VYPR

rpm package

suse/kernel-default&distro=SUSE Linux Enterprise Live Patching 12 SP5

pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012%20SP5

Vulnerabilities (3,305)

  • CVE-2024-27043May 1, 2024
    affected < 4.12.14-122.216.1fixed 4.12.14-122.216.1

    In the Linux kernel, the following vulnerability has been resolved: media: edia: dvbdev: fix a use-after-free In dvb_register_device, *pdvbdev is set equal to dvbdev, which is freed in several error-handling paths. However, *pdvbdev is not set to NULL after dvbdev's deallocatio

  • CVE-2023-52650May 1, 2024
    affected < 4.12.14-122.216.1fixed 4.12.14-122.216.1

    In the Linux kernel, the following vulnerability has been resolved: drm/tegra: dsi: Add missing check for of_find_device_by_node Add check for the return value of of_find_device_by_node() and return the error if it fails in order to avoid NULL pointer dereference.

  • CVE-2024-27020HigMay 1, 2024
    affected < 4.12.14-122.225.1fixed 4.12.14-122.225.1

    In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: Fix potential data-race in __nft_expr_type_get() nft_unregister_expr() can concurrent with __nft_expr_type_get(), and there is not any protection when iterate over nf_tables_expressions li

  • CVE-2024-27013MedMay 1, 2024
    affected < 4.12.14-122.216.1fixed 4.12.14-122.216.1

    In the Linux kernel, the following vulnerability has been resolved: tun: limit printing rate when illegal packet received by tun dev vhost_worker will call tun call backs to receive packets. If too many illegal packets arrives, tun_do_read will keep dumping packet contents. Whe

  • CVE-2024-26993MedMay 1, 2024
    affected < 4.12.14-122.216.1fixed 4.12.14-122.216.1

    In the Linux kernel, the following vulnerability has been resolved: fs: sysfs: Fix reference leak in sysfs_break_active_protection() The sysfs_break_active_protection() routine has an obvious reference leak in its error path. If the call to kernfs_find_and_get() fails then kn

  • CVE-2024-26982HigMay 1, 2024
    affected < 4.12.14-122.269.1fixed 4.12.14-122.269.1

    In the Linux kernel, the following vulnerability has been resolved: Squashfs: check the inode number is not the invalid value of zero Syskiller has produced an out of bounds access in fill_meta_index(). That out of bounds access is ultimately caused because the inode has an in

  • CVE-2024-26974HigMay 1, 2024
    affected < 4.12.14-122.269.1fixed 4.12.14-122.269.1

    In the Linux kernel, the following vulnerability has been resolved: crypto: qat - resolve race condition during AER recovery During the PCI AER system's error recovery process, the kernel driver may encounter a race condition with freeing the reset_data structure's memory. If t

  • CVE-2024-26973MedMay 1, 2024
    affected < 4.12.14-122.222.1fixed 4.12.14-122.222.1

    In the Linux kernel, the following vulnerability has been resolved: fat: fix uninitialized field in nostale filehandles When fat_encode_fh_nostale() encodes file handle without a parent it stores only first 10 bytes of the file handle. However the length of the file handle must

  • CVE-2024-26958HigMay 1, 2024
    affected < 4.12.14-122.219.1fixed 4.12.14-122.219.1

    In the Linux kernel, the following vulnerability has been resolved: nfs: fix UAF in direct writes In production we have been hitting the following warning consistently ------------[ cut here ]------------ refcount_t: underflow; use-after-free. WARNING: CPU: 17 PID: 1800359 at

  • CVE-2024-26935MedMay 1, 2024
    affected < 4.12.14-122.293.1fixed 4.12.14-122.293.1

    In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix unremoved procfs host directory regression Commit fc663711b944 ("scsi: core: Remove the /proc/scsi/${proc_name} directory earlier") fixed a bug related to modules loading/unloading, by adding a

  • CVE-2024-26934HigMay 1, 2024
    affected < 4.12.14-122.219.1fixed 4.12.14-122.219.1

    In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix deadlock in usb_deauthorize_interface() Among the attribute file callback routines in drivers/usb/core/sysfs.c, the interface_authorized_store() function is the only one which acquires a device l

  • CVE-2024-27019May 1, 2024
    affected < 4.12.14-122.225.1fixed 4.12.14-122.225.1

    In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: Fix potential data-race in __nft_obj_type_get() nft_unregister_obj() can concurrent with __nft_obj_type_get(), and there is not any protection when iterate over nf_tables_objects list in _

  • CVE-2024-27014May 1, 2024
    affected < 4.12.14-122.216.1fixed 4.12.14-122.216.1

    In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Prevent deadlock while disabling aRFS When disabling aRFS under the `priv->state_lock`, any scheduled aRFS works are canceled using the `cancel_work_sync` function, which waits for the work to end if

  • CVE-2024-27011May 1, 2024
    affected < 4.12.14-122.228.1fixed 4.12.14-122.228.1

    In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fix memleak in map from abort path The delete set command does not rely on the transaction object for element removal, therefore, a combination of delete element + delete set from the abor

  • CVE-2024-27010May 1, 2024
    affected < 4.12.14-122.261.1fixed 4.12.14-122.261.1

    In the Linux kernel, the following vulnerability has been resolved: net/sched: Fix mirred deadlock on device recursion When the mirred action is used on a classful egress qdisc and a packet is mirrored or redirected to self we hit a qdisc lock deadlock. See trace below. [.....

  • CVE-2024-27008May 1, 2024
    affected < 4.12.14-122.219.1fixed 4.12.14-122.219.1

    In the Linux kernel, the following vulnerability has been resolved: drm: nv04: Fix out of bounds access When Output Resource (dcb->or) value is assigned in fabricate_dcb_output(), there may be out of bounds access to dac_users array in case dcb->or is zero because ffs(dcb->or)

  • CVE-2024-26996May 1, 2024
    affected < 4.12.14-122.219.1fixed 4.12.14-122.219.1

    In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_ncm: Fix UAF ncm object at re-bind after usb ep transport error When ncm function is working and then stop usb0 interface for link down, eth_stop() is called. At this piont, accidentally if usb t

  • CVE-2024-26984May 1, 2024
    affected < 4.12.14-122.219.1fixed 4.12.14-122.219.1

    In the Linux kernel, the following vulnerability has been resolved: nouveau: fix instmem race condition around ptr stores Running a lot of VK CTS in parallel against nouveau, once every few hours you might see something like this crash. BUG: kernel NULL pointer dereference, ad

  • CVE-2024-26976May 1, 2024
    affected < 4.12.14-122.244.1fixed 4.12.14-122.244.1

    In the Linux kernel, the following vulnerability has been resolved: KVM: Always flush async #PF workqueue when vCPU is being destroyed Always flush the per-vCPU async #PF workqueue when a vCPU is clearing its completion queue, e.g. when a VM and all its vCPUs is being destroyed

  • CVE-2024-26957May 1, 2024
    affected < 4.12.14-122.219.1fixed 4.12.14-122.219.1

    In the Linux kernel, the following vulnerability has been resolved: s390/zcrypt: fix reference counting on zcrypt card objects Tests with hot-plugging crytpo cards on KVM guests with debug kernel build revealed an use after free for the load field of the struct zcrypt_card. The

Page 120 of 166