rpm package
suse/kernel-default&distro=SUSE Linux Enterprise Workstation Extension 15 SP6
pkg:rpm/suse/kernel-default&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP6
Vulnerabilities (3,752)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-52635 | Med | 5.5 | < 6.4.0-150600.23.7.3 | 6.4.0-150600.23.7.3 | Apr 2, 2024 | In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: Synchronize devfreq_monitor_[start/stop] There is a chance if a frequent switch of the governor done in a loop result in timer list corruption where timer cancel being done from two place one from | |
| CVE-2023-52631 | Med | 5.5 | < 6.4.0-150600.23.7.3 | 6.4.0-150600.23.7.3 | Apr 2, 2024 | In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix an NULL dereference bug The issue here is when this is called from ntfs_load_attr_list(). The "size" comes from le32_to_cpu(attr->res.data_size) so it can't overflow on a 64bit systems but on 32b | |
| CVE-2024-26654 | Hig | 7.0 | < 6.4.0-150600.23.7.3 | 6.4.0-150600.23.7.3 | Apr 1, 2024 | In the Linux kernel, the following vulnerability has been resolved: ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs The dreamcastcard->timer could schedule the spu_dma_work and the spu_dma_work could also arm the dreamcastcard->timer. When the snd_pcm_substream is | |
| CVE-2023-52622 | Med | 5.5 | < 6.4.0-150600.23.14.2 | 6.4.0-150600.23.14.2 | Mar 26, 2024 | In the Linux kernel, the following vulnerability has been resolved: ext4: avoid online resizing failures due to oversized flex bg When we online resize an ext4 filesystem with a oversized flexbg_size, mkfs.ext4 -F -G 67108864 $dev -b 4096 100M mount $dev $dir re | |
| CVE-2024-26643 | Med | 5.5 | < 6.4.0-150600.23.7.3 | 6.4.0-150600.23.7.3 | Mar 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout While the rhashtable set gc runs asynchronously, a race allows it to collect elements from anonymous sets with timeouts while it | |
| CVE-2024-26642 | Med | 5.5 | < 6.4.0-150600.23.7.3 | 6.4.0-150600.23.7.3 | Mar 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: disallow anonymous set with timeout flag Anonymous sets are never used with timeout from userspace, reject this. Exception to this rule is NFT_SET_EVAL to ensure legacy meters still work. | |
| CVE-2024-26641 | Med | 5.5 | < 6.4.0-150600.23.17.1 | 6.4.0-150600.23.17.1 | Mar 18, 2024 | In the Linux kernel, the following vulnerability has been resolved: ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv() syzbot found __ip6_tnl_rcv() could access unitiliazed data [1]. Call pskb_inet_may_pull() to fix this, and initialize ipv6h variable after this cal | |
| CVE-2024-26640 | Med | 5.5 | < 6.4.0-150600.23.25.1 | 6.4.0-150600.23.25.1 | Mar 18, 2024 | In the Linux kernel, the following vulnerability has been resolved: tcp: add sanity checks to rx zerocopy TCP rx zerocopy intent is to map pages initially allocated from NIC drivers, not pages owned by a fs. This patch adds to can_map_frag() these additional checks: - Page mu | |
| CVE-2024-26638 | Med | 4.4 | < 6.4.0-150600.23.7.3 | 6.4.0-150600.23.7.3 | Mar 18, 2024 | In the Linux kernel, the following vulnerability has been resolved: nbd: always initialize struct msghdr completely syzbot complains that msg->msg_get_inq value can be uninitialized [1] struct msghdr got many new fields recently, we should always make sure their values is zero | |
| CVE-2024-26637 | Med | 5.5 | < 6.4.0-150600.23.22.1 | 6.4.0-150600.23.22.1 | Mar 18, 2024 | In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: rely on mac80211 debugfs handling for vif mac80211 started to delete debugfs entries in certain cases, causing a ath11k to crash when it tried to delete the entries later. Fix this by relying on m | |
| CVE-2024-26636 | Med | 5.5 | < 6.4.0-150600.23.17.1 | 6.4.0-150600.23.17.1 | Mar 18, 2024 | In the Linux kernel, the following vulnerability has been resolved: llc: make llc_ui_sendmsg() more robust against bonding changes syzbot was able to trick llc_ui_sendmsg(), allocating an skb with no headroom, but subsequently trying to push 14 bytes of Ethernet header [1] Lik | |
| CVE-2024-26635 | Med | 5.5 | < 6.4.0-150600.23.17.1 | 6.4.0-150600.23.17.1 | Mar 18, 2024 | In the Linux kernel, the following vulnerability has been resolved: llc: Drop support for ETH_P_TR_802_2. syzbot reported an uninit-value bug below. [0] llc supports ETH_P_802_2 (0x0004) and used to support ETH_P_TR_802_2 (0x0011), and syzbot abused the latter to trigger the b | |
| CVE-2024-26634 | Med | 5.5 | < 6.4.0-150600.23.47.2 | 6.4.0-150600.23.47.2 | Mar 18, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: fix removing a namespace with conflicting altnames Mark reports a BUG() when a net namespace is removed. kernel BUG at net/core/dev.c:11520! Physical interfaces moved outside of init_net get "refunde | |
| CVE-2024-26633 | Med | 5.5 | < 6.4.0-150600.23.17.1 | 6.4.0-150600.23.17.1 | Mar 18, 2024 | In the Linux kernel, the following vulnerability has been resolved: ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim() syzbot pointed out [1] that NEXTHDR_FRAGMENT handling is broken. Reading frag_off can only be done if we pulled enough bytes to skb->hea | |
| CVE-2024-26632 | Med | 5.5 | < 6.4.0-150600.23.7.3 | 6.4.0-150600.23.7.3 | Mar 18, 2024 | In the Linux kernel, the following vulnerability has been resolved: block: Fix iterating over an empty bio with bio_for_each_folio_all If the bio contains no data, bio_first_folio() calls page_folio() on a NULL pointer and oopses. Move the test that we've reached the end of th | |
| CVE-2024-26631 | Med | 4.7 | < 6.4.0-150600.23.22.1 | 6.4.0-150600.23.22.1 | Mar 18, 2024 | In the Linux kernel, the following vulnerability has been resolved: ipv6: mcast: fix data-race in ipv6_mc_down / mld_ifc_work idev->mc_ifc_count can be written over without proper locking. Originally found by syzbot [1], fix this issue by encapsulating calls to mld_ifc_stop_wo | |
| CVE-2023-52618 | Med | 5.3 | < 6.4.0-150600.23.7.3 | 6.4.0-150600.23.7.3 | Mar 18, 2024 | In the Linux kernel, the following vulnerability has been resolved: block/rnbd-srv: Check for unlikely string overflow Since "dev_search_path" can technically be as large as PATH_MAX, there was a risk of truncation when copying it and a second string into "full_path" since it w | |
| CVE-2023-52616 | Med | 5.5 | < 6.4.0-150600.23.7.3 | 6.4.0-150600.23.7.3 | Mar 18, 2024 | In the Linux kernel, the following vulnerability has been resolved: crypto: lib/mpi - Fix unexpected pointer access in mpi_ec_init When the mpi_ec_ctx structure is initialized, some fields are not cleared, causing a crash when referencing the field when the structure was releas | |
| CVE-2023-52610 | Med | 5.5 | < 6.4.0-150600.23.25.1 | 6.4.0-150600.23.25.1 | Mar 18, 2024 | In the Linux kernel, the following vulnerability has been resolved: net/sched: act_ct: fix skb leak and crash on ooo frags act_ct adds skb->users before defragmentation. If frags arrive in order, the last frag's reference is reset in: inet_frag_reasm_prepare skb_morph w | |
| CVE-2024-26615 | Med | 5.5 | < 6.4.0-150600.23.17.1 | 6.4.0-150600.23.17.1 | Mar 11, 2024 | In the Linux kernel, the following vulnerability has been resolved: net/smc: fix illegal rmb_desc access in SMC-D connection dump A crash was found when dumping SMC-D connections. It can be reproduced by following steps: - run nginx/wrk test: smc_run nginx smc_run wrk -t 1 |
- affected < 6.4.0-150600.23.7.3fixed 6.4.0-150600.23.7.3
In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: Synchronize devfreq_monitor_[start/stop] There is a chance if a frequent switch of the governor done in a loop result in timer list corruption where timer cancel being done from two place one from
- affected < 6.4.0-150600.23.7.3fixed 6.4.0-150600.23.7.3
In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Fix an NULL dereference bug The issue here is when this is called from ntfs_load_attr_list(). The "size" comes from le32_to_cpu(attr->res.data_size) so it can't overflow on a 64bit systems but on 32b
- affected < 6.4.0-150600.23.7.3fixed 6.4.0-150600.23.7.3
In the Linux kernel, the following vulnerability has been resolved: ALSA: sh: aica: reorder cleanup operations to avoid UAF bugs The dreamcastcard->timer could schedule the spu_dma_work and the spu_dma_work could also arm the dreamcastcard->timer. When the snd_pcm_substream is
- affected < 6.4.0-150600.23.14.2fixed 6.4.0-150600.23.14.2
In the Linux kernel, the following vulnerability has been resolved: ext4: avoid online resizing failures due to oversized flex bg When we online resize an ext4 filesystem with a oversized flexbg_size, mkfs.ext4 -F -G 67108864 $dev -b 4096 100M mount $dev $dir re
- affected < 6.4.0-150600.23.7.3fixed 6.4.0-150600.23.7.3
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: mark set as dead when unbinding anonymous set with timeout While the rhashtable set gc runs asynchronously, a race allows it to collect elements from anonymous sets with timeouts while it
- affected < 6.4.0-150600.23.7.3fixed 6.4.0-150600.23.7.3
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: disallow anonymous set with timeout flag Anonymous sets are never used with timeout from userspace, reject this. Exception to this rule is NFT_SET_EVAL to ensure legacy meters still work.
- affected < 6.4.0-150600.23.17.1fixed 6.4.0-150600.23.17.1
In the Linux kernel, the following vulnerability has been resolved: ip6_tunnel: make sure to pull inner header in __ip6_tnl_rcv() syzbot found __ip6_tnl_rcv() could access unitiliazed data [1]. Call pskb_inet_may_pull() to fix this, and initialize ipv6h variable after this cal
- affected < 6.4.0-150600.23.25.1fixed 6.4.0-150600.23.25.1
In the Linux kernel, the following vulnerability has been resolved: tcp: add sanity checks to rx zerocopy TCP rx zerocopy intent is to map pages initially allocated from NIC drivers, not pages owned by a fs. This patch adds to can_map_frag() these additional checks: - Page mu
- affected < 6.4.0-150600.23.7.3fixed 6.4.0-150600.23.7.3
In the Linux kernel, the following vulnerability has been resolved: nbd: always initialize struct msghdr completely syzbot complains that msg->msg_get_inq value can be uninitialized [1] struct msghdr got many new fields recently, we should always make sure their values is zero
- affected < 6.4.0-150600.23.22.1fixed 6.4.0-150600.23.22.1
In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: rely on mac80211 debugfs handling for vif mac80211 started to delete debugfs entries in certain cases, causing a ath11k to crash when it tried to delete the entries later. Fix this by relying on m
- affected < 6.4.0-150600.23.17.1fixed 6.4.0-150600.23.17.1
In the Linux kernel, the following vulnerability has been resolved: llc: make llc_ui_sendmsg() more robust against bonding changes syzbot was able to trick llc_ui_sendmsg(), allocating an skb with no headroom, but subsequently trying to push 14 bytes of Ethernet header [1] Lik
- affected < 6.4.0-150600.23.17.1fixed 6.4.0-150600.23.17.1
In the Linux kernel, the following vulnerability has been resolved: llc: Drop support for ETH_P_TR_802_2. syzbot reported an uninit-value bug below. [0] llc supports ETH_P_802_2 (0x0004) and used to support ETH_P_TR_802_2 (0x0011), and syzbot abused the latter to trigger the b
- affected < 6.4.0-150600.23.47.2fixed 6.4.0-150600.23.47.2
In the Linux kernel, the following vulnerability has been resolved: net: fix removing a namespace with conflicting altnames Mark reports a BUG() when a net namespace is removed. kernel BUG at net/core/dev.c:11520! Physical interfaces moved outside of init_net get "refunde
- affected < 6.4.0-150600.23.17.1fixed 6.4.0-150600.23.17.1
In the Linux kernel, the following vulnerability has been resolved: ip6_tunnel: fix NEXTHDR_FRAGMENT handling in ip6_tnl_parse_tlv_enc_lim() syzbot pointed out [1] that NEXTHDR_FRAGMENT handling is broken. Reading frag_off can only be done if we pulled enough bytes to skb->hea
- affected < 6.4.0-150600.23.7.3fixed 6.4.0-150600.23.7.3
In the Linux kernel, the following vulnerability has been resolved: block: Fix iterating over an empty bio with bio_for_each_folio_all If the bio contains no data, bio_first_folio() calls page_folio() on a NULL pointer and oopses. Move the test that we've reached the end of th
- affected < 6.4.0-150600.23.22.1fixed 6.4.0-150600.23.22.1
In the Linux kernel, the following vulnerability has been resolved: ipv6: mcast: fix data-race in ipv6_mc_down / mld_ifc_work idev->mc_ifc_count can be written over without proper locking. Originally found by syzbot [1], fix this issue by encapsulating calls to mld_ifc_stop_wo
- affected < 6.4.0-150600.23.7.3fixed 6.4.0-150600.23.7.3
In the Linux kernel, the following vulnerability has been resolved: block/rnbd-srv: Check for unlikely string overflow Since "dev_search_path" can technically be as large as PATH_MAX, there was a risk of truncation when copying it and a second string into "full_path" since it w
- affected < 6.4.0-150600.23.7.3fixed 6.4.0-150600.23.7.3
In the Linux kernel, the following vulnerability has been resolved: crypto: lib/mpi - Fix unexpected pointer access in mpi_ec_init When the mpi_ec_ctx structure is initialized, some fields are not cleared, causing a crash when referencing the field when the structure was releas
- affected < 6.4.0-150600.23.25.1fixed 6.4.0-150600.23.25.1
In the Linux kernel, the following vulnerability has been resolved: net/sched: act_ct: fix skb leak and crash on ooo frags act_ct adds skb->users before defragmentation. If frags arrive in order, the last frag's reference is reset in: inet_frag_reasm_prepare skb_morph w
- affected < 6.4.0-150600.23.17.1fixed 6.4.0-150600.23.17.1
In the Linux kernel, the following vulnerability has been resolved: net/smc: fix illegal rmb_desc access in SMC-D connection dump A crash was found when dumping SMC-D connections. It can be reproduced by following steps: - run nginx/wrk test: smc_run nginx smc_run wrk -t 1
Page 186 of 188