VYPR

rpm package

suse/kernel-default&distro=SUSE Linux Enterprise Micro 5.5

pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Micro%205.5

Vulnerabilities (4,617)

  • CVE-2024-50279Nov 19, 2024
    affected < 5.14.21-150500.55.88.1fixed 5.14.21-150500.55.88.1

    In the Linux kernel, the following vulnerability has been resolved: dm cache: fix out-of-bounds access to the dirty bitset when resizing dm-cache checks the dirty bits of the cache blocks to be dropped when shrinking the fast device, but an index bug in bitset iteration causes

  • CVE-2024-50278Nov 19, 2024
    affected < 5.14.21-150500.55.91.1fixed 5.14.21-150500.55.91.1

    In the Linux kernel, the following vulnerability has been resolved: dm cache: fix potential out-of-bounds access on the first resume Out-of-bounds access occurs if the fast device is expanded unexpectedly before the first-time resume of the cache table. This happens because exp

  • CVE-2024-50275Nov 19, 2024
    affected < 5.14.21-150500.55.94.1fixed 5.14.21-150500.55.94.1

    In the Linux kernel, the following vulnerability has been resolved: arm64/sve: Discard stale CPU state when handling SVE traps The logic for handling SVE traps manipulates saved FPSIMD/SVE state incorrectly, and a race with preemption can result in a task having TIF_SVE set and

  • CVE-2024-50274Nov 19, 2024
    affected < 5.14.21-150500.55.88.1fixed 5.14.21-150500.55.88.1

    In the Linux kernel, the following vulnerability has been resolved: idpf: avoid vport access in idpf_get_link_ksettings When the device control plane is removed or the platform running device control plane is rebooted, a reset is detected on the driver. On driver reset, it rele

  • CVE-2024-50273Nov 19, 2024
    affected < 5.14.21-150500.55.88.1fixed 5.14.21-150500.55.88.1

    In the Linux kernel, the following vulnerability has been resolved: btrfs: reinitialize delayed ref list after deleting it from the list At insert_delayed_ref() if we need to update the action of an existing ref to BTRFS_DROP_DELAYED_REF, we delete the ref from its ref head's r

  • CVE-2024-50271Nov 19, 2024
    affected < 5.14.21-150500.55.88.1fixed 5.14.21-150500.55.88.1

    In the Linux kernel, the following vulnerability has been resolved: signal: restore the override_rlimit logic Prior to commit d64696905554 ("Reimplement RLIMIT_SIGPENDING on top of ucounts") UCOUNT_RLIMIT_SIGPENDING rlimit was not enforced for a class of signals. However now i

  • CVE-2024-50269Nov 19, 2024
    affected < 5.14.21-150500.55.88.1fixed 5.14.21-150500.55.88.1

    In the Linux kernel, the following vulnerability has been resolved: usb: musb: sunxi: Fix accessing an released usb phy Commit 6ed05c68cbca ("usb: musb: sunxi: Explicitly release USB PHY on exit") will cause that usb phy @glue->xceiv is accessed after released. 1) register pla

  • CVE-2024-50268Nov 19, 2024
    affected < 5.14.21-150500.55.88.1fixed 5.14.21-150500.55.88.1

    In the Linux kernel, the following vulnerability has been resolved: usb: typec: fix potential out of bounds in ucsi_ccg_update_set_new_cam_cmd() The "*cmd" variable can be controlled by the user via debugfs. That means "new_cam" can be as high as 255 while the size of the uc->

  • CVE-2024-50267Nov 19, 2024
    affected < 5.14.21-150500.55.88.1fixed 5.14.21-150500.55.88.1

    In the Linux kernel, the following vulnerability has been resolved: USB: serial: io_edgeport: fix use after free in debug printk The "dev_dbg(&urb->dev->dev, ..." which happens after usb_free_urb(urb) is a use after free of the "urb" pointer. Store the "dev" pointer at the sta

  • CVE-2024-50265Nov 19, 2024
    affected < 5.14.21-150500.55.88.1fixed 5.14.21-150500.55.88.1

    In the Linux kernel, the following vulnerability has been resolved: ocfs2: remove entry once instead of null-ptr-dereference in ocfs2_xa_remove() Syzkaller is able to provoke null-ptr-dereference in ocfs2_xa_remove(): [ 57.319872] (a.out,1161,7):ocfs2_xa_remove:2028 ERROR: s

  • CVE-2024-50264Nov 19, 2024
    affected < 5.14.21-150500.55.88.1fixed 5.14.21-150500.55.88.1

    In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans During loopback communication, a dangling pointer can be created in vsk->trans, potentially leading to a Use-After-Free condition. T

  • CVE-2023-52921Nov 19, 2024
    affected < 5.14.21-150500.55.88.1fixed 5.14.21-150500.55.88.1

    In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix possible UAF in amdgpu_cs_pass1() Since the gang_size check is outside of chunk parsing loop, we need to reset i before we free the chunk data. Suggested by Ye Zhang (@VAR10CK) of Baidu Securit

  • CVE-2023-4134Nov 14, 2024
    affected < 5.14.21-150500.55.28.1fixed 5.14.21-150500.55.28.1

    A use-after-free vulnerability was found in the cyttsp4_core driver in the Linux kernel. This issue occurs in the device cleanup routine due to a possible rearming of the watchdog_timer from the workqueue. This could allow a local user to crash the system, causing a denial of ser

  • CVE-2024-50262HigNov 9, 2024
    affected < 5.14.21-150500.55.91.1fixed 5.14.21-150500.55.91.1

    In the Linux kernel, the following vulnerability has been resolved: bpf: Fix out-of-bounds write in trie_get_next_key() trie_get_next_key() allocates a node stack with size trie->max_prefixlen, while it writes (trie->max_prefixlen + 1) nodes to the stack when it has full paths

  • CVE-2024-50261Nov 9, 2024
    affected < 5.14.21-150500.55.88.1fixed 5.14.21-150500.55.88.1

    In the Linux kernel, the following vulnerability has been resolved: macsec: Fix use-after-free while sending the offloading packet KASAN reports the following UAF. The metadata_dst, which is used to store the SCI value for macsec offload, is already freed by metadata_dst_free()

  • CVE-2024-50259Nov 9, 2024
    affected < 5.14.21-150500.55.88.1fixed 5.14.21-150500.55.88.1

    In the Linux kernel, the following vulnerability has been resolved: netdevsim: Add trailing zero to terminate the string in nsim_nexthop_bucket_activity_write() This was found by a static analyzer. We should not forget the trailing zero after copy_from_user() if we will further

  • CVE-2024-50256Nov 9, 2024
    affected < 5.14.21-150500.55.91.1fixed 5.14.21-150500.55.91.1

    In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_reject_ipv6: fix potential crash in nf_send_reset6() I got a syzbot report without a repro [1] crashing in nf_send_reset6() I think the issue is that dev->hard_header_len is zero, and we attempt

  • CVE-2024-50255Nov 9, 2024
    affected < 5.14.21-150500.55.88.1fixed 5.14.21-150500.55.88.1

    In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci: fix null-ptr-deref in hci_read_supported_codecs Fix __hci_cmd_sync_sk() to return not NULL for unknown opcodes. __hci_cmd_sync_sk() returns NULL if a command returns a status event. However, it

  • CVE-2024-50249Nov 9, 2024
    affected < 5.14.21-150500.55.88.1fixed 5.14.21-150500.55.88.1

    In the Linux kernel, the following vulnerability has been resolved: ACPI: CPPC: Make rmw_lock a raw_spin_lock The following BUG was triggered: ============================= [ BUG: Invalid wait context ] 6.12.0-rc2-XXX #406 Not tainted ----------------------------- kworker/1:1/

  • CVE-2024-50237Nov 9, 2024
    affected < 5.14.21-150500.55.88.1fixed 5.14.21-150500.55.88.1

    In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: do not pass a stopped vif to the driver in .get_txpower Avoid potentially crashing in the driver because of uninitialized private data

Page 112 of 231