rpm package
suse/kernel-default&distro=SUSE Linux Enterprise Live Patching 15 SP5
pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP5
Vulnerabilities (4,709)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-46681 | Med | 5.5 | < 5.14.21-150500.55.88.1 | 5.14.21-150500.55.88.1 | Sep 13, 2024 | In the Linux kernel, the following vulnerability has been resolved: pktgen: use cpus_read_lock() in pg_net_init() I have seen the WARN_ON(smp_processor_id() != cpu) firing in pktgen_thread_worker() during tests. We must use cpus_read_lock()/cpus_read_unlock() around the for_ea | |
| CVE-2024-46679 | Med | 4.7 | < 5.14.21-150500.55.83.1 | 5.14.21-150500.55.83.1 | Sep 13, 2024 | In the Linux kernel, the following vulnerability has been resolved: ethtool: check device is present when getting link settings A sysfs reader can race with a device reset or removal, attempting to read device state when the device is not actually present. eg: [exception | |
| CVE-2024-46678 | Med | 5.5 | < 5.14.21-150500.55.88.1 | 5.14.21-150500.55.88.1 | Sep 13, 2024 | In the Linux kernel, the following vulnerability has been resolved: bonding: change ipsec_lock from spin lock to mutex In the cited commit, bond->ipsec_lock is added to protect ipsec_list, hence xdo_dev_state_add and xdo_dev_state_delete are called inside this lock. As ipsec_lo | |
| CVE-2024-46677 | Med | 5.5 | < 5.14.21-150500.55.83.1 | 5.14.21-150500.55.83.1 | Sep 13, 2024 | In the Linux kernel, the following vulnerability has been resolved: gtp: fix a potential NULL pointer dereference When sockfd_lookup() fails, gtp_encap_enable_socket() returns a NULL pointer, but its callers only check for error pointers thus miss the NULL pointer case. Fix it | |
| CVE-2024-46676 | Med | 5.5 | < 5.14.21-150500.55.83.1 | 5.14.21-150500.55.83.1 | Sep 13, 2024 | In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: Add poll mod list filling check In case of im_protocols value is 1 and tm_protocols value is 0 this combination successfully passes the check 'if (!im_protocols && !tm_protocols)' in the nfc_start_p | |
| CVE-2024-46675 | Med | 5.5 | < 5.14.21-150500.55.83.1 | 5.14.21-150500.55.83.1 | Sep 13, 2024 | In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: core: Prevent USB core invalid event buffer address access This commit addresses an issue where the USB core could access an invalid event buffer address during runtime suspend, potentially causing S | |
| CVE-2024-46674 | Hig | 7.8 | < 5.14.21-150500.55.83.1 | 5.14.21-150500.55.83.1 | Sep 13, 2024 | In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: st: fix probed platform device ref count on probe error path The probe function never performs any paltform device allocation, thus error path "undo_platform_dev_alloc" is entirely bogus. It drops t | |
| CVE-2024-46673 | Hig | 7.8 | < 5.14.21-150500.55.83.1 | 5.14.21-150500.55.83.1 | Sep 13, 2024 | In the Linux kernel, the following vulnerability has been resolved: scsi: aacraid: Fix double-free on probe failure aac_probe_one() calls hardware-specific init functions through the aac_driver_ident::init pointer, all of which eventually call down to aac_init_adapter(). If aa | |
| CVE-2024-45029 | Med | 5.5 | < 5.14.21-150500.55.83.1 | 5.14.21-150500.55.83.1 | Sep 11, 2024 | In the Linux kernel, the following vulnerability has been resolved: i2c: tegra: Do not mark ACPI devices as irq safe On ACPI machines, the tegra i2c module encounters an issue due to a mutex being called inside a spinlock. This leads to the following bug: BUG: sleeping functi | |
| CVE-2024-45028 | Med | 5.5 | < 5.14.21-150500.55.83.1 | 5.14.21-150500.55.83.1 | Sep 11, 2024 | In the Linux kernel, the following vulnerability has been resolved: mmc: mmc_test: Fix NULL dereference on allocation failure If the "test->highmem = alloc_pages()" allocation fails then calling __free_pages(test->highmem) will result in a NULL dereference. Also change the err | |
| CVE-2024-45026 | Hig | 7.8 | < 5.14.21-150500.55.83.1 | 5.14.21-150500.55.83.1 | Sep 11, 2024 | In the Linux kernel, the following vulnerability has been resolved: s390/dasd: fix error recovery leading to data corruption on ESE devices Extent Space Efficient (ESE) or thin provisioned volumes need to be formatted on demand during usual IO processing. The dasd_ese_needs_fo | |
| CVE-2024-45025 | Med | 5.5 | < 5.14.21-150500.55.88.1 | 5.14.21-150500.55.88.1 | Sep 11, 2024 | In the Linux kernel, the following vulnerability has been resolved: fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE copy_fd_bitmaps(new, old, count) is expected to copy the first count/BITS_PER_LONG bits from old->full_fds_bits[] and fill the rest with zeroes. | |
| CVE-2024-45021 | Med | 5.5 | < 5.14.21-150500.55.83.1 | 5.14.21-150500.55.83.1 | Sep 11, 2024 | In the Linux kernel, the following vulnerability has been resolved: memcg_write_event_control(): fix a user-triggerable oops we are *not* guaranteed that anything past the terminating NUL is mapped (let alone initialized with anything sane). | |
| CVE-2024-45020 | Med | 5.5 | < 5.14.21-150500.55.83.1 | 5.14.21-150500.55.83.1 | Sep 11, 2024 | In the Linux kernel, the following vulnerability has been resolved: bpf: Fix a kernel verifier crash in stacksafe() Daniel Hodges reported a kernel verifier crash when playing with sched-ext. Further investigation shows that the crash is due to invalid memory access in stacksaf | |
| CVE-2024-45019 | Med | 5.5 | < 5.14.21-150500.55.94.1 | 5.14.21-150500.55.94.1 | Sep 11, 2024 | In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Take state lock during tx timeout reporter mlx5e_safe_reopen_channels() requires the state lock taken. The referenced changed in the Fixes tag removed the lock to fix another issue. This patch adds i | |
| CVE-2024-45018 | Med | 5.5 | < 5.14.21-150500.55.83.1 | 5.14.21-150500.55.83.1 | Sep 11, 2024 | In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: initialise extack before use Fix missing initialisation of extack in flow offload. | |
| CVE-2024-45016 | Med | 5.5 | < 5.14.21-150500.55.88.1 | 5.14.21-150500.55.88.1 | Sep 11, 2024 | In the Linux kernel, the following vulnerability has been resolved: netem: fix return value if duplicate enqueue fails There is a bug in netem_enqueue() introduced by commit 5845f706388a ("net: netem: fix skb length BUG_ON in __skb_to_sgvec") that can lead to a use-after-free. | |
| CVE-2024-45015 | Med | 5.5 | < 5.14.21-150500.55.83.1 | 5.14.21-150500.55.83.1 | Sep 11, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: move dpu_encoder's connector assignment to atomic_enable() For cases where the crtc's connectors_changed was set without enable/active getting toggled , there is an atomic_enable() call followed by | |
| CVE-2024-45013 | Med | 5.5 | < 5.14.21-150500.55.83.1 | 5.14.21-150500.55.83.1 | Sep 11, 2024 | In the Linux kernel, the following vulnerability has been resolved: nvme: move stopping keep-alive into nvme_uninit_ctrl() Commit 4733b65d82bd ("nvme: start keep-alive after admin queue setup") moves starting keep-alive from nvme_start_ctrl() into nvme_init_ctrl_finish(), but d | |
| CVE-2024-45011 | Med | 5.5 | < 5.14.21-150500.55.83.1 | 5.14.21-150500.55.83.1 | Sep 11, 2024 | In the Linux kernel, the following vulnerability has been resolved: char: xillybus: Check USB endpoints when probing device Ensure, as the driver probes the device, that all endpoints that the driver may attempt to access exist and are of the correct type. All XillyUSB devices |
- affected < 5.14.21-150500.55.88.1fixed 5.14.21-150500.55.88.1
In the Linux kernel, the following vulnerability has been resolved: pktgen: use cpus_read_lock() in pg_net_init() I have seen the WARN_ON(smp_processor_id() != cpu) firing in pktgen_thread_worker() during tests. We must use cpus_read_lock()/cpus_read_unlock() around the for_ea
- affected < 5.14.21-150500.55.83.1fixed 5.14.21-150500.55.83.1
In the Linux kernel, the following vulnerability has been resolved: ethtool: check device is present when getting link settings A sysfs reader can race with a device reset or removal, attempting to read device state when the device is not actually present. eg: [exception
- affected < 5.14.21-150500.55.88.1fixed 5.14.21-150500.55.88.1
In the Linux kernel, the following vulnerability has been resolved: bonding: change ipsec_lock from spin lock to mutex In the cited commit, bond->ipsec_lock is added to protect ipsec_list, hence xdo_dev_state_add and xdo_dev_state_delete are called inside this lock. As ipsec_lo
- affected < 5.14.21-150500.55.83.1fixed 5.14.21-150500.55.83.1
In the Linux kernel, the following vulnerability has been resolved: gtp: fix a potential NULL pointer dereference When sockfd_lookup() fails, gtp_encap_enable_socket() returns a NULL pointer, but its callers only check for error pointers thus miss the NULL pointer case. Fix it
- affected < 5.14.21-150500.55.83.1fixed 5.14.21-150500.55.83.1
In the Linux kernel, the following vulnerability has been resolved: nfc: pn533: Add poll mod list filling check In case of im_protocols value is 1 and tm_protocols value is 0 this combination successfully passes the check 'if (!im_protocols && !tm_protocols)' in the nfc_start_p
- affected < 5.14.21-150500.55.83.1fixed 5.14.21-150500.55.83.1
In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: core: Prevent USB core invalid event buffer address access This commit addresses an issue where the USB core could access an invalid event buffer address during runtime suspend, potentially causing S
- affected < 5.14.21-150500.55.83.1fixed 5.14.21-150500.55.83.1
In the Linux kernel, the following vulnerability has been resolved: usb: dwc3: st: fix probed platform device ref count on probe error path The probe function never performs any paltform device allocation, thus error path "undo_platform_dev_alloc" is entirely bogus. It drops t
- affected < 5.14.21-150500.55.83.1fixed 5.14.21-150500.55.83.1
In the Linux kernel, the following vulnerability has been resolved: scsi: aacraid: Fix double-free on probe failure aac_probe_one() calls hardware-specific init functions through the aac_driver_ident::init pointer, all of which eventually call down to aac_init_adapter(). If aa
- affected < 5.14.21-150500.55.83.1fixed 5.14.21-150500.55.83.1
In the Linux kernel, the following vulnerability has been resolved: i2c: tegra: Do not mark ACPI devices as irq safe On ACPI machines, the tegra i2c module encounters an issue due to a mutex being called inside a spinlock. This leads to the following bug: BUG: sleeping functi
- affected < 5.14.21-150500.55.83.1fixed 5.14.21-150500.55.83.1
In the Linux kernel, the following vulnerability has been resolved: mmc: mmc_test: Fix NULL dereference on allocation failure If the "test->highmem = alloc_pages()" allocation fails then calling __free_pages(test->highmem) will result in a NULL dereference. Also change the err
- affected < 5.14.21-150500.55.83.1fixed 5.14.21-150500.55.83.1
In the Linux kernel, the following vulnerability has been resolved: s390/dasd: fix error recovery leading to data corruption on ESE devices Extent Space Efficient (ESE) or thin provisioned volumes need to be formatted on demand during usual IO processing. The dasd_ese_needs_fo
- affected < 5.14.21-150500.55.88.1fixed 5.14.21-150500.55.88.1
In the Linux kernel, the following vulnerability has been resolved: fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE copy_fd_bitmaps(new, old, count) is expected to copy the first count/BITS_PER_LONG bits from old->full_fds_bits[] and fill the rest with zeroes.
- affected < 5.14.21-150500.55.83.1fixed 5.14.21-150500.55.83.1
In the Linux kernel, the following vulnerability has been resolved: memcg_write_event_control(): fix a user-triggerable oops we are *not* guaranteed that anything past the terminating NUL is mapped (let alone initialized with anything sane).
- affected < 5.14.21-150500.55.83.1fixed 5.14.21-150500.55.83.1
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix a kernel verifier crash in stacksafe() Daniel Hodges reported a kernel verifier crash when playing with sched-ext. Further investigation shows that the crash is due to invalid memory access in stacksaf
- affected < 5.14.21-150500.55.94.1fixed 5.14.21-150500.55.94.1
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Take state lock during tx timeout reporter mlx5e_safe_reopen_channels() requires the state lock taken. The referenced changed in the Fixes tag removed the lock to fix another issue. This patch adds i
- affected < 5.14.21-150500.55.83.1fixed 5.14.21-150500.55.83.1
In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: initialise extack before use Fix missing initialisation of extack in flow offload.
- affected < 5.14.21-150500.55.88.1fixed 5.14.21-150500.55.88.1
In the Linux kernel, the following vulnerability has been resolved: netem: fix return value if duplicate enqueue fails There is a bug in netem_enqueue() introduced by commit 5845f706388a ("net: netem: fix skb length BUG_ON in __skb_to_sgvec") that can lead to a use-after-free.
- affected < 5.14.21-150500.55.83.1fixed 5.14.21-150500.55.83.1
In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: move dpu_encoder's connector assignment to atomic_enable() For cases where the crtc's connectors_changed was set without enable/active getting toggled , there is an atomic_enable() call followed by
- affected < 5.14.21-150500.55.83.1fixed 5.14.21-150500.55.83.1
In the Linux kernel, the following vulnerability has been resolved: nvme: move stopping keep-alive into nvme_uninit_ctrl() Commit 4733b65d82bd ("nvme: start keep-alive after admin queue setup") moves starting keep-alive from nvme_start_ctrl() into nvme_init_ctrl_finish(), but d
- affected < 5.14.21-150500.55.83.1fixed 5.14.21-150500.55.83.1
In the Linux kernel, the following vulnerability has been resolved: char: xillybus: Check USB endpoints when probing device Ensure, as the driver probes the device, that all endpoints that the driver may attempt to access exist and are of the correct type. All XillyUSB devices
Page 134 of 236