rpm package
suse/kernel-default&distro=SUSE Linux Enterprise High Availability Extension 15 SP6
pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP6
Vulnerabilities (4,170)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-56703 | — | < 6.4.0-150600.23.47.2 | 6.4.0-150600.23.47.2 | Dec 28, 2024 | In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix soft lockups in fib6_select_path under high next hop churn Soft lockups have been observed on a cluster of Linux-based edge routers located in a highly dynamic environment. Using the `bird` service, t | ||
| CVE-2024-56702 | — | < 6.4.0-150600.23.50.1 | 6.4.0-150600.23.50.1 | Dec 28, 2024 | In the Linux kernel, the following vulnerability has been resolved: bpf: Mark raw_tp arguments with PTR_MAYBE_NULL Arguments to a raw tracepoint are tagged as trusted, which carries the semantics that the pointer will be non-NULL. However, in certain cases, a raw tracepoint ar | ||
| CVE-2024-56701 | — | < 6.4.0-150600.23.38.1 | 6.4.0-150600.23.38.1 | Dec 28, 2024 | In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries: Fix dtl_access_lock to be a rw_semaphore The dtl_access_lock needs to be a rw_sempahore, a sleeping lock, because the code calls kmalloc() while holding it, which can sleep: # echo 1 > /proc | ||
| CVE-2024-56700 | — | < 6.4.0-150600.23.38.1 | 6.4.0-150600.23.38.1 | Dec 28, 2024 | In the Linux kernel, the following vulnerability has been resolved: media: wl128x: Fix atomicity violation in fmc_send_cmd() Atomicity violation occurs when the fmc_send_cmd() function is executed simultaneously with the modification of the fmdev->resp_skb value. Consider a sce | ||
| CVE-2024-56699 | — | < 6.4.0-150600.23.60.5 | 6.4.0-150600.23.60.5 | Dec 28, 2024 | In the Linux kernel, the following vulnerability has been resolved: s390/pci: Fix potential double remove of hotplug slot In commit 6ee600bfbe0f ("s390/pci: remove hotplug slot when releasing the device") the zpci_exit_slot() was moved from zpci_device_reserved() to zpci_releas | ||
| CVE-2024-56698 | — | < 6.4.0-150600.23.38.1 | 6.4.0-150600.23.38.1 | Dec 28, 2024 | In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: gadget: Fix looping of queued SG entries The dwc3_request->num_queued_sgs is decremented on completion. If a partially completed request is handled, then the dwc3_request->num_queued_sgs no longer re | ||
| CVE-2024-56694 | — | < 6.4.0-150600.23.38.1 | 6.4.0-150600.23.38.1 | Dec 28, 2024 | In the Linux kernel, the following vulnerability has been resolved: bpf: fix recursive lock when verdict program return SK_PASS When the stream_verdict program returns SK_PASS, it places the received skb into its own receive queue, but a recursive lock eventually occurs, leadin | ||
| CVE-2024-56693 | — | < 6.4.0-150600.23.38.1 | 6.4.0-150600.23.38.1 | Dec 28, 2024 | In the Linux kernel, the following vulnerability has been resolved: brd: defer automatic disk creation until module initialization succeeds My colleague Wupeng found the following problems during fault injection: BUG: unable to handle page fault for address: fffffbfff809d073 P | ||
| CVE-2024-56691 | — | < 6.4.0-150600.23.38.1 | 6.4.0-150600.23.38.1 | Dec 28, 2024 | In the Linux kernel, the following vulnerability has been resolved: mfd: intel_soc_pmic_bxtwc: Use IRQ domain for USB Type-C device While design wise the idea of converting the driver to use the hierarchy of the IRQ chips is correct, the implementation has (inherited) flaws. Th | ||
| CVE-2024-56690 | — | < 6.4.0-150600.23.38.1 | 6.4.0-150600.23.38.1 | Dec 28, 2024 | In the Linux kernel, the following vulnerability has been resolved: crypto: pcrypt - Call crypto layer directly when padata_do_parallel() return -EBUSY Since commit 8f4f68e788c3 ("crypto: pcrypt - Fix hungtask for PADATA_RESET"), the pcrypt encryption and decryption operations | ||
| CVE-2024-56688 | — | < 6.4.0-150600.23.38.1 | 6.4.0-150600.23.38.1 | Dec 28, 2024 | In the Linux kernel, the following vulnerability has been resolved: sunrpc: clear XPRT_SOCK_UPD_TIMEOUT when reset transport Since transport->sock has been set to NULL during reset transport, XPRT_SOCK_UPD_TIMEOUT also needs to be cleared. Otherwise, the xs_tcp_set_socket_timeo | ||
| CVE-2024-56687 | — | < 6.4.0-150600.23.38.1 | 6.4.0-150600.23.38.1 | Dec 28, 2024 | In the Linux kernel, the following vulnerability has been resolved: usb: musb: Fix hardware lockup on first Rx endpoint request There is a possibility that a request's callback could be invoked from usb_ep_queue() (call trace below, supplemented with missing calls): req->compl | ||
| CVE-2024-56683 | — | < 6.4.0-150600.23.38.1 | 6.4.0-150600.23.38.1 | Dec 28, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/vc4: hdmi: Avoid hang with debug registers when suspended Trying to read /sys/kernel/debug/dri/1/hdmi1_regs when the hdmi is disconnected results in a fatal system hang. This is due to the pm suspend code | ||
| CVE-2024-56681 | — | < 6.4.0-150600.23.38.1 | 6.4.0-150600.23.38.1 | Dec 28, 2024 | In the Linux kernel, the following vulnerability has been resolved: crypto: bcm - add error check in the ahash_hmac_init function The ahash_init functions may return fails. The ahash_hmac_init should not return ok when ahash_init returns error. For an example, ahash_init will r | ||
| CVE-2024-56679 | — | < 6.4.0-150600.23.38.1 | 6.4.0-150600.23.38.1 | Dec 28, 2024 | In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_common.c Add error pointer check after calling otx2_mbox_get_rsp(). | ||
| CVE-2024-56678 | — | < 6.4.0-150600.23.38.1 | 6.4.0-150600.23.38.1 | Dec 28, 2024 | In the Linux kernel, the following vulnerability has been resolved: powerpc/mm/fault: Fix kfence page fault reporting copy_from_kernel_nofault() can be called when doing read of /proc/kcore. /proc/kcore can have some unmapped kfence objects which when read via copy_from_kernel_ | ||
| CVE-2024-56677 | — | < 6.4.0-150600.23.38.1 | 6.4.0-150600.23.38.1 | Dec 28, 2024 | In the Linux kernel, the following vulnerability has been resolved: powerpc/fadump: Move fadump_cma_init to setup_arch() after initmem_init() During early init CMA_MIN_ALIGNMENT_BYTES can be PAGE_SIZE, since pageblock_order is still zero and it gets initialized later during ini | ||
| CVE-2024-56672 | Hig | 7.0 | < 6.4.0-150600.23.38.1 | 6.4.0-150600.23.38.1 | Dec 27, 2024 | In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: Fix UAF in blkcg_unpin_online() blkcg_unpin_online() walks up the blkcg hierarchy putting the online pin. To walk up, it uses blkcg_parent(blkcg) but it was calling that after blkcg_destroy_blkgs(bl | |
| CVE-2024-56647 | Med | 5.5 | < 6.4.0-150600.23.42.2 | 6.4.0-150600.23.42.2 | Dec 27, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: Fix icmp host relookup triggering ip_rt_bug arp link failure may trigger ip_rt_bug while xfrm enabled, call trace is: WARNING: CPU: 0 PID: 0 at net/ipv4/route.c:1241 ip_rt_bug+0x14/0x20 Modules linked in: | |
| CVE-2024-56631 | Hig | 7.8 | < 6.4.0-150600.23.38.1 | 6.4.0-150600.23.38.1 | Dec 27, 2024 | In the Linux kernel, the following vulnerability has been resolved: scsi: sg: Fix slab-use-after-free read in sg_release() Fix a use-after-free bug in sg_release(), detected by syzbot with KASAN: BUG: KASAN: slab-use-after-free in lock_release+0x151/0xa30 kernel/locking/lockde |
- CVE-2024-56703Dec 28, 2024affected < 6.4.0-150600.23.47.2fixed 6.4.0-150600.23.47.2
In the Linux kernel, the following vulnerability has been resolved: ipv6: Fix soft lockups in fib6_select_path under high next hop churn Soft lockups have been observed on a cluster of Linux-based edge routers located in a highly dynamic environment. Using the `bird` service, t
- CVE-2024-56702Dec 28, 2024affected < 6.4.0-150600.23.50.1fixed 6.4.0-150600.23.50.1
In the Linux kernel, the following vulnerability has been resolved: bpf: Mark raw_tp arguments with PTR_MAYBE_NULL Arguments to a raw tracepoint are tagged as trusted, which carries the semantics that the pointer will be non-NULL. However, in certain cases, a raw tracepoint ar
- CVE-2024-56701Dec 28, 2024affected < 6.4.0-150600.23.38.1fixed 6.4.0-150600.23.38.1
In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries: Fix dtl_access_lock to be a rw_semaphore The dtl_access_lock needs to be a rw_sempahore, a sleeping lock, because the code calls kmalloc() while holding it, which can sleep: # echo 1 > /proc
- CVE-2024-56700Dec 28, 2024affected < 6.4.0-150600.23.38.1fixed 6.4.0-150600.23.38.1
In the Linux kernel, the following vulnerability has been resolved: media: wl128x: Fix atomicity violation in fmc_send_cmd() Atomicity violation occurs when the fmc_send_cmd() function is executed simultaneously with the modification of the fmdev->resp_skb value. Consider a sce
- CVE-2024-56699Dec 28, 2024affected < 6.4.0-150600.23.60.5fixed 6.4.0-150600.23.60.5
In the Linux kernel, the following vulnerability has been resolved: s390/pci: Fix potential double remove of hotplug slot In commit 6ee600bfbe0f ("s390/pci: remove hotplug slot when releasing the device") the zpci_exit_slot() was moved from zpci_device_reserved() to zpci_releas
- CVE-2024-56698Dec 28, 2024affected < 6.4.0-150600.23.38.1fixed 6.4.0-150600.23.38.1
In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: gadget: Fix looping of queued SG entries The dwc3_request->num_queued_sgs is decremented on completion. If a partially completed request is handled, then the dwc3_request->num_queued_sgs no longer re
- CVE-2024-56694Dec 28, 2024affected < 6.4.0-150600.23.38.1fixed 6.4.0-150600.23.38.1
In the Linux kernel, the following vulnerability has been resolved: bpf: fix recursive lock when verdict program return SK_PASS When the stream_verdict program returns SK_PASS, it places the received skb into its own receive queue, but a recursive lock eventually occurs, leadin
- CVE-2024-56693Dec 28, 2024affected < 6.4.0-150600.23.38.1fixed 6.4.0-150600.23.38.1
In the Linux kernel, the following vulnerability has been resolved: brd: defer automatic disk creation until module initialization succeeds My colleague Wupeng found the following problems during fault injection: BUG: unable to handle page fault for address: fffffbfff809d073 P
- CVE-2024-56691Dec 28, 2024affected < 6.4.0-150600.23.38.1fixed 6.4.0-150600.23.38.1
In the Linux kernel, the following vulnerability has been resolved: mfd: intel_soc_pmic_bxtwc: Use IRQ domain for USB Type-C device While design wise the idea of converting the driver to use the hierarchy of the IRQ chips is correct, the implementation has (inherited) flaws. Th
- CVE-2024-56690Dec 28, 2024affected < 6.4.0-150600.23.38.1fixed 6.4.0-150600.23.38.1
In the Linux kernel, the following vulnerability has been resolved: crypto: pcrypt - Call crypto layer directly when padata_do_parallel() return -EBUSY Since commit 8f4f68e788c3 ("crypto: pcrypt - Fix hungtask for PADATA_RESET"), the pcrypt encryption and decryption operations
- CVE-2024-56688Dec 28, 2024affected < 6.4.0-150600.23.38.1fixed 6.4.0-150600.23.38.1
In the Linux kernel, the following vulnerability has been resolved: sunrpc: clear XPRT_SOCK_UPD_TIMEOUT when reset transport Since transport->sock has been set to NULL during reset transport, XPRT_SOCK_UPD_TIMEOUT also needs to be cleared. Otherwise, the xs_tcp_set_socket_timeo
- CVE-2024-56687Dec 28, 2024affected < 6.4.0-150600.23.38.1fixed 6.4.0-150600.23.38.1
In the Linux kernel, the following vulnerability has been resolved: usb: musb: Fix hardware lockup on first Rx endpoint request There is a possibility that a request's callback could be invoked from usb_ep_queue() (call trace below, supplemented with missing calls): req->compl
- CVE-2024-56683Dec 28, 2024affected < 6.4.0-150600.23.38.1fixed 6.4.0-150600.23.38.1
In the Linux kernel, the following vulnerability has been resolved: drm/vc4: hdmi: Avoid hang with debug registers when suspended Trying to read /sys/kernel/debug/dri/1/hdmi1_regs when the hdmi is disconnected results in a fatal system hang. This is due to the pm suspend code
- CVE-2024-56681Dec 28, 2024affected < 6.4.0-150600.23.38.1fixed 6.4.0-150600.23.38.1
In the Linux kernel, the following vulnerability has been resolved: crypto: bcm - add error check in the ahash_hmac_init function The ahash_init functions may return fails. The ahash_hmac_init should not return ok when ahash_init returns error. For an example, ahash_init will r
- CVE-2024-56679Dec 28, 2024affected < 6.4.0-150600.23.38.1fixed 6.4.0-150600.23.38.1
In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: handle otx2_mbox_get_rsp errors in otx2_common.c Add error pointer check after calling otx2_mbox_get_rsp().
- CVE-2024-56678Dec 28, 2024affected < 6.4.0-150600.23.38.1fixed 6.4.0-150600.23.38.1
In the Linux kernel, the following vulnerability has been resolved: powerpc/mm/fault: Fix kfence page fault reporting copy_from_kernel_nofault() can be called when doing read of /proc/kcore. /proc/kcore can have some unmapped kfence objects which when read via copy_from_kernel_
- CVE-2024-56677Dec 28, 2024affected < 6.4.0-150600.23.38.1fixed 6.4.0-150600.23.38.1
In the Linux kernel, the following vulnerability has been resolved: powerpc/fadump: Move fadump_cma_init to setup_arch() after initmem_init() During early init CMA_MIN_ALIGNMENT_BYTES can be PAGE_SIZE, since pageblock_order is still zero and it gets initialized later during ini
- affected < 6.4.0-150600.23.38.1fixed 6.4.0-150600.23.38.1
In the Linux kernel, the following vulnerability has been resolved: blk-cgroup: Fix UAF in blkcg_unpin_online() blkcg_unpin_online() walks up the blkcg hierarchy putting the online pin. To walk up, it uses blkcg_parent(blkcg) but it was calling that after blkcg_destroy_blkgs(bl
- affected < 6.4.0-150600.23.42.2fixed 6.4.0-150600.23.42.2
In the Linux kernel, the following vulnerability has been resolved: net: Fix icmp host relookup triggering ip_rt_bug arp link failure may trigger ip_rt_bug while xfrm enabled, call trace is: WARNING: CPU: 0 PID: 0 at net/ipv4/route.c:1241 ip_rt_bug+0x14/0x20 Modules linked in:
- affected < 6.4.0-150600.23.38.1fixed 6.4.0-150600.23.38.1
In the Linux kernel, the following vulnerability has been resolved: scsi: sg: Fix slab-use-after-free read in sg_release() Fix a use-after-free bug in sg_release(), detected by syzbot with KASAN: BUG: KASAN: slab-use-after-free in lock_release+0x151/0xa30 kernel/locking/lockde
Page 104 of 209