VYPR

rpm package

suse/kernel-default&distro=SUSE Linux Enterprise High Availability Extension 15 SP6

pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP6

Vulnerabilities (4,170)

  • CVE-2024-46783MedSep 18, 2024
    affected < 6.4.0-150600.23.25.1fixed 6.4.0-150600.23.25.1

    In the Linux kernel, the following vulnerability has been resolved: tcp_bpf: fix return value of tcp_bpf_sendmsg() When we cork messages in psock->cork, the last message triggers the flushing will result in sending a sk_msg larger than the current message size. In this case, in

  • CVE-2024-46770MedSep 18, 2024
    affected < 6.4.0-150600.23.30.1fixed 6.4.0-150600.23.30.1

    In the Linux kernel, the following vulnerability has been resolved: ice: Add netif_device_attach/detach into PF reset flow Ethtool callbacks can be executed while reset is in progress and try to access deleted resources, e.g. getting coalesce settings can result in a NULL point

  • CVE-2024-46759HigSep 18, 2024
    affected < 6.4.0-150600.23.25.1fixed 6.4.0-150600.23.25.1

    In the Linux kernel, the following vulnerability has been resolved: hwmon: (adc128d818) Fix underflows seen when writing limit attributes DIV_ROUND_CLOSEST() after kstrtol() results in an underflow if a large negative number such as -9223372036854775808 is provided by the user.

  • CVE-2024-46750MedSep 18, 2024
    affected < 6.4.0-150600.23.25.1fixed 6.4.0-150600.23.25.1

    In the Linux kernel, the following vulnerability has been resolved: PCI: Add missing bridge lock to pci_bus_lock() One of the true positives that the cfg_access_lock lockdep effort identified is this sequence: WARNING: CPU: 14 PID: 1 at drivers/pci/pci.c:4886 pci_bridge_seco

  • CVE-2024-46746HigSep 18, 2024
    affected < 6.4.0-150600.23.25.1fixed 6.4.0-150600.23.25.1

    In the Linux kernel, the following vulnerability has been resolved: HID: amd_sfh: free driver_data after destroying hid device HID driver callbacks aren't called anymore once hid_destroy_device() has been called. Hence, hid driver_data should be freed only after the hid_destroy

  • CVE-2024-46745MedSep 18, 2024
    affected < 6.4.0-150600.23.25.1fixed 6.4.0-150600.23.25.1

    In the Linux kernel, the following vulnerability has been resolved: Input: uinput - reject requests with unreasonable number of slots When exercising uinput interface syzkaller may try setting up device with a really large number of slots, which causes memory allocation failur

  • CVE-2024-46744HigSep 18, 2024
    affected < 6.4.0-150600.23.25.1fixed 6.4.0-150600.23.25.1

    In the Linux kernel, the following vulnerability has been resolved: Squashfs: sanity check symbolic link size Syzkiller reports a "KMSAN: uninit-value in pick_link" bug. This is caused by an uninitialised page, which is ultimately caused by a corrupted symbolic link size read

  • CVE-2024-46743HigSep 18, 2024
    affected < 6.4.0-150600.23.25.1fixed 6.4.0-150600.23.25.1

    In the Linux kernel, the following vulnerability has been resolved: of/irq: Prevent device address out-of-bounds read in interrupt map walk When of_irq_parse_raw() is invoked with a device address smaller than the interrupt parent node (from #address-cells property), KASAN dete

  • CVE-2024-46725HigSep 18, 2024
    affected < 6.4.0-150600.23.25.1fixed 6.4.0-150600.23.25.1

    In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix out-of-bounds write warning Check the ring type value to fix the out-of-bounds write warning

  • CVE-2024-46715MedSep 18, 2024
    affected < 6.4.0-150600.23.25.1fixed 6.4.0-150600.23.25.1

    In the Linux kernel, the following vulnerability has been resolved: driver: iio: add missing checks on iio_info's callback access Some callbacks from iio_info structure are accessed without any check, so if a driver doesn't implement them trying to access the corresponding sysf

  • CVE-2024-46800Sep 18, 2024
    affected < 6.4.0-150600.23.30.1fixed 6.4.0-150600.23.30.1

    In the Linux kernel, the following vulnerability has been resolved: sch/netem: fix use after free in netem_dequeue If netem_dequeue() enqueues packet to inner qdisc and that qdisc returns __NET_XMIT_STOLEN. The packet is dropped but qdisc_tree_reduce_backlog() is not called to

  • CVE-2024-46798Sep 18, 2024
    affected < 6.4.0-150600.23.25.1fixed 6.4.0-150600.23.25.1

    In the Linux kernel, the following vulnerability has been resolved: ASoC: dapm: Fix UAF for snd_soc_pcm_runtime object When using kernel with the following extra config, - CONFIG_KASAN=y - CONFIG_KASAN_GENERIC=y - CONFIG_KASAN_INLINE=y - CONFIG_KASAN_VMALLOC=y - CONF

  • CVE-2024-46797Sep 18, 2024
    affected < 6.4.0-150600.23.25.1fixed 6.4.0-150600.23.25.1

    In the Linux kernel, the following vulnerability has been resolved: powerpc/qspinlock: Fix deadlock in MCS queue If an interrupt occurs in queued_spin_lock_slowpath() after we increment qnodesp->count and before node->lock is initialized, another CPU might see stale lock values

  • CVE-2024-46796Sep 18, 2024
    affected < 6.4.0-150600.23.47.2fixed 6.4.0-150600.23.47.2

    In the Linux kernel, the following vulnerability has been resolved: smb: client: fix double put of @cfile in smb2_set_path_size() If smb2_compound_op() is called with a valid @cfile and returned -EINVAL, we need to call cifs_get_writable_path() before retrying it as the referen

  • CVE-2024-46794Sep 18, 2024
    affected < 6.4.0-150600.23.25.1fixed 6.4.0-150600.23.25.1

    In the Linux kernel, the following vulnerability has been resolved: x86/tdx: Fix data leak in mmio_read() The mmio_read() function makes a TDVMCALL to retrieve MMIO data for an address from the VMM. Sean noticed that mmio_read() unintentionally exposes the value of an initiali

  • CVE-2024-46791Sep 18, 2024
    affected < 6.4.0-150600.23.25.1fixed 6.4.0-150600.23.25.1

    In the Linux kernel, the following vulnerability has been resolved: can: mcp251x: fix deadlock if an interrupt occurs during mcp251x_open The mcp251x_hw_wake() function is called with the mpc_lock mutex held and disables the interrupt handler so that no interrupts can be proces

  • CVE-2024-46788Sep 18, 2024
    affected < 6.4.0-150600.23.30.1fixed 6.4.0-150600.23.30.1

    In the Linux kernel, the following vulnerability has been resolved: tracing/osnoise: Use a cpumask to know what threads are kthreads The start_kthread() and stop_thread() code was not always called with the interface_lock held. This means that the kthread variable could be unex

  • CVE-2024-46787Sep 18, 2024
    affected < 6.4.0-150600.23.25.1fixed 6.4.0-150600.23.25.1

    In the Linux kernel, the following vulnerability has been resolved: userfaultfd: fix checks for huge PMDs Patch series "userfaultfd: fix races around pmd_trans_huge() check", v2. The pmd_trans_huge() code in mfill_atomic() is wrong in three different ways depending on kernel v

  • CVE-2024-46784Sep 18, 2024
    affected < 6.4.0-150600.23.25.1fixed 6.4.0-150600.23.25.1

    In the Linux kernel, the following vulnerability has been resolved: net: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup Currently napi_disable() gets called during rxq and txq cleanup, even before napi is enabled and hrtimer is initialized. It causes kernel pani

  • CVE-2024-46782Sep 18, 2024
    affected < 6.4.0-150600.23.47.2fixed 6.4.0-150600.23.47.2

    In the Linux kernel, the following vulnerability has been resolved: ila: call nf_unregister_net_hooks() sooner syzbot found an use-after-free Read in ila_nf_input [1] Issue here is that ila_xlat_exit_net() frees the rhashtable, then call nf_unregister_net_hooks(). It should b

Page 139 of 209