rpm package

suse/kernel-default-base&distro=SUSE Linux Enterprise Micro 5.5

pkg:rpm/suse/kernel-default-base&distro=SUSE%20Linux%20Enterprise%20Micro%205.5

Vulnerabilities (4,617)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2024-38615	Med	5.5	< 5.14.21-150500.55.88.1.150500.6.39.4	5.14.21-150500.55.88.1.150500.6.39.4	Jun 19, 2024	In the Linux kernel, the following vulnerability has been resolved: cpufreq: exit() callback is optional The exit() callback is optional and shouldn't be called without checking a valid pointer first. Also, we must clear freq_table pointer even if the exit() callback isn't pre
CVE-2024-38599	Hig	7.1	< 5.14.21-150500.55.73.1.150500.6.33.8	5.14.21-150500.55.73.1.150500.6.33.8	Jun 19, 2024	In the Linux kernel, the following vulnerability has been resolved: jffs2: prevent xattr node from overflowing the eraseblock Add a check to make sure that the requested xattr node size is no larger than the eraseblock minus the cleanmarker. Unlike the usual inode nodes, the x
CVE-2024-38598	Med	5.5	< 5.14.21-150500.55.73.1.150500.6.33.8	5.14.21-150500.55.73.1.150500.6.33.8	Jun 19, 2024	In the Linux kernel, the following vulnerability has been resolved: md: fix resync softlockup when bitmap size is less than array size Is is reported that for dm-raid10, lvextend + lvchange --syncaction will trigger following softlockup: kernel:watchdog: BUG: soft lockup - CPU
CVE-2024-38596	Med	4.7	< 5.14.21-150500.55.83.1.150500.6.37.1	5.14.21-150500.55.83.1.150500.6.37.1	Jun 19, 2024	In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg A data-race condition has been identified in af_unix. In one data path, the write function unix_release_sock() atomically writes to sk->sk_shutdo
CVE-2024-38589	Med	5.5	< 5.14.21-150500.55.88.1.150500.6.39.4	5.14.21-150500.55.88.1.150500.6.39.4	Jun 19, 2024	In the Linux kernel, the following vulnerability has been resolved: netrom: fix possible dead-lock in nr_rt_ioctl() syzbot loves netrom, and found a possible deadlock in nr_rt_ioctl [1] Make sure we always acquire nr_node_list_lock before nr_node_lock(nr_node) [1] WARNING: po
CVE-2024-38587	Med	5.3	< 5.14.21-150500.55.73.1.150500.6.33.8	5.14.21-150500.55.73.1.150500.6.33.8	Jun 19, 2024	In the Linux kernel, the following vulnerability has been resolved: speakup: Fix sizeof() vs ARRAY_SIZE() bug The "buf" pointer is an array of u16 values. This code should be using ARRAY_SIZE() (which is 256) instead of sizeof() (which is 512), otherwise it can the still got o
CVE-2024-38579	Med	5.5	< 5.14.21-150500.55.73.1.150500.6.33.8	5.14.21-150500.55.73.1.150500.6.33.8	Jun 19, 2024	In the Linux kernel, the following vulnerability has been resolved: crypto: bcm - Fix pointer arithmetic In spu2_dump_omd() value of ptr is increased by ciph_key_len instead of hash_iv_len which could lead to going beyond the buffer boundaries. Fix this bug by changing ciph_key
CVE-2024-38578	Hig	7.8	< 5.14.21-150500.55.73.1.150500.6.33.8	5.14.21-150500.55.73.1.150500.6.33.8	Jun 19, 2024	In the Linux kernel, the following vulnerability has been resolved: ecryptfs: Fix buffer size for tag 66 packet The 'TAG 66 Packet Format' description is missing the cipher code and checksum fields that are packed into the message packet. As a result, the buffer allocated for t
CVE-2024-38567	Med	5.5	< 5.14.21-150500.55.73.1.150500.6.33.8	5.14.21-150500.55.73.1.150500.6.33.8	Jun 19, 2024	In the Linux kernel, the following vulnerability has been resolved: wifi: carl9170: add a proper sanity check for endpoints Syzkaller reports [1] hitting a warning which is caused by presence of a wrong endpoint type at the URB sumbitting stage. While there was a check for a sp
CVE-2024-38565	Med	5.5	< 5.14.21-150500.55.73.1.150500.6.33.8	5.14.21-150500.55.73.1.150500.6.33.8	Jun 19, 2024	In the Linux kernel, the following vulnerability has been resolved: wifi: ar5523: enable proper endpoint verification Syzkaller reports [1] hitting a warning about an endpoint in use not having an expected type to it. Fix the issue by checking for the existence of all proper e
CVE-2024-38560	Hig	7.1	< 5.14.21-150500.55.73.1.150500.6.33.8	5.14.21-150500.55.73.1.150500.6.33.8	Jun 19, 2024	In the Linux kernel, the following vulnerability has been resolved: scsi: bfa: Ensure the copied buf is NUL terminated Currently, we allocate a nbytes-sized kernel buffer and copy nbytes from userspace to that buffer. Later, we use sscanf on this buffer but we don't ensure that
CVE-2024-38559	Med	4.4	< 5.14.21-150500.55.73.1.150500.6.33.8	5.14.21-150500.55.73.1.150500.6.33.8	Jun 19, 2024	In the Linux kernel, the following vulnerability has been resolved: scsi: qedf: Ensure the copied buf is NUL terminated Currently, we allocate a count-sized kernel buffer and copy count from userspace to that buffer. Later, we use kstrtouint on this buffer but we don't ensure t
CVE-2024-38558	Med	5.5	< 5.14.21-150500.55.73.1.150500.6.33.8	5.14.21-150500.55.73.1.150500.6.33.8	Jun 19, 2024	In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix overwriting ct original tuple for ICMPv6 OVS_PACKET_CMD_EXECUTE has 3 main attributes: - OVS_PACKET_ATTR_KEY - Packet metadata in a netlink format. - OVS_PACKET_ATTR_PACKET - Binary pack
CVE-2024-38552	Hig	7.8	< 5.14.21-150500.55.73.1.150500.6.33.8	5.14.21-150500.55.73.1.150500.6.33.8	Jun 19, 2024	In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix potential index out of bounds in color transformation function Fixes index out of bounds issue in the color transformation function. The issue could occur when the index 'i' exceeds the num
CVE-2024-38547	Med	5.5	< 5.14.21-150500.55.73.1.150500.6.33.8	5.14.21-150500.55.73.1.150500.6.33.8	Jun 19, 2024	In the Linux kernel, the following vulnerability has been resolved: media: atomisp: ssh_css: Fix a null-pointer dereference in load_video_binaries The allocation failure of mycs->yuv_scaler_binary in load_video_binaries() is followed with a dereference of mycs->yuv_scaler_binar
CVE-2024-38618		—	< 5.14.21-150500.55.73.1.150500.6.33.8	5.14.21-150500.55.73.1.150500.6.33.8	Jun 19, 2024	In the Linux kernel, the following vulnerability has been resolved: ALSA: timer: Set lower bound of start tick time Currently ALSA timer doesn't have the lower limit of the start tick time, and it allows a very small size, e.g. 1 tick with 1ns resolution for hrtimer. Such a si
CVE-2024-38616		—	< 5.14.21-150500.55.73.1.150500.6.33.8	5.14.21-150500.55.73.1.150500.6.33.8	Jun 19, 2024	In the Linux kernel, the following vulnerability has been resolved: wifi: carl9170: re-fix fortified-memset warning The carl9170_tx_release() function sometimes triggers a fortified-memset warning in my randconfig builds: In file included from include/linux/string.h:254,
CVE-2024-38608		—	< 5.14.21-150500.55.73.1.150500.6.33.8	5.14.21-150500.55.73.1.150500.6.33.8	Jun 19, 2024	In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix netif state handling mlx5e_suspend cleans resources only if netif_device_present() returns true. However, mlx5e_resume changes the state of netif, via mlx5e_nic_enable, only if reg_state == NETRE
CVE-2024-38605		—	< 5.14.21-150500.55.73.1.150500.6.33.8	5.14.21-150500.55.73.1.150500.6.33.8	Jun 19, 2024	In the Linux kernel, the following vulnerability has been resolved: ALSA: core: Fix NULL module pointer assignment at card init The commit 81033c6b584b ("ALSA: core: Warn on empty module") introduced a WARN_ON() for a NULL module pointer passed at snd_card object creation, and
CVE-2024-38603		—	< 5.14.21-150500.55.73.1.150500.6.33.8	5.14.21-150500.55.73.1.150500.6.33.8	Jun 19, 2024	In the Linux kernel, the following vulnerability has been resolved: drivers/perf: hisi: hns3: Actually use devm_add_action_or_reset() pci_alloc_irq_vectors() allocates an irq vector. When devm_add_action() fails, the irq vector is not freed, which leads to a memory leak. Repla

CVE-2024-38615MedJun 19, 2024
affected < 5.14.21-150500.55.88.1.150500.6.39.4fixed 5.14.21-150500.55.88.1.150500.6.39.4
In the Linux kernel, the following vulnerability has been resolved: cpufreq: exit() callback is optional The exit() callback is optional and shouldn't be called without checking a valid pointer first. Also, we must clear freq_table pointer even if the exit() callback isn't pre
CVE-2024-38599HigJun 19, 2024
affected < 5.14.21-150500.55.73.1.150500.6.33.8fixed 5.14.21-150500.55.73.1.150500.6.33.8
In the Linux kernel, the following vulnerability has been resolved: jffs2: prevent xattr node from overflowing the eraseblock Add a check to make sure that the requested xattr node size is no larger than the eraseblock minus the cleanmarker. Unlike the usual inode nodes, the x
CVE-2024-38598MedJun 19, 2024
affected < 5.14.21-150500.55.73.1.150500.6.33.8fixed 5.14.21-150500.55.73.1.150500.6.33.8
In the Linux kernel, the following vulnerability has been resolved: md: fix resync softlockup when bitmap size is less than array size Is is reported that for dm-raid10, lvextend + lvchange --syncaction will trigger following softlockup: kernel:watchdog: BUG: soft lockup - CPU
CVE-2024-38596MedJun 19, 2024
affected < 5.14.21-150500.55.83.1.150500.6.37.1fixed 5.14.21-150500.55.83.1.150500.6.37.1
In the Linux kernel, the following vulnerability has been resolved: af_unix: Fix data races in unix_release_sock/unix_stream_sendmsg A data-race condition has been identified in af_unix. In one data path, the write function unix_release_sock() atomically writes to sk->sk_shutdo
CVE-2024-38589MedJun 19, 2024
affected < 5.14.21-150500.55.88.1.150500.6.39.4fixed 5.14.21-150500.55.88.1.150500.6.39.4
In the Linux kernel, the following vulnerability has been resolved: netrom: fix possible dead-lock in nr_rt_ioctl() syzbot loves netrom, and found a possible deadlock in nr_rt_ioctl [1] Make sure we always acquire nr_node_list_lock before nr_node_lock(nr_node) [1] WARNING: po
CVE-2024-38587MedJun 19, 2024
affected < 5.14.21-150500.55.73.1.150500.6.33.8fixed 5.14.21-150500.55.73.1.150500.6.33.8
In the Linux kernel, the following vulnerability has been resolved: speakup: Fix sizeof() vs ARRAY_SIZE() bug The "buf" pointer is an array of u16 values. This code should be using ARRAY_SIZE() (which is 256) instead of sizeof() (which is 512), otherwise it can the still got o
CVE-2024-38579MedJun 19, 2024
affected < 5.14.21-150500.55.73.1.150500.6.33.8fixed 5.14.21-150500.55.73.1.150500.6.33.8
In the Linux kernel, the following vulnerability has been resolved: crypto: bcm - Fix pointer arithmetic In spu2_dump_omd() value of ptr is increased by ciph_key_len instead of hash_iv_len which could lead to going beyond the buffer boundaries. Fix this bug by changing ciph_key
CVE-2024-38578HigJun 19, 2024
affected < 5.14.21-150500.55.73.1.150500.6.33.8fixed 5.14.21-150500.55.73.1.150500.6.33.8
In the Linux kernel, the following vulnerability has been resolved: ecryptfs: Fix buffer size for tag 66 packet The 'TAG 66 Packet Format' description is missing the cipher code and checksum fields that are packed into the message packet. As a result, the buffer allocated for t
CVE-2024-38567MedJun 19, 2024
affected < 5.14.21-150500.55.73.1.150500.6.33.8fixed 5.14.21-150500.55.73.1.150500.6.33.8
In the Linux kernel, the following vulnerability has been resolved: wifi: carl9170: add a proper sanity check for endpoints Syzkaller reports [1] hitting a warning which is caused by presence of a wrong endpoint type at the URB sumbitting stage. While there was a check for a sp
CVE-2024-38565MedJun 19, 2024
affected < 5.14.21-150500.55.73.1.150500.6.33.8fixed 5.14.21-150500.55.73.1.150500.6.33.8
In the Linux kernel, the following vulnerability has been resolved: wifi: ar5523: enable proper endpoint verification Syzkaller reports [1] hitting a warning about an endpoint in use not having an expected type to it. Fix the issue by checking for the existence of all proper e
CVE-2024-38560HigJun 19, 2024
affected < 5.14.21-150500.55.73.1.150500.6.33.8fixed 5.14.21-150500.55.73.1.150500.6.33.8
In the Linux kernel, the following vulnerability has been resolved: scsi: bfa: Ensure the copied buf is NUL terminated Currently, we allocate a nbytes-sized kernel buffer and copy nbytes from userspace to that buffer. Later, we use sscanf on this buffer but we don't ensure that
CVE-2024-38559MedJun 19, 2024
affected < 5.14.21-150500.55.73.1.150500.6.33.8fixed 5.14.21-150500.55.73.1.150500.6.33.8
In the Linux kernel, the following vulnerability has been resolved: scsi: qedf: Ensure the copied buf is NUL terminated Currently, we allocate a count-sized kernel buffer and copy count from userspace to that buffer. Later, we use kstrtouint on this buffer but we don't ensure t
CVE-2024-38558MedJun 19, 2024
affected < 5.14.21-150500.55.73.1.150500.6.33.8fixed 5.14.21-150500.55.73.1.150500.6.33.8
In the Linux kernel, the following vulnerability has been resolved: net: openvswitch: fix overwriting ct original tuple for ICMPv6 OVS_PACKET_CMD_EXECUTE has 3 main attributes: - OVS_PACKET_ATTR_KEY - Packet metadata in a netlink format. - OVS_PACKET_ATTR_PACKET - Binary pack
CVE-2024-38552HigJun 19, 2024
affected < 5.14.21-150500.55.73.1.150500.6.33.8fixed 5.14.21-150500.55.73.1.150500.6.33.8
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix potential index out of bounds in color transformation function Fixes index out of bounds issue in the color transformation function. The issue could occur when the index 'i' exceeds the num
CVE-2024-38547MedJun 19, 2024
affected < 5.14.21-150500.55.73.1.150500.6.33.8fixed 5.14.21-150500.55.73.1.150500.6.33.8
In the Linux kernel, the following vulnerability has been resolved: media: atomisp: ssh_css: Fix a null-pointer dereference in load_video_binaries The allocation failure of mycs->yuv_scaler_binary in load_video_binaries() is followed with a dereference of mycs->yuv_scaler_binar
CVE-2024-38618Jun 19, 2024
affected < 5.14.21-150500.55.73.1.150500.6.33.8fixed 5.14.21-150500.55.73.1.150500.6.33.8
In the Linux kernel, the following vulnerability has been resolved: ALSA: timer: Set lower bound of start tick time Currently ALSA timer doesn't have the lower limit of the start tick time, and it allows a very small size, e.g. 1 tick with 1ns resolution for hrtimer. Such a si
CVE-2024-38616Jun 19, 2024
affected < 5.14.21-150500.55.73.1.150500.6.33.8fixed 5.14.21-150500.55.73.1.150500.6.33.8
In the Linux kernel, the following vulnerability has been resolved: wifi: carl9170: re-fix fortified-memset warning The carl9170_tx_release() function sometimes triggers a fortified-memset warning in my randconfig builds: In file included from include/linux/string.h:254,
CVE-2024-38608Jun 19, 2024
affected < 5.14.21-150500.55.73.1.150500.6.33.8fixed 5.14.21-150500.55.73.1.150500.6.33.8
In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix netif state handling mlx5e_suspend cleans resources only if netif_device_present() returns true. However, mlx5e_resume changes the state of netif, via mlx5e_nic_enable, only if reg_state == NETRE
CVE-2024-38605Jun 19, 2024
affected < 5.14.21-150500.55.73.1.150500.6.33.8fixed 5.14.21-150500.55.73.1.150500.6.33.8
In the Linux kernel, the following vulnerability has been resolved: ALSA: core: Fix NULL module pointer assignment at card init The commit 81033c6b584b ("ALSA: core: Warn on empty module") introduced a WARN_ON() for a NULL module pointer passed at snd_card object creation, and
CVE-2024-38603Jun 19, 2024
affected < 5.14.21-150500.55.73.1.150500.6.33.8fixed 5.14.21-150500.55.73.1.150500.6.33.8
In the Linux kernel, the following vulnerability has been resolved: drivers/perf: hisi: hns3: Actually use devm_add_action_or_reset() pci_alloc_irq_vectors() allocates an irq vector. When devm_add_action() fails, the irq vector is not freed, which leads to a memory leak. Repla

Page 166 of 231