function, which may call pvr2_context_destroy and thus call kfree() on t

  • CVE-2023-52443MedFeb 22, 2024
    affected < 5.3.18-150200.24.183.1fixed 5.3.18-150200.24.183.1

    In the Linux kernel, the following vulnerability has been resolved: apparmor: avoid crash when parsed profile name is empty When processing a packed profile in unpack_profile() described like "profile :ns::samba-dcerpcd /usr/lib*/samba/{,samba/}samba-dcerpcd {...}" a string

  • CVE-2024-26585MedFeb 21, 2024
    affected < 5.3.18-150200.24.183.1fixed 5.3.18-150200.24.183.1

    In the Linux kernel, the following vulnerability has been resolved: tls: fix race between tx work scheduling and socket close Similarly to previous commit, the submitting thread (recvmsg/sendmsg) may exit as soon as the async crypto handler calls complete(). Reorder scheduling

  • CVE-2024-26584MedFeb 21, 2024
    affected < 5.3.18-150200.24.200.1fixed 5.3.18-150200.24.200.1

    In the Linux kernel, the following vulnerability has been resolved: net: tls: handle backlogging of crypto requests Since we're setting the CRYPTO_TFM_REQ_MAY_BACKLOG flag on our requests to the crypto API, crypto_aead_{encrypt,decrypt} can return -EBUSY instead of -EINPROGRES

  • CVE-2024-26583MedFeb 21, 2024
    affected < 5.3.18-150200.24.200.1fixed 5.3.18-150200.24.200.1

    In the Linux kernel, the following vulnerability has been resolved: tls: fix race between async notify and socket close The submitting thread (one which called recvmsg/sendmsg) may exit as soon as the async crypto handler calls complete() so any code past that point risks touch

  • CVE-2023-52439HigFeb 20, 2024
    affected < 5.3.18-150200.24.183.1fixed 5.3.18-150200.24.183.1

    In the Linux kernel, the following vulnerability has been resolved: uio: Fix use-after-free in uio_open core-1 core-2 ------------------------------------------------------- uio_unregister_device uio_open idev = idr_find() device_unregister(&idev->dev) put_device(&idev-

  • CVE-2024-26581HigFeb 20, 2024
    affected < 5.3.18-150200.24.194.1fixed 5.3.18-150200.24.194.1

    In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_rbtree: skip end interval element from gc rbtree lazy gc on insert might collect an end interval element that has been just added in this transactions, skip end interval elements that are not

  • CVE-2023-52433MedFeb 20, 2024
    affected < 5.3.18-150200.24.194.1fixed 5.3.18-150200.24.194.1

    In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_set_rbtree: skip sync GC for new elements in this transaction New elements in this transaction might expired before such transaction ends. Skip sync GC for such elements otherwise commit path mig

  • CVE-2023-52429MedFeb 12, 2024
    affected < 5.3.18-150200.24.183.1fixed 5.3.18-150200.24.183.1

    dm_table_create in drivers/md/dm-table.c in the Linux kernel through 6.7.4 can attempt to (in alloc_targets) allocate more than INT_MAX bytes, and crash, because of a missing check for struct dm_ioctl.target_count.

  • CVE-2024-1151MedFeb 11, 2024
    affected < 5.3.18-150200.24.183.1fixed 5.3.18-150200.24.183.1

    A vulnerability was reported in the Open vSwitch sub-component in the Linux Kernel. The flaw occurs when a recursive operation of code push recursively calls into the code block. The OVS module does not validate the stack depth, pushing too many frames and causing a stack overflo

  • CVE-2023-6536MedFeb 7, 2024
    affected < 5.3.18-150200.24.178.1fixed 5.3.18-150200.24.178.1

    A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial

  • CVE-2023-6535MedFeb 7, 2024
    affected < 5.3.18-150200.24.178.1fixed 5.3.18-150200.24.178.1

    A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial

  • CVE-2023-6356MedFeb 7, 2024
    affected < 5.3.18-150200.24.178.1fixed 5.3.18-150200.24.178.1

    A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver and causing kernel panic and a deni

  • CVE-2024-1086HigKEVJan 31, 2024
    affected < 5.3.18-150200.24.178.1fixed 5.3.18-150200.24.178.1

    A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cau

  • CVE-2023-46838HigJan 29, 2024
    affected < 5.3.18-150200.24.178.1fixed 5.3.18-150200.24.178.1

    Transmit requests in Xen's virtual network protocol can consist of multiple parts. While not really useful, except for the initial part any of them may be of zero length, i.e. carry no data at all. Besides a certain initial portion of the to be transferred data, these parts are

  • CVE-2024-0841MedJan 28, 2024
    affected < 5.3.18-150200.24.191.1fixed 5.3.18-150200.24.191.1

    A null pointer dereference flaw was found in the hugetlbfs_fill_super function in the Linux kernel hugetlbfs (HugeTLB pages) functionality. This issue may allow a local user to crash the system or potentially escalate their privileges on the system.

  • CVE-2024-23307MedJan 25, 2024
    affected < 5.3.18-150200.24.191.1fixed 5.3.18-150200.24.191.1

    Integer Overflow or Wraparound vulnerability in Linux Linux kernel kernel on Linux, x86, ARM (md, raid, raid5 modules) allows Forced Integer Overflow.

Page 22 of 50