rpm package
suse/kernel-default&distro=SUSE Linux Enterprise Live Patching 15 SP4
pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP4
Vulnerabilities (2,888)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2022-48776 | Med | 5.5 | < 5.14.21-150400.24.128.1 | 5.14.21-150400.24.128.1 | Jul 16, 2024 | In the Linux kernel, the following vulnerability has been resolved: mtd: parsers: qcom: Fix missing free for pparts in cleanup Mtdpart doesn't free pparts when a cleanup function is declared. Add missing free for pparts in cleanup function for smem to fix the leak. | |
| CVE-2022-48775 | Med | 5.5 | < 5.14.21-150400.24.128.1 | 5.14.21-150400.24.128.1 | Jul 16, 2024 | In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Fix memory leak in vmbus_add_channel_kobj kobject_init_and_add() takes reference even when it fails. According to the doc of kobject_init_and_add(): If this function returns an error, ko | |
| CVE-2022-48774 | Med | 5.5 | < 5.14.21-150400.24.128.1 | 5.14.21-150400.24.128.1 | Jul 16, 2024 | In the Linux kernel, the following vulnerability has been resolved: dmaengine: ptdma: Fix the error handling path in pt_core_init() In order to free resources correctly in the error handling path of pt_core_init(), 2 goto's have to be switched. Otherwise, some resources will le | |
| CVE-2022-48773 | Med | 5.5 | < 5.14.21-150400.24.128.1 | 5.14.21-150400.24.128.1 | Jul 16, 2024 | In the Linux kernel, the following vulnerability has been resolved: xprtrdma: fix pointer derefs in error cases of rpcrdma_ep_create If there are failures then we must not leave the non-NULL pointers with the error value, otherwise `rpcrdma_ep_destroy` gets confused and tries f | |
| CVE-2021-47624 | Hig | 7.1 | < 5.14.21-150400.24.128.1 | 5.14.21-150400.24.128.1 | Jul 16, 2024 | In the Linux kernel, the following vulnerability has been resolved: net/sunrpc: fix reference count leaks in rpc_sysfs_xprt_state_change The refcount leak issues take place in an error handling path. When the 3rd argument buf doesn't match with "offline", "online" or "remove", | |
| CVE-2021-47622 | Med | 5.5 | < 5.14.21-150400.24.128.1 | 5.14.21-150400.24.128.1 | Jul 16, 2024 | In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: Fix a deadlock in the error handler The following deadlock has been observed on a test setup: - All tags allocated - The SCSI error handler calls ufshcd_eh_host_reset_handler() - ufshcd_eh_host | |
| CVE-2023-52886 | Med | 6.4 | < 5.14.21-150400.24.128.1 | 5.14.21-150400.24.128.1 | Jul 16, 2024 | In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix race by not overwriting udev->descriptor in hub_port_init() Syzbot reported an out-of-bounds read in sysfs.c:read_descriptors(): BUG: KASAN: slab-out-of-bounds in read_descriptors+0x263/0x280 dr | |
| CVE-2023-52885 | Hig | 7.8 | < 5.14.21-150400.24.128.1 | 5.14.21-150400.24.128.1 | Jul 14, 2024 | In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix UAF in svc_tcp_listen_data_ready() After the listener svc_sock is freed, and before invoking svc_tcp_accept() for the established child sock, there is a window that the newsock retaining a freed lis | |
| CVE-2024-40994 | Hig | 7.8 | < 5.14.21-150400.24.128.1 | 5.14.21-150400.24.128.1 | Jul 12, 2024 | In the Linux kernel, the following vulnerability has been resolved: ptp: fix integer overflow in max_vclocks_store On 32bit systems, the "4 * max" multiply can overflow. Use kcalloc() to do the allocation to prevent this. | |
| CVE-2024-40989 | Hig | 7.8 | < 5.14.21-150400.24.128.1 | 5.14.21-150400.24.128.1 | Jul 12, 2024 | In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Disassociate vcpus from redistributor region on teardown When tearing down a redistributor region, make sure we don't have any dangling pointer to that region stored in a vcpu. | |
| CVE-2024-40956 | Hig | 7.8 | < 5.14.21-150400.24.128.1 | 5.14.21-150400.24.128.1 | Jul 12, 2024 | In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list Use list_for_each_entry_safe() to allow iterating through the list and deleting the entry in the iteration process. The descriptor is freed | |
| CVE-2024-40954 | Hig | 7.8 | < 5.14.21-150400.24.128.1 | 5.14.21-150400.24.128.1 | Jul 12, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: do not leave a dangling sk pointer, when socket creation fails It is possible to trigger a use-after-free by: * attaching an fentry probe to __sock_release() and the probe calling the bpf_get_socket_ | |
| CVE-2024-40937 | Med | 5.5 | < 5.14.21-150400.24.128.1 | 5.14.21-150400.24.128.1 | Jul 12, 2024 | In the Linux kernel, the following vulnerability has been resolved: gve: Clear napi->skb before dev_kfree_skb_any() gve_rx_free_skb incorrectly leaves napi->skb referencing an skb after it is freed with dev_kfree_skb_any(). This can result in a subsequent call to napi_get_frags | |
| CVE-2024-40910 | Med | 5.5 | < 5.14.21-150400.24.133.2 | 5.14.21-150400.24.133.2 | Jul 12, 2024 | In the Linux kernel, the following vulnerability has been resolved: ax25: Fix refcount imbalance on inbound connections When releasing a socket in ax25_release(), we call netdev_put() to decrease the refcount on the associated ax.25 device. However, the execution path for accep | |
| CVE-2024-40902 | Hig | 7.8 | < 5.14.21-150400.24.128.1 | 5.14.21-150400.24.128.1 | Jul 12, 2024 | In the Linux kernel, the following vulnerability has been resolved: jfs: xattr: fix buffer overflow for invalid xattr When an xattr size is not what is expected, it is printed out to the kernel log in hex format as a form of debugging. But when that xattr size is bigger than t | |
| CVE-2024-39494 | Hig | 7.8 | < 5.14.21-150400.24.128.1 | 5.14.21-150400.24.128.1 | Jul 12, 2024 | In the Linux kernel, the following vulnerability has been resolved: ima: Fix use-after-free on a dentry's dname.name ->d_name.name can change on rename and the earlier value can be freed; there are conditions sufficient to stabilize it (->d_lock on dentry, ->d_lock on its paren | |
| CVE-2023-52340 | Hig | 7.5 | < 5.14.21-150400.24.111.2 | 5.14.21-150400.24.111.2 | Jul 5, 2024 | The IPv6 implementation in the Linux kernel before 6.3 has a net/ipv6/route.c max_size threshold that can be consumed easily, e.g., leading to a denial of service (network is unreachable errors) when IPv6 packets are sent in a loop via a raw socket. | |
| CVE-2024-39463 | Hig | 7.8 | < 5.14.21-150400.24.128.1 | 5.14.21-150400.24.128.1 | Jun 25, 2024 | In the Linux kernel, the following vulnerability has been resolved: 9p: add missing locking around taking dentry fid list Fix a use-after-free on dentry's d_fsdata fid list when a thread looks up a fid through dentry while another thread unlinks it: UAF thread: refcount_t: add | |
| CVE-2022-48771 | Hig | 7.8 | < 5.14.21-150400.24.128.1 | 5.14.21-150400.24.128.1 | Jun 20, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix stale file descriptors on failed usercopy A failing usercopy of the fence_rep object will lead to a stale entry in the file descriptor table as put_unused_fd() won't release it. This enables use | |
| CVE-2022-48769 | Med | 5.5 | < 5.14.21-150400.24.128.1 | 5.14.21-150400.24.128.1 | Jun 20, 2024 | In the Linux kernel, the following vulnerability has been resolved: efi: runtime: avoid EFIv2 runtime services on Apple x86 machines Aditya reports [0] that his recent MacbookPro crashes in the firmware when using the variable services at runtime. The culprit appears to be a ca |
- affected < 5.14.21-150400.24.128.1fixed 5.14.21-150400.24.128.1
In the Linux kernel, the following vulnerability has been resolved: mtd: parsers: qcom: Fix missing free for pparts in cleanup Mtdpart doesn't free pparts when a cleanup function is declared. Add missing free for pparts in cleanup function for smem to fix the leak.
- affected < 5.14.21-150400.24.128.1fixed 5.14.21-150400.24.128.1
In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Fix memory leak in vmbus_add_channel_kobj kobject_init_and_add() takes reference even when it fails. According to the doc of kobject_init_and_add(): If this function returns an error, ko
- affected < 5.14.21-150400.24.128.1fixed 5.14.21-150400.24.128.1
In the Linux kernel, the following vulnerability has been resolved: dmaengine: ptdma: Fix the error handling path in pt_core_init() In order to free resources correctly in the error handling path of pt_core_init(), 2 goto's have to be switched. Otherwise, some resources will le
- affected < 5.14.21-150400.24.128.1fixed 5.14.21-150400.24.128.1
In the Linux kernel, the following vulnerability has been resolved: xprtrdma: fix pointer derefs in error cases of rpcrdma_ep_create If there are failures then we must not leave the non-NULL pointers with the error value, otherwise `rpcrdma_ep_destroy` gets confused and tries f
- affected < 5.14.21-150400.24.128.1fixed 5.14.21-150400.24.128.1
In the Linux kernel, the following vulnerability has been resolved: net/sunrpc: fix reference count leaks in rpc_sysfs_xprt_state_change The refcount leak issues take place in an error handling path. When the 3rd argument buf doesn't match with "offline", "online" or "remove",
- affected < 5.14.21-150400.24.128.1fixed 5.14.21-150400.24.128.1
In the Linux kernel, the following vulnerability has been resolved: scsi: ufs: Fix a deadlock in the error handler The following deadlock has been observed on a test setup: - All tags allocated - The SCSI error handler calls ufshcd_eh_host_reset_handler() - ufshcd_eh_host
- affected < 5.14.21-150400.24.128.1fixed 5.14.21-150400.24.128.1
In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix race by not overwriting udev->descriptor in hub_port_init() Syzbot reported an out-of-bounds read in sysfs.c:read_descriptors(): BUG: KASAN: slab-out-of-bounds in read_descriptors+0x263/0x280 dr
- affected < 5.14.21-150400.24.128.1fixed 5.14.21-150400.24.128.1
In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix UAF in svc_tcp_listen_data_ready() After the listener svc_sock is freed, and before invoking svc_tcp_accept() for the established child sock, there is a window that the newsock retaining a freed lis
- affected < 5.14.21-150400.24.128.1fixed 5.14.21-150400.24.128.1
In the Linux kernel, the following vulnerability has been resolved: ptp: fix integer overflow in max_vclocks_store On 32bit systems, the "4 * max" multiply can overflow. Use kcalloc() to do the allocation to prevent this.
- affected < 5.14.21-150400.24.128.1fixed 5.14.21-150400.24.128.1
In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Disassociate vcpus from redistributor region on teardown When tearing down a redistributor region, make sure we don't have any dangling pointer to that region stored in a vcpu.
- affected < 5.14.21-150400.24.128.1fixed 5.14.21-150400.24.128.1
In the Linux kernel, the following vulnerability has been resolved: dmaengine: idxd: Fix possible Use-After-Free in irq_process_work_list Use list_for_each_entry_safe() to allow iterating through the list and deleting the entry in the iteration process. The descriptor is freed
- affected < 5.14.21-150400.24.128.1fixed 5.14.21-150400.24.128.1
In the Linux kernel, the following vulnerability has been resolved: net: do not leave a dangling sk pointer, when socket creation fails It is possible to trigger a use-after-free by: * attaching an fentry probe to __sock_release() and the probe calling the bpf_get_socket_
- affected < 5.14.21-150400.24.128.1fixed 5.14.21-150400.24.128.1
In the Linux kernel, the following vulnerability has been resolved: gve: Clear napi->skb before dev_kfree_skb_any() gve_rx_free_skb incorrectly leaves napi->skb referencing an skb after it is freed with dev_kfree_skb_any(). This can result in a subsequent call to napi_get_frags
- affected < 5.14.21-150400.24.133.2fixed 5.14.21-150400.24.133.2
In the Linux kernel, the following vulnerability has been resolved: ax25: Fix refcount imbalance on inbound connections When releasing a socket in ax25_release(), we call netdev_put() to decrease the refcount on the associated ax.25 device. However, the execution path for accep
- affected < 5.14.21-150400.24.128.1fixed 5.14.21-150400.24.128.1
In the Linux kernel, the following vulnerability has been resolved: jfs: xattr: fix buffer overflow for invalid xattr When an xattr size is not what is expected, it is printed out to the kernel log in hex format as a form of debugging. But when that xattr size is bigger than t
- affected < 5.14.21-150400.24.128.1fixed 5.14.21-150400.24.128.1
In the Linux kernel, the following vulnerability has been resolved: ima: Fix use-after-free on a dentry's dname.name ->d_name.name can change on rename and the earlier value can be freed; there are conditions sufficient to stabilize it (->d_lock on dentry, ->d_lock on its paren
- affected < 5.14.21-150400.24.111.2fixed 5.14.21-150400.24.111.2
The IPv6 implementation in the Linux kernel before 6.3 has a net/ipv6/route.c max_size threshold that can be consumed easily, e.g., leading to a denial of service (network is unreachable errors) when IPv6 packets are sent in a loop via a raw socket.
- affected < 5.14.21-150400.24.128.1fixed 5.14.21-150400.24.128.1
In the Linux kernel, the following vulnerability has been resolved: 9p: add missing locking around taking dentry fid list Fix a use-after-free on dentry's d_fsdata fid list when a thread looks up a fid through dentry while another thread unlinks it: UAF thread: refcount_t: add
- affected < 5.14.21-150400.24.128.1fixed 5.14.21-150400.24.128.1
In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix stale file descriptors on failed usercopy A failing usercopy of the fence_rep object will lead to a stale entry in the file descriptor table as put_unused_fd() won't release it. This enables use
- affected < 5.14.21-150400.24.128.1fixed 5.14.21-150400.24.128.1
In the Linux kernel, the following vulnerability has been resolved: efi: runtime: avoid EFIv2 runtime services on Apple x86 machines Aditya reports [0] that his recent MacbookPro crashes in the firmware when using the variable services at runtime. The culprit appears to be a ca
Page 96 of 145