rpm package
suse/kernel-default&distro=SUSE Linux Enterprise Live Patching 12 SP5
pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2012%20SP5
Vulnerabilities (3,305)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-42229 | — | < 4.12.14-122.237.1 | 4.12.14-122.237.1 | Jul 30, 2024 | In the Linux kernel, the following vulnerability has been resolved: crypto: aead,cipher - zeroize key buffer after use I.G 9.7.B for FIPS 140-3 specifies that variables temporarily holding cryptographic information should be zeroized once they are no longer needed. Accomplish t | ||
| CVE-2024-42228 | — | < 4.12.14-122.228.1 | 4.12.14-122.228.1 | Jul 30, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc Initialize the size before calling amdgpu_vce_cs_reloc, such as case 0x03000001. V2: To really improve the handling we would actually | ||
| CVE-2024-42224 | — | < 4.12.14-122.225.1 | 4.12.14-122.225.1 | Jul 30, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: dsa: mv88e6xxx: Correct check for empty list Since commit a3c53be55c95 ("net: dsa: mv88e6xxx: Support multiple MDIO busses") mv88e6xxx_default_mdio_bus() has checked that the return value of list_first_ent | ||
| CVE-2024-42223 | — | < 4.12.14-122.225.1 | 4.12.14-122.225.1 | Jul 30, 2024 | In the Linux kernel, the following vulnerability has been resolved: media: dvb-frontends: tda10048: Fix integer overflow state->xtal_hz can be up to 16M, so it can overflow a 32 bit integer when multiplied by pll_mfactor. Create a new 64 bit variable to hold the calculations. | ||
| CVE-2024-42162 | — | < 4.12.14-122.228.1 | 4.12.14-122.228.1 | Jul 30, 2024 | In the Linux kernel, the following vulnerability has been resolved: gve: Account for stopped queues when reading NIC stats We now account for the fact that the NIC might send us stats for a subset of queues. Without this change, gve_get_ethtool_stats might make an invalid acces | ||
| CVE-2024-42158 | — | < 4.12.14-122.228.1 | 4.12.14-122.228.1 | Jul 30, 2024 | In the Linux kernel, the following vulnerability has been resolved: s390/pkey: Use kfree_sensitive() to fix Coccinelle warnings Replace memzero_explicit() and kfree() with kfree_sensitive() to fix warnings reported by Coccinelle: WARNING opportunity for kfree_sensitive/kvfree_ | ||
| CVE-2024-42157 | — | < 4.12.14-122.228.1 | 4.12.14-122.228.1 | Jul 30, 2024 | In the Linux kernel, the following vulnerability has been resolved: s390/pkey: Wipe sensitive data on failure Wipe sensitive data from stack also if the copy_to_user() fails. | ||
| CVE-2024-42155 | — | < 4.12.14-122.228.1 | 4.12.14-122.228.1 | Jul 30, 2024 | In the Linux kernel, the following vulnerability has been resolved: s390/pkey: Wipe copies of protected- and secure-keys Although the clear-key of neither protected- nor secure-keys is accessible, this key material should only be visible to the calling process. So wipe all copi | ||
| CVE-2024-42154 | — | < 4.12.14-122.231.1 | 4.12.14-122.231.1 | Jul 30, 2024 | In the Linux kernel, the following vulnerability has been resolved: tcp_metrics: validate source addr length I don't see anything checking that TCP_METRICS_ATTR_SADDR_IPV4 is at least 4 bytes long, and the policy doesn't have an entry for this attribute at all (neither does it | ||
| CVE-2024-42148 | — | < 4.12.14-122.228.1 | 4.12.14-122.228.1 | Jul 30, 2024 | In the Linux kernel, the following vulnerability has been resolved: bnx2x: Fix multiple UBSAN array-index-out-of-bounds Fix UBSAN warnings that occur when using a system with 32 physical cpu cores or more, or when the user defines a number of Ethernet queues greater than or equ | ||
| CVE-2024-42145 | — | < 4.12.14-122.225.1 | 4.12.14-122.225.1 | Jul 30, 2024 | In the Linux kernel, the following vulnerability has been resolved: IB/core: Implement a limit on UMAD receive List The existing behavior of ib_umad, which maintains received MAD packets in an unbounded list, poses a risk of uncontrolled growth. As user-space applications extra | ||
| CVE-2024-42131 | — | < 4.12.14-122.237.1 | 4.12.14-122.237.1 | Jul 30, 2024 | In the Linux kernel, the following vulnerability has been resolved: mm: avoid overflows in dirty throttling logic The dirty throttling logic is interspersed with assumptions that dirty limits in PAGE_SIZE units fit into 32-bit (so that various multiplications fit into 64-bits). | ||
| CVE-2024-42124 | — | < 4.12.14-122.225.1 | 4.12.14-122.225.1 | Jul 30, 2024 | In the Linux kernel, the following vulnerability has been resolved: scsi: qedf: Make qedf_execute_tmf() non-preemptible Stop calling smp_processor_id() from preemptible code in qedf_execute_tmf90. This results in BUG_ON() when running an RT kernel. [ 659.343280] BUG: using sm | ||
| CVE-2024-42120 | — | < 4.12.14-122.225.1 | 4.12.14-122.225.1 | Jul 30, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check pipe offset before setting vblank pipe_ctx has a size of MAX_PIPES so checking its index before accessing the array. This fixes an OVERRUN issue reported by Coverity. | ||
| CVE-2024-42119 | — | < 4.12.14-122.225.1 | 4.12.14-122.225.1 | Jul 30, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Skip finding free audio for unknown engine_id [WHY] ENGINE_ID_UNKNOWN = -1 and can not be used as an array index. Plus, it also means it is uninitialized and does not need free audio. [HOW] Sk | ||
| CVE-2024-42110 | — | < 4.12.14-122.228.1 | 4.12.14-122.228.1 | Jul 30, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: ntb_netdev: Move ntb_netdev_rx_handler() to call netif_rx() from __netif_rx() The following is emitted when using idxd (DSA) dmanegine as the data mover for ntb_transport that ntb_netdev uses. [74412.5469 | ||
| CVE-2024-42106 | — | < 4.12.14-122.228.1 | 4.12.14-122.228.1 | Jul 30, 2024 | In the Linux kernel, the following vulnerability has been resolved: inet_diag: Initialize pad field in struct inet_diag_req_v2 KMSAN reported uninit-value access in raw_lookup() [1]. Diag for raw sockets uses the pad field in struct inet_diag_req_v2 for the underlying protocol. | ||
| CVE-2024-42101 | — | < 4.12.14-122.228.1 | 4.12.14-122.228.1 | Jul 30, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes In nouveau_connector_get_modes(), the return value of drm_mode_duplicate() is assigned to mode, which will lead to a possible NULL pointe | ||
| CVE-2024-42096 | Med | 5.5 | < 4.12.14-122.225.1 | 4.12.14-122.225.1 | Jul 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: x86: stop playing stack games in profile_pc() The 'profile_pc()' function is used for timer-based profiling, which isn't really all that relevant any more to begin with, but it also ends up making assumptions b | |
| CVE-2024-42093 | Hig | 7.3 | < 4.12.14-122.225.1 | 4.12.14-122.225.1 | Jul 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: net/dpaa2: Avoid explicit cpumask var allocation on stack For CONFIG_CPUMASK_OFFSTACK=y kernel, explicit allocation of cpumask variable on stack is not recommended since it can cause potential stack overflow. |
- CVE-2024-42229Jul 30, 2024affected < 4.12.14-122.237.1fixed 4.12.14-122.237.1
In the Linux kernel, the following vulnerability has been resolved: crypto: aead,cipher - zeroize key buffer after use I.G 9.7.B for FIPS 140-3 specifies that variables temporarily holding cryptographic information should be zeroized once they are no longer needed. Accomplish t
- CVE-2024-42228Jul 30, 2024affected < 4.12.14-122.228.1fixed 4.12.14-122.228.1
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Using uninitialized value *size when calling amdgpu_vce_cs_reloc Initialize the size before calling amdgpu_vce_cs_reloc, such as case 0x03000001. V2: To really improve the handling we would actually
- CVE-2024-42224Jul 30, 2024affected < 4.12.14-122.225.1fixed 4.12.14-122.225.1
In the Linux kernel, the following vulnerability has been resolved: net: dsa: mv88e6xxx: Correct check for empty list Since commit a3c53be55c95 ("net: dsa: mv88e6xxx: Support multiple MDIO busses") mv88e6xxx_default_mdio_bus() has checked that the return value of list_first_ent
- CVE-2024-42223Jul 30, 2024affected < 4.12.14-122.225.1fixed 4.12.14-122.225.1
In the Linux kernel, the following vulnerability has been resolved: media: dvb-frontends: tda10048: Fix integer overflow state->xtal_hz can be up to 16M, so it can overflow a 32 bit integer when multiplied by pll_mfactor. Create a new 64 bit variable to hold the calculations.
- CVE-2024-42162Jul 30, 2024affected < 4.12.14-122.228.1fixed 4.12.14-122.228.1
In the Linux kernel, the following vulnerability has been resolved: gve: Account for stopped queues when reading NIC stats We now account for the fact that the NIC might send us stats for a subset of queues. Without this change, gve_get_ethtool_stats might make an invalid acces
- CVE-2024-42158Jul 30, 2024affected < 4.12.14-122.228.1fixed 4.12.14-122.228.1
In the Linux kernel, the following vulnerability has been resolved: s390/pkey: Use kfree_sensitive() to fix Coccinelle warnings Replace memzero_explicit() and kfree() with kfree_sensitive() to fix warnings reported by Coccinelle: WARNING opportunity for kfree_sensitive/kvfree_
- CVE-2024-42157Jul 30, 2024affected < 4.12.14-122.228.1fixed 4.12.14-122.228.1
In the Linux kernel, the following vulnerability has been resolved: s390/pkey: Wipe sensitive data on failure Wipe sensitive data from stack also if the copy_to_user() fails.
- CVE-2024-42155Jul 30, 2024affected < 4.12.14-122.228.1fixed 4.12.14-122.228.1
In the Linux kernel, the following vulnerability has been resolved: s390/pkey: Wipe copies of protected- and secure-keys Although the clear-key of neither protected- nor secure-keys is accessible, this key material should only be visible to the calling process. So wipe all copi
- CVE-2024-42154Jul 30, 2024affected < 4.12.14-122.231.1fixed 4.12.14-122.231.1
In the Linux kernel, the following vulnerability has been resolved: tcp_metrics: validate source addr length I don't see anything checking that TCP_METRICS_ATTR_SADDR_IPV4 is at least 4 bytes long, and the policy doesn't have an entry for this attribute at all (neither does it
- CVE-2024-42148Jul 30, 2024affected < 4.12.14-122.228.1fixed 4.12.14-122.228.1
In the Linux kernel, the following vulnerability has been resolved: bnx2x: Fix multiple UBSAN array-index-out-of-bounds Fix UBSAN warnings that occur when using a system with 32 physical cpu cores or more, or when the user defines a number of Ethernet queues greater than or equ
- CVE-2024-42145Jul 30, 2024affected < 4.12.14-122.225.1fixed 4.12.14-122.225.1
In the Linux kernel, the following vulnerability has been resolved: IB/core: Implement a limit on UMAD receive List The existing behavior of ib_umad, which maintains received MAD packets in an unbounded list, poses a risk of uncontrolled growth. As user-space applications extra
- CVE-2024-42131Jul 30, 2024affected < 4.12.14-122.237.1fixed 4.12.14-122.237.1
In the Linux kernel, the following vulnerability has been resolved: mm: avoid overflows in dirty throttling logic The dirty throttling logic is interspersed with assumptions that dirty limits in PAGE_SIZE units fit into 32-bit (so that various multiplications fit into 64-bits).
- CVE-2024-42124Jul 30, 2024affected < 4.12.14-122.225.1fixed 4.12.14-122.225.1
In the Linux kernel, the following vulnerability has been resolved: scsi: qedf: Make qedf_execute_tmf() non-preemptible Stop calling smp_processor_id() from preemptible code in qedf_execute_tmf90. This results in BUG_ON() when running an RT kernel. [ 659.343280] BUG: using sm
- CVE-2024-42120Jul 30, 2024affected < 4.12.14-122.225.1fixed 4.12.14-122.225.1
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Check pipe offset before setting vblank pipe_ctx has a size of MAX_PIPES so checking its index before accessing the array. This fixes an OVERRUN issue reported by Coverity.
- CVE-2024-42119Jul 30, 2024affected < 4.12.14-122.225.1fixed 4.12.14-122.225.1
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Skip finding free audio for unknown engine_id [WHY] ENGINE_ID_UNKNOWN = -1 and can not be used as an array index. Plus, it also means it is uninitialized and does not need free audio. [HOW] Sk
- CVE-2024-42110Jul 30, 2024affected < 4.12.14-122.228.1fixed 4.12.14-122.228.1
In the Linux kernel, the following vulnerability has been resolved: net: ntb_netdev: Move ntb_netdev_rx_handler() to call netif_rx() from __netif_rx() The following is emitted when using idxd (DSA) dmanegine as the data mover for ntb_transport that ntb_netdev uses. [74412.5469
- CVE-2024-42106Jul 30, 2024affected < 4.12.14-122.228.1fixed 4.12.14-122.228.1
In the Linux kernel, the following vulnerability has been resolved: inet_diag: Initialize pad field in struct inet_diag_req_v2 KMSAN reported uninit-value access in raw_lookup() [1]. Diag for raw sockets uses the pad field in struct inet_diag_req_v2 for the underlying protocol.
- CVE-2024-42101Jul 30, 2024affected < 4.12.14-122.228.1fixed 4.12.14-122.228.1
In the Linux kernel, the following vulnerability has been resolved: drm/nouveau: fix null pointer dereference in nouveau_connector_get_modes In nouveau_connector_get_modes(), the return value of drm_mode_duplicate() is assigned to mode, which will lead to a possible NULL pointe
- affected < 4.12.14-122.225.1fixed 4.12.14-122.225.1
In the Linux kernel, the following vulnerability has been resolved: x86: stop playing stack games in profile_pc() The 'profile_pc()' function is used for timer-based profiling, which isn't really all that relevant any more to begin with, but it also ends up making assumptions b
- affected < 4.12.14-122.225.1fixed 4.12.14-122.225.1
In the Linux kernel, the following vulnerability has been resolved: net/dpaa2: Avoid explicit cpumask var allocation on stack For CONFIG_CPUMASK_OFFSTACK=y kernel, explicit allocation of cpumask variable on stack is not recommended since it can cause potential stack overflow.
Page 94 of 166