VYPR

rpm package

suse/kernel-default&distro=SUSE Linux Enterprise Live Patching 12 SP5

pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012%20SP5

Vulnerabilities (3,305)

  • CVE-2024-46759HigSep 18, 2024
    affected < 4.12.14-122.231.1fixed 4.12.14-122.231.1

    In the Linux kernel, the following vulnerability has been resolved: hwmon: (adc128d818) Fix underflows seen when writing limit attributes DIV_ROUND_CLOSEST() after kstrtol() results in an underflow if a large negative number such as -9223372036854775808 is provided by the user.

  • CVE-2024-46750MedSep 18, 2024
    affected < 4.12.14-122.231.1fixed 4.12.14-122.231.1

    In the Linux kernel, the following vulnerability has been resolved: PCI: Add missing bridge lock to pci_bus_lock() One of the true positives that the cfg_access_lock lockdep effort identified is this sequence: WARNING: CPU: 14 PID: 1 at drivers/pci/pci.c:4886 pci_bridge_seco

  • CVE-2024-46745MedSep 18, 2024
    affected < 4.12.14-122.231.1fixed 4.12.14-122.231.1

    In the Linux kernel, the following vulnerability has been resolved: Input: uinput - reject requests with unreasonable number of slots When exercising uinput interface syzkaller may try setting up device with a really large number of slots, which causes memory allocation failur

  • CVE-2024-46744HigSep 18, 2024
    affected < 4.12.14-122.231.1fixed 4.12.14-122.231.1

    In the Linux kernel, the following vulnerability has been resolved: Squashfs: sanity check symbolic link size Syzkiller reports a "KMSAN: uninit-value in pick_link" bug. This is caused by an uninitialised page, which is ultimately caused by a corrupted symbolic link size read

  • CVE-2024-46743HigSep 18, 2024
    affected < 4.12.14-122.231.1fixed 4.12.14-122.231.1

    In the Linux kernel, the following vulnerability has been resolved: of/irq: Prevent device address out-of-bounds read in interrupt map walk When of_irq_parse_raw() is invoked with a device address smaller than the interrupt parent node (from #address-cells property), KASAN dete

  • CVE-2024-46715MedSep 18, 2024
    affected < 4.12.14-122.231.1fixed 4.12.14-122.231.1

    In the Linux kernel, the following vulnerability has been resolved: driver: iio: add missing checks on iio_info's callback access Some callbacks from iio_info structure are accessed without any check, so if a driver doesn't implement them trying to access the corresponding sysf

  • CVE-2024-46800Sep 18, 2024
    affected < 4.12.14-122.237.1fixed 4.12.14-122.237.1

    In the Linux kernel, the following vulnerability has been resolved: sch/netem: fix use after free in netem_dequeue If netem_dequeue() enqueues packet to inner qdisc and that qdisc returns __NET_XMIT_STOLEN. The packet is dropped but qdisc_tree_reduce_backlog() is not called to

  • CVE-2024-46787Sep 18, 2024
    affected < 4.12.14-122.231.1fixed 4.12.14-122.231.1

    In the Linux kernel, the following vulnerability has been resolved: userfaultfd: fix checks for huge PMDs Patch series "userfaultfd: fix races around pmd_trans_huge() check", v2. The pmd_trans_huge() code in mfill_atomic() is wrong in three different ways depending on kernel v

  • CVE-2024-46784Sep 18, 2024
    affected < 4.12.14-122.231.1fixed 4.12.14-122.231.1

    In the Linux kernel, the following vulnerability has been resolved: net: mana: Fix error handling in mana_create_txq/rxq's NAPI cleanup Currently napi_disable() gets called during rxq and txq cleanup, even before napi is enabled and hrtimer is initialized. It causes kernel pani

  • CVE-2024-46777Sep 18, 2024
    affected < 4.12.14-122.237.1fixed 4.12.14-122.237.1

    In the Linux kernel, the following vulnerability has been resolved: udf: Avoid excessive partition lengths Avoid mounting filesystems where the partition would overflow the 32-bits used for block number. Also refuse to mount filesystems where the partition length is so large we

  • CVE-2024-46774Sep 18, 2024
    affected < 4.12.14-122.231.1fixed 4.12.14-122.231.1

    In the Linux kernel, the following vulnerability has been resolved: powerpc/rtas: Prevent Spectre v1 gadget construction in sys_rtas() Smatch warns: arch/powerpc/kernel/rtas.c:1932 __do_sys_rtas() warn: potential spectre issue 'args.args' [r] (local cap) The 'nargs' and '

  • CVE-2024-46771Sep 18, 2024
    affected < 4.12.14-122.237.1fixed 4.12.14-122.237.1

    In the Linux kernel, the following vulnerability has been resolved: can: bcm: Remove proc entry when dev is unregistered. syzkaller reported a warning in bcm_connect() below. [0] The repro calls connect() to vxcan1, removes vxcan1, and calls connect() with ifindex == 0. Calli

  • CVE-2024-46763Sep 18, 2024
    affected < 4.12.14-122.258.1fixed 4.12.14-122.258.1

    In the Linux kernel, the following vulnerability has been resolved: fou: Fix null-ptr-deref in GRO. We observed a null-ptr-deref in fou_gro_receive() while shutting down a host. [0] The NULL pointer is sk->sk_user_data, and the offset 8 is of protocol in struct fou. When fou

  • CVE-2024-46761Sep 18, 2024
    affected < 4.12.14-122.231.1fixed 4.12.14-122.231.1

    In the Linux kernel, the following vulnerability has been resolved: pci/hotplug/pnv_php: Fix hotplug driver crash on Powernv The hotplug driver for powerpc (pci/hotplug/pnv_php.c) causes a kernel crash when we try to hot-unplug/disable the PCIe switch/bridge from the PHB. The

  • CVE-2024-46755Sep 18, 2024
    affected < 4.12.14-122.234.1fixed 4.12.14-122.234.1

    In the Linux kernel, the following vulnerability has been resolved: wifi: mwifiex: Do not return unused priv in mwifiex_get_priv_by_id() mwifiex_get_priv_by_id() returns the priv pointer corresponding to the bss_num and bss_type, but without checking if the priv is actually cur

  • CVE-2024-46753Sep 18, 2024
    affected < 4.12.14-122.231.1fixed 4.12.14-122.231.1

    In the Linux kernel, the following vulnerability has been resolved: btrfs: handle errors from btrfs_dec_ref() properly In walk_up_proc() we BUG_ON(ret) from btrfs_dec_ref(). This is incorrect, we have proper error handling here, return the error.

  • CVE-2024-46752Sep 18, 2024
    affected < 4.12.14-122.261.1fixed 4.12.14-122.261.1

    In the Linux kernel, the following vulnerability has been resolved: btrfs: replace BUG_ON() with error handling at update_ref_for_cow() Instead of a BUG_ON() just return an error, log an error message and abort the transaction in case we find an extent buffer belonging to the r

  • CVE-2024-46751Sep 18, 2024
    affected < 4.12.14-122.261.1fixed 4.12.14-122.261.1

    In the Linux kernel, the following vulnerability has been resolved: btrfs: don't BUG_ON() when 0 reference count at btrfs_lookup_extent_info() Instead of doing a BUG_ON() handle the error by returning -EUCLEAN, aborting the transaction and logging an error message.

  • CVE-2024-46739Sep 18, 2024
    affected < 4.12.14-122.231.1fixed 4.12.14-122.231.1

    In the Linux kernel, the following vulnerability has been resolved: uio_hv_generic: Fix kernel NULL pointer dereference in hv_uio_rescind For primary VM Bus channels, primary_channel pointer is always NULL. This pointer is valid only for the secondary channels. Also, rescind ca

  • CVE-2024-46738Sep 18, 2024
    affected < 4.12.14-122.231.1fixed 4.12.14-122.231.1

    In the Linux kernel, the following vulnerability has been resolved: VMCI: Fix use-after-free when removing resource in vmci_resource_remove() When removing a resource from vmci_resource_table in vmci_resource_remove(), the search is performed using the resource handle by compar

Page 88 of 166