rpm package
suse/kernel-default&distro=SUSE Linux Enterprise High Availability Extension 15 SP6
pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20High%20Availability%20Extension%2015%20SP6
Vulnerabilities (4,170)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-42106 | — | < 6.4.0-150600.23.22.1 | 6.4.0-150600.23.22.1 | Jul 30, 2024 | In the Linux kernel, the following vulnerability has been resolved: inet_diag: Initialize pad field in struct inet_diag_req_v2 KMSAN reported uninit-value access in raw_lookup() [1]. Diag for raw sockets uses the pad field in struct inet_diag_req_v2 for the underlying protocol. | ||
| CVE-2024-42105 | — | < 6.4.0-150600.23.22.1 | 6.4.0-150600.23.22.1 | Jul 30, 2024 | In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix inode number range checks Patch series "nilfs2: fix potential issues related to reserved inodes". This series fixes one use-after-free issue reported by syzbot, caused by nilfs2's internal inode be | ||
| CVE-2024-42104 | — | < 6.4.0-150600.23.22.1 | 6.4.0-150600.23.22.1 | Jul 30, 2024 | In the Linux kernel, the following vulnerability has been resolved: nilfs2: add missing check for inode numbers on directory entries Syzbot reported that mounting and unmounting a specific pattern of corrupted nilfs2 filesystem images causes a use-after-free of metadata file in | ||
| CVE-2024-42103 | — | < 6.4.0-150600.23.87.1 | 6.4.0-150600.23.87.1 | Jul 30, 2024 | In the Linux kernel, the following vulnerability has been resolved: btrfs: fix adding block group to a reclaim list and the unused list during reclaim There is a potential parallel list adding for retrying in btrfs_reclaim_bgs_work and adding to the unused list. Since the block | ||
| CVE-2024-42102 | — | < 6.4.0-150600.23.30.1 | 6.4.0-150600.23.30.1 | Jul 30, 2024 | In the Linux kernel, the following vulnerability has been resolved: Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again" Patch series "mm: Avoid possible overflows in dirty throttling". Dirty throttling logic assumes dirty limits in page units fit int | ||
| CVE-2024-42101 | — | < 6.4.0-150600.23.22.1 | 6.4.0-150600.23.22.1 | Jul 30, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes In nouveau_connector_get_modes(), the return value of drm_mode_duplicate() is assigned to mode, which will lead to a possible NULL pointe | ||
| CVE-2023-52888 | — | < 6.4.0-150600.23.60.5 | 6.4.0-150600.23.60.5 | Jul 30, 2024 | In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Only free buffer VA that is not NULL In the MediaTek vcodec driver, while mtk_vcodec_mem_free() is mostly called only when the buffer to free exists, there are some instances that didn' | ||
| CVE-2024-42097 | Med | 5.5 | < 6.4.0-150600.23.22.1 | 6.4.0-150600.23.22.1 | Jul 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: ALSA: emux: improve patch ioctl data validation In load_data(), make the validation of and skipping over the main info block match that in load_guspatch(). In load_guspatch(), add checking that the specified p | |
| CVE-2024-42096 | Med | 5.5 | < 6.4.0-150600.23.22.1 | 6.4.0-150600.23.22.1 | Jul 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: x86: stop playing stack games in profile_pc() The 'profile_pc()' function is used for timer-based profiling, which isn't really all that relevant any more to begin with, but it also ends up making assumptions b | |
| CVE-2024-42093 | Hig | 7.3 | < 6.4.0-150600.23.22.1 | 6.4.0-150600.23.22.1 | Jul 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: net/dpaa2: Avoid explicit cpumask var allocation on stack For CONFIG_CPUMASK_OFFSTACK=y kernel, explicit allocation of cpumask variable on stack is not recommended since it can cause potential stack overflow. | |
| CVE-2024-42098 | — | < 6.4.0-150600.23.22.1 | 6.4.0-150600.23.22.1 | Jul 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: crypto: ecdh - explicitly zeroize private_key private_key is overwritten with the key parameter passed in by the caller (if present), or alternatively a newly generated private key. However, it is possible that | ||
| CVE-2024-42095 | — | < 6.4.0-150600.23.22.1 | 6.4.0-150600.23.22.1 | Jul 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: serial: 8250_omap: Implementation of Errata i2310 As per Errata i2310[0], Erroneous timeout can be triggered, if this Erroneous interrupt is not cleared then it may leads to storm of interrupts, therefore apply | ||
| CVE-2024-42092 | — | < 6.4.0-150600.23.22.1 | 6.4.0-150600.23.22.1 | Jul 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: gpio: davinci: Validate the obtained number of IRQs Value of pdata->gpio_unbanked is taken from Device Tree. In case of broken DT due to any error this value can be any. Without this value validation there can | ||
| CVE-2024-42090 | Med | 5.5 | < 6.4.0-150600.23.22.1 | 6.4.0-150600.23.22.1 | Jul 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER In create_pinctrl(), pinctrl_maps_mutex is acquired before calling add_setting(). If add_setting() returns -EPROBE_DEFER, create_pinctrl() c | |
| CVE-2024-42089 | — | < 6.4.0-150600.23.22.1 | 6.4.0-150600.23.22.1 | Jul 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: ASoC: fsl-asoc-card: set priv->pdev before using it priv->pdev pointer was set after being used in fsl_asoc_card_audmux_init(). Move this assignment at the start of the probe function, so sub-functions can corr | ||
| CVE-2024-42087 | — | < 6.4.0-150600.23.22.1 | 6.4.0-150600.23.22.1 | Jul 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/panel: ilitek-ili9881c: Fix warning with GPIO controllers that sleep The ilitek-ili9881c controls the reset GPIO using the non-sleeping gpiod_set_value() function. This complains loudly when the GPIO contro | ||
| CVE-2024-42086 | — | < 6.4.0-150600.23.22.1 | 6.4.0-150600.23.22.1 | Jul 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: iio: chemical: bme680: Fix overflows in compensate() functions There are cases in the compensate functions of the driver that there could be overflows of variables due to bit shifting ops. These implications we | ||
| CVE-2024-42085 | — | < 6.4.0-150600.23.22.1 | 6.4.0-150600.23.22.1 | Jul 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: core: remove lock of otg mode during gadget suspend/resume to avoid deadlock When config CONFIG_USB_DWC3_DUAL_ROLE is selected, and trigger system to enter suspend status with below command: echo mem | ||
| CVE-2024-42082 | Med | 5.5 | < 6.4.0-150600.23.22.1 | 6.4.0-150600.23.22.1 | Jul 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: xdp: Remove WARN() from __xdp_reg_mem_model() syzkaller reports a warning in __xdp_reg_mem_model(). The warning occurs only if __mem_id_init_hash_table() returns an error. It returns the error in two cases: | |
| CVE-2024-42070 | Med | 5.5 | < 6.4.0-150600.23.22.1 | 6.4.0-150600.23.22.1 | Jul 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers register store validation for NFT_DATA_VALUE is conditional, however, the datatype is always either NFT_DATA_VALUE or NFT_DATA_VERD |
- CVE-2024-42106Jul 30, 2024affected < 6.4.0-150600.23.22.1fixed 6.4.0-150600.23.22.1
In the Linux kernel, the following vulnerability has been resolved: inet_diag: Initialize pad field in struct inet_diag_req_v2 KMSAN reported uninit-value access in raw_lookup() [1]. Diag for raw sockets uses the pad field in struct inet_diag_req_v2 for the underlying protocol.
- CVE-2024-42105Jul 30, 2024affected < 6.4.0-150600.23.22.1fixed 6.4.0-150600.23.22.1
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix inode number range checks Patch series "nilfs2: fix potential issues related to reserved inodes". This series fixes one use-after-free issue reported by syzbot, caused by nilfs2's internal inode be
- CVE-2024-42104Jul 30, 2024affected < 6.4.0-150600.23.22.1fixed 6.4.0-150600.23.22.1
In the Linux kernel, the following vulnerability has been resolved: nilfs2: add missing check for inode numbers on directory entries Syzbot reported that mounting and unmounting a specific pattern of corrupted nilfs2 filesystem images causes a use-after-free of metadata file in
- CVE-2024-42103Jul 30, 2024affected < 6.4.0-150600.23.87.1fixed 6.4.0-150600.23.87.1
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix adding block group to a reclaim list and the unused list during reclaim There is a potential parallel list adding for retrying in btrfs_reclaim_bgs_work and adding to the unused list. Since the block
- CVE-2024-42102Jul 30, 2024affected < 6.4.0-150600.23.30.1fixed 6.4.0-150600.23.30.1
In the Linux kernel, the following vulnerability has been resolved: Revert "mm/writeback: fix possible divide-by-zero in wb_dirty_limits(), again" Patch series "mm: Avoid possible overflows in dirty throttling". Dirty throttling logic assumes dirty limits in page units fit int
- CVE-2024-42101Jul 30, 2024affected < 6.4.0-150600.23.22.1fixed 6.4.0-150600.23.22.1
In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes In nouveau_connector_get_modes(), the return value of drm_mode_duplicate() is assigned to mode, which will lead to a possible NULL pointe
- CVE-2023-52888Jul 30, 2024affected < 6.4.0-150600.23.60.5fixed 6.4.0-150600.23.60.5
In the Linux kernel, the following vulnerability has been resolved: media: mediatek: vcodec: Only free buffer VA that is not NULL In the MediaTek vcodec driver, while mtk_vcodec_mem_free() is mostly called only when the buffer to free exists, there are some instances that didn'
- affected < 6.4.0-150600.23.22.1fixed 6.4.0-150600.23.22.1
In the Linux kernel, the following vulnerability has been resolved: ALSA: emux: improve patch ioctl data validation In load_data(), make the validation of and skipping over the main info block match that in load_guspatch(). In load_guspatch(), add checking that the specified p
- affected < 6.4.0-150600.23.22.1fixed 6.4.0-150600.23.22.1
In the Linux kernel, the following vulnerability has been resolved: x86: stop playing stack games in profile_pc() The 'profile_pc()' function is used for timer-based profiling, which isn't really all that relevant any more to begin with, but it also ends up making assumptions b
- affected < 6.4.0-150600.23.22.1fixed 6.4.0-150600.23.22.1
In the Linux kernel, the following vulnerability has been resolved: net/dpaa2: Avoid explicit cpumask var allocation on stack For CONFIG_CPUMASK_OFFSTACK=y kernel, explicit allocation of cpumask variable on stack is not recommended since it can cause potential stack overflow.
- CVE-2024-42098Jul 29, 2024affected < 6.4.0-150600.23.22.1fixed 6.4.0-150600.23.22.1
In the Linux kernel, the following vulnerability has been resolved: crypto: ecdh - explicitly zeroize private_key private_key is overwritten with the key parameter passed in by the caller (if present), or alternatively a newly generated private key. However, it is possible that
- CVE-2024-42095Jul 29, 2024affected < 6.4.0-150600.23.22.1fixed 6.4.0-150600.23.22.1
In the Linux kernel, the following vulnerability has been resolved: serial: 8250_omap: Implementation of Errata i2310 As per Errata i2310[0], Erroneous timeout can be triggered, if this Erroneous interrupt is not cleared then it may leads to storm of interrupts, therefore apply
- CVE-2024-42092Jul 29, 2024affected < 6.4.0-150600.23.22.1fixed 6.4.0-150600.23.22.1
In the Linux kernel, the following vulnerability has been resolved: gpio: davinci: Validate the obtained number of IRQs Value of pdata->gpio_unbanked is taken from Device Tree. In case of broken DT due to any error this value can be any. Without this value validation there can
- affected < 6.4.0-150600.23.22.1fixed 6.4.0-150600.23.22.1
In the Linux kernel, the following vulnerability has been resolved: pinctrl: fix deadlock in create_pinctrl() when handling -EPROBE_DEFER In create_pinctrl(), pinctrl_maps_mutex is acquired before calling add_setting(). If add_setting() returns -EPROBE_DEFER, create_pinctrl() c
- CVE-2024-42089Jul 29, 2024affected < 6.4.0-150600.23.22.1fixed 6.4.0-150600.23.22.1
In the Linux kernel, the following vulnerability has been resolved: ASoC: fsl-asoc-card: set priv->pdev before using it priv->pdev pointer was set after being used in fsl_asoc_card_audmux_init(). Move this assignment at the start of the probe function, so sub-functions can corr
- CVE-2024-42087Jul 29, 2024affected < 6.4.0-150600.23.22.1fixed 6.4.0-150600.23.22.1
In the Linux kernel, the following vulnerability has been resolved: drm/panel: ilitek-ili9881c: Fix warning with GPIO controllers that sleep The ilitek-ili9881c controls the reset GPIO using the non-sleeping gpiod_set_value() function. This complains loudly when the GPIO contro
- CVE-2024-42086Jul 29, 2024affected < 6.4.0-150600.23.22.1fixed 6.4.0-150600.23.22.1
In the Linux kernel, the following vulnerability has been resolved: iio: chemical: bme680: Fix overflows in compensate() functions There are cases in the compensate functions of the driver that there could be overflows of variables due to bit shifting ops. These implications we
- CVE-2024-42085Jul 29, 2024affected < 6.4.0-150600.23.22.1fixed 6.4.0-150600.23.22.1
In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: core: remove lock of otg mode during gadget suspend/resume to avoid deadlock When config CONFIG_USB_DWC3_DUAL_ROLE is selected, and trigger system to enter suspend status with below command: echo mem
- affected < 6.4.0-150600.23.22.1fixed 6.4.0-150600.23.22.1
In the Linux kernel, the following vulnerability has been resolved: xdp: Remove WARN() from __xdp_reg_mem_model() syzkaller reports a warning in __xdp_reg_mem_model(). The warning occurs only if __mem_id_init_hash_table() returns an error. It returns the error in two cases:
- affected < 6.4.0-150600.23.22.1fixed 6.4.0-150600.23.22.1
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fully validate NFT_DATA_VALUE on store to data registers register store validation for NFT_DATA_VALUE is conditional, however, the datatype is always either NFT_DATA_VALUE or NFT_DATA_VERD
Page 156 of 209