suse/kernel-default&distro=SUSE Linux Enterprise High Performance Computing 15 SP5-ESPOS

Vulnerabilities (2,318)

• CVE-2024-53056Nov 19, 2024
  affected < 5.14.21-150500.55.91.1fixed 5.14.21-150500.55.91.1

  In the Linux kernel, the following vulnerability has been resolved: drm/mediatek: Fix potential NULL dereference in mtk_crtc_destroy() In mtk_crtc_create(), if the call to mbox_request_channel() fails then we set the "mtk_crtc->cmdq_client.chan" pointer to NULL. In that situat

• CVE-2024-53055Nov 19, 2024
  affected < 5.14.21-150500.55.91.1fixed 5.14.21-150500.55.91.1

  In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: fix 6 GHz scan construction If more than 255 colocated APs exist for the set of all APs found during 2.4/5 GHz scanning, then the 6 GHz scan construction will loop forever since the loop var

• CVE-2024-53051Nov 19, 2024
  affected < 5.14.21-150500.55.91.1fixed 5.14.21-150500.55.91.1

  In the Linux kernel, the following vulnerability has been resolved: drm/i915/hdcp: Add encoder check in intel_hdcp_get_capability Sometimes during hotplug scenario or suspend/resume scenario encoder is not always initialized when intel_hdcp_get_capability add a check to avoid k

• CVE-2024-50299MedNov 19, 2024
  affected < 5.14.21-150500.55.94.1fixed 5.14.21-150500.55.94.1

  In the Linux kernel, the following vulnerability has been resolved: sctp: properly validate chunk size in sctp_sf_ootb() A size validation fix similar to that in Commit 50619dbf8db7 ("sctp: add size validation when walking chunks") is also required in sctp_sf_ootb() to address

• CVE-2024-50296Nov 19, 2024
  affected < 5.14.21-150500.55.91.1fixed 5.14.21-150500.55.91.1

  In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix kernel crash when uninstalling driver When the driver is uninstalled and the VF is disabled concurrently, a kernel crash occurs. The reason is that the two actions call function pci_disable_sriov

• CVE-2024-50290Nov 19, 2024
  affected < 5.14.21-150500.55.100.1fixed 5.14.21-150500.55.100.1

  In the Linux kernel, the following vulnerability has been resolved: media: cx24116: prevent overflows on SNR calculus as reported by Coverity, if reading SNR registers fail, a negative number will be returned, causing an underflow when reading SNR registers. Prevent that.

• CVE-2024-50280Nov 19, 2024
  affected < 5.14.21-150500.55.91.1fixed 5.14.21-150500.55.91.1

  In the Linux kernel, the following vulnerability has been resolved: dm cache: fix flushing uninitialized delayed_work on cache_ctr error An unexpected WARN_ON from flush_work() may occur when cache creation fails, caused by destroying the uninitialized delayed_work waker in the

• CVE-2024-50279Nov 19, 2024
  affected < 5.14.21-150500.55.91.1fixed 5.14.21-150500.55.91.1

  In the Linux kernel, the following vulnerability has been resolved: dm cache: fix out-of-bounds access to the dirty bitset when resizing dm-cache checks the dirty bits of the cache blocks to be dropped when shrinking the fast device, but an index bug in bitset iteration causes

• CVE-2024-50278Nov 19, 2024
  affected < 5.14.21-150500.55.91.1fixed 5.14.21-150500.55.91.1

  In the Linux kernel, the following vulnerability has been resolved: dm cache: fix potential out-of-bounds access on the first resume Out-of-bounds access occurs if the fast device is expanded unexpectedly before the first-time resume of the cache table. This happens because exp

• CVE-2024-50275Nov 19, 2024
  affected < 5.14.21-150500.55.94.1fixed 5.14.21-150500.55.94.1

  In the Linux kernel, the following vulnerability has been resolved: arm64/sve: Discard stale CPU state when handling SVE traps The logic for handling SVE traps manipulates saved FPSIMD/SVE state incorrectly, and a race with preemption can result in a task having TIF_SVE set and

• CVE-2024-50262HigNov 9, 2024
  affected < 5.14.21-150500.55.91.1fixed 5.14.21-150500.55.91.1

  In the Linux kernel, the following vulnerability has been resolved: bpf: Fix out-of-bounds write in trie_get_next_key() trie_get_next_key() allocates a node stack with size trie->max_prefixlen, while it writes (trie->max_prefixlen + 1) nodes to the stack when it has full paths

• CVE-2024-50256Nov 9, 2024
  affected < 5.14.21-150500.55.91.1fixed 5.14.21-150500.55.91.1

  In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6() I got a syzbot report without a repro [1] crashing in nf_send_reset6() I think the issue is that dev->hard_header_len is zero, and we attempt

• CVE-2024-50210MedNov 8, 2024
  affected < 5.14.21-150500.55.94.1fixed 5.14.21-150500.55.94.1

  In the Linux kernel, the following vulnerability has been resolved: posix-clock: posix-clock: Fix unbalanced locking in pc_clock_settime() If get_clock_desc() succeeds, it calls fget() for the clockid's fd, and get the clk->rwsem read lock, so the error path should release the

• CVE-2024-50211Nov 8, 2024
  affected < 5.14.21-150500.55.91.1fixed 5.14.21-150500.55.91.1

  In the Linux kernel, the following vulnerability has been resolved: udf: refactor inode_bmap() to handle error Refactor inode_bmap() to handle error since udf_next_aext() can return error now. On situations like ftruncate, udf_extend_file() can now detect errors and bail out ea

• CVE-2024-50202Nov 8, 2024
  affected < 5.14.21-150500.55.91.1fixed 5.14.21-150500.55.91.1

  In the Linux kernel, the following vulnerability has been resolved: nilfs2: propagate directory read errors from nilfs_find_entry() Syzbot reported that a task hang occurs in vcs_open() during a fuzzing test for nilfs2. The root cause of this problem is that in nilfs_find_entr

• CVE-2024-50199Nov 8, 2024
  affected < 5.14.21-150500.55.94.1fixed 5.14.21-150500.55.94.1

  In the Linux kernel, the following vulnerability has been resolved: mm/swapfile: skip HugeTLB pages for unuse_vma I got a bad pud error and lost a 1GB HugeTLB when calling swapoff. The problem can be reproduced by the following steps: 1. Allocate an anonymous 1GB HugeTLB and

• CVE-2024-50195Nov 8, 2024
  affected < 5.14.21-150500.55.94.1fixed 5.14.21-150500.55.94.1

  In the Linux kernel, the following vulnerability has been resolved: posix-clock: Fix missing timespec64 check in pc_clock_settime() As Andrew pointed out, it will make sense that the PTP core checked timespec64 struct's tv_sec and tv_nsec range before calling ptp->info->settime

• CVE-2024-50151HigNov 7, 2024
  affected < 5.14.21-150500.55.94.1fixed 5.14.21-150500.55.94.1

  In the Linux kernel, the following vulnerability has been resolved: smb: client: fix OOBs when building SMB2_IOCTL request When using encryption, either enforced by the server or when using 'seal' mount option, the client will squash all compound request buffers down for encryp

• CVE-2024-50142MedNov 7, 2024
  affected < 5.14.21-150500.55.94.1fixed 5.14.21-150500.55.94.1

  In the Linux kernel, the following vulnerability has been resolved: xfrm: validate new SA's prefixlen using SA family when sel.family is unset This expands the validation introduced in commit 07bf7908950a ("xfrm: Validate address prefix lengths in the xfrm selector.") syzbot c

• CVE-2024-50166Nov 7, 2024
  affected < 5.14.21-150500.55.91.1fixed 5.14.21-150500.55.91.1

  In the Linux kernel, the following vulnerability has been resolved: fsl/fman: Fix refcount handling of fman-related devices In mac_probe() there are multiple calls to of_find_device_by_node(), fman_bind() and fman_port_bind() which takes references to of_dev->dev. Not all refer