rpm package
suse/kernel-default&distro=SUSE Linux Enterprise High Availability Extension 15 SP6
pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP6
Vulnerabilities (4,170)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-53100 | — | < 6.4.0-150600.23.30.1 | 6.4.0-150600.23.30.1 | Nov 25, 2024 | In the Linux kernel, the following vulnerability has been resolved: nvme: tcp: avoid race between queue_lock lock and destroy Commit 76d54bf20cdc ("nvme-tcp: don't access released socket during error recovery") added a mutex_lock() call for the queue->queue_lock in nvme_tcp_get | ||
| CVE-2024-53099 | — | < 6.4.0-150600.23.33.1 | 6.4.0-150600.23.33.1 | Nov 25, 2024 | In the Linux kernel, the following vulnerability has been resolved: bpf: Check validity of link->type in bpf_link_show_fdinfo() If a newly-added link type doesn't invoke BPF_LINK_TYPE(), accessing bpf_link_type_strs[link->type] may result in an out-of-bounds access. To spot su | ||
| CVE-2024-53096 | — | < 6.4.0-150600.23.30.1 | 6.4.0-150600.23.30.1 | Nov 25, 2024 | In the Linux kernel, the following vulnerability has been resolved: mm: resolve faulty mmap_region() error path behaviour The mmap_region() function is somewhat terrifying, with spaghetti-like control flow and numerous means by which issues can arise and incomplete state, memor | ||
| CVE-2024-8805 | — | < 6.4.0-150600.23.33.1 | 6.4.0-150600.23.33.1 | Nov 22, 2024 | BlueZ HID over GATT Profile Improper Access Control Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. Authentication is not required to exploit this vulnerability. The specific | ||
| CVE-2024-53095 | — | < 6.4.0-150600.23.30.1 | 6.4.0-150600.23.30.1 | Nov 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: smb: client: Fix use-after-free of network namespace. Recently, we got a customer report that CIFS triggers oops while reconnecting to a server. [0] The workload runs on Kubernetes, and some pods mount CIFS s | ||
| CVE-2024-53094 | — | < 6.4.0-150600.23.30.1 | 6.4.0-150600.23.30.1 | Nov 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: RDMA/siw: Add sendpage_ok() check to disable MSG_SPLICE_PAGES While running ISER over SIW, the initiator machine encounters a warning from skb_splice_from_iter() indicating that a slab page is being used in sen | ||
| CVE-2024-53093 | — | < 6.4.0-150600.23.30.1 | 6.4.0-150600.23.30.1 | Nov 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: nvme-multipath: defer partition scanning We need to suppress the partition scan from occuring within the controller's scan_work context. If a path error occurs here, the IO will wait until a path becomes availa | ||
| CVE-2024-53091 | — | < 6.4.0-150600.23.38.1 | 6.4.0-150600.23.38.1 | Nov 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: bpf: Add sk_is_inet and IS_ICSK check in tls_sw_has_ctx_tx/rx As the introduction of the support for vsock and unix sockets in sockmap, tls_sw_has_ctx_tx/rx cannot presume the socket passed in must be IS_ICSK. | ||
| CVE-2024-53090 | — | < 6.4.0-150600.23.33.1 | 6.4.0-150600.23.33.1 | Nov 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: afs: Fix lock recursion afs_wake_up_async_call() can incur lock recursion. The problem is that it is called from AF_RXRPC whilst holding the ->notify_lock, but it tries to take a ref on the afs_call struct in | ||
| CVE-2024-53059 | Hig | 7.8 | < 6.4.0-150600.23.30.1 | 6.4.0-150600.23.30.1 | Nov 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: Fix response handling in iwl_mvm_send_recovery_cmd() 1. The size of the response packet is not validated. 2. The response buffer is not freed. Resolve these issues by switching to iwl_mvm_s | |
| CVE-2024-53057 | Hig | 7.8 | < 6.4.0-150600.23.47.2 | 6.4.0-150600.23.47.2 | Nov 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT In qdisc_tree_reduce_backlog, Qdiscs with major handle ffff: are assumed to be either root or ingress. This assumption is bogus since it's valid to create | |
| CVE-2024-53042 | Med | 5.5 | < 6.4.0-150600.23.30.1 | 6.4.0-150600.23.30.1 | Nov 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_init_flow() There are code paths from which the function is called without holding the RCU read lock, resulting in a suspicious RCU usage warning [ | |
| CVE-2024-53088 | — | < 6.4.0-150600.23.30.1 | 6.4.0-150600.23.30.1 | Nov 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: i40e: fix race condition by adding filter's intermediate sync state Fix a race condition in the i40e driver that leads to MAC/VLAN filters becoming corrupted and leaking. Address the issue that occurs under hea | ||
| CVE-2024-53085 | — | < 6.4.0-150600.23.30.1 | 6.4.0-150600.23.30.1 | Nov 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: tpm: Lock TPM chip in tpm_pm_suspend() first Setting TPM_CHIP_FLAG_SUSPENDED in the end of tpm_pm_suspend() can be racy according, as this leaves window for tpm_hwrng_read() to be called while the operation is | ||
| CVE-2024-53082 | — | < 6.4.0-150600.23.30.1 | 6.4.0-150600.23.30.1 | Nov 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: virtio_net: Add hash_key_length check Add hash_key_length check in virtnet_probe() to avoid possible out of bound errors when setting/reading the hash key. | ||
| CVE-2024-53081 | — | < 6.4.0-150600.23.30.1 | 6.4.0-150600.23.30.1 | Nov 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: media: ar0521: don't overflow when checking PLL values The PLL checks are comparing 64 bit integers with 32 bit ones, as reported by Coverity. Depending on the values of the variables, this may underflow. Fix | ||
| CVE-2024-53079 | — | < 6.4.0-150600.23.30.1 | 6.4.0-150600.23.30.1 | Nov 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: mm/thp: fix deferred split unqueue naming and locking Recent changes are putting more pressure on THP deferred split queues: under load revealing long-standing races, causing list_del corruptions, "Bad page sta | ||
| CVE-2024-53076 | — | < 6.4.0-150600.23.30.1 | 6.4.0-150600.23.30.1 | Nov 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: iio: gts-helper: Fix memory leaks for the error path of iio_gts_build_avail_scale_table() If per_time_scales[i] or per_time_gains[i] kcalloc fails in the for loop of iio_gts_build_avail_scale_table(), the err_f | ||
| CVE-2024-53074 | — | < 6.4.0-150600.23.30.1 | 6.4.0-150600.23.30.1 | Nov 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: don't leak a link on AP removal Release the link mapping resource in AP removal. This impacted devices that do not support the MLD API (9260 and down). On those devices, we couldn't start th | ||
| CVE-2024-53072 | — | < 6.4.0-150600.23.30.1 | 6.4.0-150600.23.30.1 | Nov 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: platform/x86/amd/pmc: Detect when STB is not available Loading the amd_pmc module as: amd_pmc enable_stb=1 ...can result in the following messages in the kernel ring buffer: amd_pmc AMDI0009:00: SMU |
- CVE-2024-53100Nov 25, 2024affected < 6.4.0-150600.23.30.1fixed 6.4.0-150600.23.30.1
In the Linux kernel, the following vulnerability has been resolved: nvme: tcp: avoid race between queue_lock lock and destroy Commit 76d54bf20cdc ("nvme-tcp: don't access released socket during error recovery") added a mutex_lock() call for the queue->queue_lock in nvme_tcp_get
- CVE-2024-53099Nov 25, 2024affected < 6.4.0-150600.23.33.1fixed 6.4.0-150600.23.33.1
In the Linux kernel, the following vulnerability has been resolved: bpf: Check validity of link->type in bpf_link_show_fdinfo() If a newly-added link type doesn't invoke BPF_LINK_TYPE(), accessing bpf_link_type_strs[link->type] may result in an out-of-bounds access. To spot su
- CVE-2024-53096Nov 25, 2024affected < 6.4.0-150600.23.30.1fixed 6.4.0-150600.23.30.1
In the Linux kernel, the following vulnerability has been resolved: mm: resolve faulty mmap_region() error path behaviour The mmap_region() function is somewhat terrifying, with spaghetti-like control flow and numerous means by which issues can arise and incomplete state, memor
- CVE-2024-8805Nov 22, 2024affected < 6.4.0-150600.23.33.1fixed 6.4.0-150600.23.33.1
BlueZ HID over GATT Profile Improper Access Control Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of BlueZ. Authentication is not required to exploit this vulnerability. The specific
- CVE-2024-53095Nov 21, 2024affected < 6.4.0-150600.23.30.1fixed 6.4.0-150600.23.30.1
In the Linux kernel, the following vulnerability has been resolved: smb: client: Fix use-after-free of network namespace. Recently, we got a customer report that CIFS triggers oops while reconnecting to a server. [0] The workload runs on Kubernetes, and some pods mount CIFS s
- CVE-2024-53094Nov 21, 2024affected < 6.4.0-150600.23.30.1fixed 6.4.0-150600.23.30.1
In the Linux kernel, the following vulnerability has been resolved: RDMA/siw: Add sendpage_ok() check to disable MSG_SPLICE_PAGES While running ISER over SIW, the initiator machine encounters a warning from skb_splice_from_iter() indicating that a slab page is being used in sen
- CVE-2024-53093Nov 21, 2024affected < 6.4.0-150600.23.30.1fixed 6.4.0-150600.23.30.1
In the Linux kernel, the following vulnerability has been resolved: nvme-multipath: defer partition scanning We need to suppress the partition scan from occuring within the controller's scan_work context. If a path error occurs here, the IO will wait until a path becomes availa
- CVE-2024-53091Nov 21, 2024affected < 6.4.0-150600.23.38.1fixed 6.4.0-150600.23.38.1
In the Linux kernel, the following vulnerability has been resolved: bpf: Add sk_is_inet and IS_ICSK check in tls_sw_has_ctx_tx/rx As the introduction of the support for vsock and unix sockets in sockmap, tls_sw_has_ctx_tx/rx cannot presume the socket passed in must be IS_ICSK.
- CVE-2024-53090Nov 21, 2024affected < 6.4.0-150600.23.33.1fixed 6.4.0-150600.23.33.1
In the Linux kernel, the following vulnerability has been resolved: afs: Fix lock recursion afs_wake_up_async_call() can incur lock recursion. The problem is that it is called from AF_RXRPC whilst holding the ->notify_lock, but it tries to take a ref on the afs_call struct in
- affected < 6.4.0-150600.23.30.1fixed 6.4.0-150600.23.30.1
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: Fix response handling in iwl_mvm_send_recovery_cmd() 1. The size of the response packet is not validated. 2. The response buffer is not freed. Resolve these issues by switching to iwl_mvm_s
- affected < 6.4.0-150600.23.47.2fixed 6.4.0-150600.23.47.2
In the Linux kernel, the following vulnerability has been resolved: net/sched: stop qdisc_tree_reduce_backlog on TC_H_ROOT In qdisc_tree_reduce_backlog, Qdiscs with major handle ffff: are assumed to be either root or ingress. This assumption is bogus since it's valid to create
- affected < 6.4.0-150600.23.30.1fixed 6.4.0-150600.23.30.1
In the Linux kernel, the following vulnerability has been resolved: ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_init_flow() There are code paths from which the function is called without holding the RCU read lock, resulting in a suspicious RCU usage warning [
- CVE-2024-53088Nov 19, 2024affected < 6.4.0-150600.23.30.1fixed 6.4.0-150600.23.30.1
In the Linux kernel, the following vulnerability has been resolved: i40e: fix race condition by adding filter's intermediate sync state Fix a race condition in the i40e driver that leads to MAC/VLAN filters becoming corrupted and leaking. Address the issue that occurs under hea
- CVE-2024-53085Nov 19, 2024affected < 6.4.0-150600.23.30.1fixed 6.4.0-150600.23.30.1
In the Linux kernel, the following vulnerability has been resolved: tpm: Lock TPM chip in tpm_pm_suspend() first Setting TPM_CHIP_FLAG_SUSPENDED in the end of tpm_pm_suspend() can be racy according, as this leaves window for tpm_hwrng_read() to be called while the operation is
- CVE-2024-53082Nov 19, 2024affected < 6.4.0-150600.23.30.1fixed 6.4.0-150600.23.30.1
In the Linux kernel, the following vulnerability has been resolved: virtio_net: Add hash_key_length check Add hash_key_length check in virtnet_probe() to avoid possible out of bound errors when setting/reading the hash key.
- CVE-2024-53081Nov 19, 2024affected < 6.4.0-150600.23.30.1fixed 6.4.0-150600.23.30.1
In the Linux kernel, the following vulnerability has been resolved: media: ar0521: don't overflow when checking PLL values The PLL checks are comparing 64 bit integers with 32 bit ones, as reported by Coverity. Depending on the values of the variables, this may underflow. Fix
- CVE-2024-53079Nov 19, 2024affected < 6.4.0-150600.23.30.1fixed 6.4.0-150600.23.30.1
In the Linux kernel, the following vulnerability has been resolved: mm/thp: fix deferred split unqueue naming and locking Recent changes are putting more pressure on THP deferred split queues: under load revealing long-standing races, causing list_del corruptions, "Bad page sta
- CVE-2024-53076Nov 19, 2024affected < 6.4.0-150600.23.30.1fixed 6.4.0-150600.23.30.1
In the Linux kernel, the following vulnerability has been resolved: iio: gts-helper: Fix memory leaks for the error path of iio_gts_build_avail_scale_table() If per_time_scales[i] or per_time_gains[i] kcalloc fails in the for loop of iio_gts_build_avail_scale_table(), the err_f
- CVE-2024-53074Nov 19, 2024affected < 6.4.0-150600.23.30.1fixed 6.4.0-150600.23.30.1
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: don't leak a link on AP removal Release the link mapping resource in AP removal. This impacted devices that do not support the MLD API (9260 and down). On those devices, we couldn't start th
- CVE-2024-53072Nov 19, 2024affected < 6.4.0-150600.23.30.1fixed 6.4.0-150600.23.30.1
In the Linux kernel, the following vulnerability has been resolved: platform/x86/amd/pmc: Detect when STB is not available Loading the amd_pmc module as: amd_pmc enable_stb=1 ...can result in the following messages in the kernel ring buffer: amd_pmc AMDI0009:00: SMU
Page 115 of 209