VYPR

rpm package

suse/kernel-default&distro=SUSE Linux Enterprise High Availability Extension 15 SP6

pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP6

Vulnerabilities (4,170)

  • CVE-2024-50125Nov 5, 2024
    affected < 6.4.0-150600.23.30.1fixed 6.4.0-150600.23.30.1

    In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SCO: Fix UAF on sco_sock_timeout conn->sk maybe have been unlinked/freed while waiting for sco_conn_lock so this checks if the conn->sk is still valid by checking if it part of sco_sk_list.

  • CVE-2024-50124Nov 5, 2024
    affected < 6.4.0-150600.23.30.1fixed 6.4.0-150600.23.30.1

    In the Linux kernel, the following vulnerability has been resolved: Bluetooth: ISO: Fix UAF on iso_sock_timeout conn->sk maybe have been unlinked/freed while waiting for iso_conn_lock so this checks if the conn->sk is still valid by checking if it part of iso_sk_list.

  • CVE-2024-50117Nov 5, 2024
    affected < 6.4.0-150600.23.30.1fixed 6.4.0-150600.23.30.1

    In the Linux kernel, the following vulnerability has been resolved: drm/amd: Guard against bad data for ATIF ACPI method If a BIOS provides bad data in response to an ATIF method call this causes a NULL pointer dereference in the caller. ``` ? show_regs (arch/x86/kernel/dumpst

  • CVE-2024-50116Nov 5, 2024
    affected < 6.4.0-150600.23.30.1fixed 6.4.0-150600.23.30.1

    In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix kernel bug due to missing clearing of buffer delay flag Syzbot reported that after nilfs2 reads a corrupted file system image and degrades to read-only, the BUG_ON check for the buffer delay flag in

  • CVE-2024-50115Nov 5, 2024
    affected < 6.4.0-150600.23.30.1fixed 6.4.0-150600.23.30.1

    In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory Ignore nCR3[4:0] when loading PDPTEs from memory for nested SVM, as bits 4:0 of CR3 are ignored when PAE paging is used, and thus VMRUN doesn't enforc

  • CVE-2024-50110Nov 5, 2024
    affected < 6.4.0-150600.23.30.1fixed 6.4.0-150600.23.30.1

    In the Linux kernel, the following vulnerability has been resolved: xfrm: fix one more kernel-infoleak in algo dumping During fuzz testing, the following issue was discovered: BUG: KMSAN: kernel-infoleak in _copy_to_iter+0x598/0x2a30 _copy_to_iter+0x598/0x2a30 __skb_datagram

  • CVE-2024-50108Nov 5, 2024
    affected < 6.4.0-150600.23.30.1fixed 6.4.0-150600.23.30.1

    In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Disable PSR-SU on Parade 08-01 TCON too Stuart Hayhurst has found that both at bootup and fullscreen VA-API video is leading to black screens for around 1 second and kernel WARNING [1] traces w

  • CVE-2024-50106Nov 5, 2024
    affected < 6.4.0-150600.23.53.1fixed 6.4.0-150600.23.53.1

    In the Linux kernel, the following vulnerability has been resolved: nfsd: fix race between laundromat and free_stateid There is a race between laundromat handling of revoked delegations and a client sending free_stateid operation. Laundromat thread finds that delegation has exp

  • CVE-2024-50103Nov 5, 2024
    affected < 6.4.0-150600.23.30.1fixed 6.4.0-150600.23.30.1

    In the Linux kernel, the following vulnerability has been resolved: ASoC: qcom: Fix NULL Dereference in asoc_qcom_lpass_cpu_platform_probe() A devm_kzalloc() in asoc_qcom_lpass_cpu_platform_probe() could possibly return NULL pointer. NULL Pointer Dereference may be triggerred w

  • CVE-2024-50102Nov 5, 2024
    affected < 6.4.0-150600.23.30.1fixed 6.4.0-150600.23.30.1

    In the Linux kernel, the following vulnerability has been resolved: x86: fix user address masking non-canonical speculation issue It turns out that AMD has a "Meltdown Lite(tm)" issue with non-canonical accesses in kernel space. And so using just the high bit to decide whether

  • CVE-2024-50101Nov 5, 2024
    affected < 6.4.0-150600.23.30.1fixed 6.4.0-150600.23.30.1

    In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix incorrect pci_for_each_dma_alias() for non-PCI devices Previously, the domain_context_clear() function incorrectly called pci_for_each_dma_alias() to set up context entries for non-PCI devices.

  • CVE-2024-50100Nov 5, 2024
    affected < 6.4.0-150600.23.30.1fixed 6.4.0-150600.23.30.1

    In the Linux kernel, the following vulnerability has been resolved: USB: gadget: dummy-hcd: Fix "task hung" problem The syzbot fuzzer has been encountering "task hung" problems ever since the dummy-hcd driver was changed to use hrtimers instead of regular timers. It turns out

  • CVE-2024-50099Nov 5, 2024
    affected < 6.4.0-150600.23.30.1fixed 6.4.0-150600.23.30.1

    In the Linux kernel, the following vulnerability has been resolved: arm64: probes: Remove broken LDR (literal) uprobe support The simulate_ldr_literal() and simulate_ldrsw_literal() functions are unsafe to use for uprobes. Both functions were originally written for use with kpr

  • CVE-2024-50098Nov 5, 2024
    affected < 6.4.0-150600.23.30.1fixed 6.4.0-150600.23.30.1

    In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: core: Set SDEV_OFFLINE when UFS is shut down There is a history of deadlock if reboot is performed at the beginning of booting. SDEV_QUIESCE was set for all LU's scsi_devices by UFS shutdown, and at

  • CVE-2024-50096Nov 5, 2024
    affected < 6.4.0-150600.23.30.1fixed 6.4.0-150600.23.30.1

    In the Linux kernel, the following vulnerability has been resolved: nouveau/dmem: Fix vulnerability in migrate_to_ram upon copy error The `nouveau_dmem_copy_one` function ensures that the copy push command is sent to the device firmware but does not track whether it was execute

  • CVE-2024-50093Nov 5, 2024
    affected < 6.4.0-150600.23.30.1fixed 6.4.0-150600.23.30.1

    In the Linux kernel, the following vulnerability has been resolved: thermal: intel: int340x: processor: Fix warning during module unload The processor_thermal driver uses pcim_device_enable() to enable a PCI device, which means the device will be automatically disabled on drive

  • CVE-2023-52920MedNov 5, 2024
    affected < 6.4.0-150600.23.30.1fixed 6.4.0-150600.23.30.1

    In the Linux kernel, the following vulnerability has been resolved: bpf: support non-r10 register spill/fill to/from stack in precision tracking Use instruction (jump) history to record instructions that performed register spill/fill to/from stack, regardless if this was done t

  • CVE-2024-50088Oct 29, 2024
    affected < 6.4.0-150600.23.30.1fixed 6.4.0-150600.23.30.1

    In the Linux kernel, the following vulnerability has been resolved: btrfs: fix uninitialized pointer free in add_inode_ref() The add_inode_ref() function does not initialize the "name" struct when it is declared. If any of the following calls to "read_one_inode() returns NULL,

  • CVE-2024-50087Oct 29, 2024
    affected < 6.4.0-150600.23.30.1fixed 6.4.0-150600.23.30.1

    In the Linux kernel, the following vulnerability has been resolved: btrfs: fix uninitialized pointer free on read_alloc_one_name() error The function read_alloc_one_name() does not initialize the name field of the passed fscrypt_str struct if kmalloc fails to allocate the corre

  • CVE-2024-50085Oct 29, 2024
    affected < 6.4.0-150600.23.42.2fixed 6.4.0-150600.23.42.2

    In the Linux kernel, the following vulnerability has been resolved: mptcp: pm: fix UaF read in mptcp_pm_nl_rm_addr_or_subflow Syzkaller reported this splat: ================================================================== BUG: KASAN: slab-use-after-free in mptcp_pm_nl_rm

Page 123 of 209