suse/kernel-default-base&distro=SUSE Linux Enterprise Micro 5.5

Vulnerabilities (4,617)

• CVE-2024-26687Apr 3, 2024
  affected < 5.14.21-150500.55.62.2.150500.6.27.2fixed 5.14.21-150500.55.62.2.150500.6.27.2

  In the Linux kernel, the following vulnerability has been resolved: xen/events: close evtchn after mapping cleanup shutdown_pirq and startup_pirq are not taking the irq_mapping_update_lock because they can't due to lock inversion. Both are called with the irq_desc->lock being t

• CVE-2024-26685Apr 3, 2024
  affected < 5.14.21-150500.55.62.2.150500.6.27.2fixed 5.14.21-150500.55.62.2.150500.6.27.2

  In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential bug in end_buffer_async_write According to a syzbot report, end_buffer_async_write(), which handles the completion of block device writes, may detect abnormal condition of the buffer async

• CVE-2023-52639Apr 3, 2024
  affected < 5.14.21-150500.55.59.1.150500.6.25.7fixed 5.14.21-150500.55.59.1.150500.6.25.7

  In the Linux kernel, the following vulnerability has been resolved: KVM: s390: vsie: fix race during shadow creation Right now it is possible to see gmap->private being zero in kvm_s390_vsie_gmap_notifier resulting in a crash. This is due to the fact that we add gmap->private

• CVE-2023-52637Apr 3, 2024
  affected < 5.14.21-150500.55.59.1.150500.6.25.7fixed 5.14.21-150500.55.59.1.150500.6.25.7

  In the Linux kernel, the following vulnerability has been resolved: can: j1939: Fix UAF in j1939_sk_match_filter during setsockopt(SO_J1939_FILTER) Lock jsk->sk to prevent UAF when setsockopt(..., SO_J1939_FILTER, ...) modifies jsk->filters while receiving packets. Following t

• CVE-2024-26659MedApr 2, 2024
  affected < 5.14.21-150500.55.59.1.150500.6.25.7fixed 5.14.21-150500.55.59.1.150500.6.25.7

  In the Linux kernel, the following vulnerability has been resolved: xhci: handle isoc Babble and Buffer Overrun events properly xHCI 4.9 explicitly forbids assuming that the xHC has released its ownership of a multi-TRB TD when it reports an error on one of the early TRBs. Yet

• CVE-2024-26684Apr 2, 2024
  affected < 5.14.21-150500.55.62.2.150500.6.27.2fixed 5.14.21-150500.55.62.2.150500.6.27.2

  In the Linux kernel, the following vulnerability has been resolved: net: stmmac: xgmac: fix handling of DPP safety error for DMA channels Commit 56e58d6c8a56 ("net: stmmac: Implement Safety Features in XGMAC core") checks and reports safety errors, but leaves the Data Path Pari

• CVE-2024-26681Apr 2, 2024
  affected < 5.14.21-150500.55.62.2.150500.6.27.2fixed 5.14.21-150500.55.62.2.150500.6.27.2

  In the Linux kernel, the following vulnerability has been resolved: netdevsim: avoid potential loop in nsim_dev_trap_report_work() Many syzbot reports include the following trace [1] If nsim_dev_trap_report_work() can not grab the mutex, it should rearm itself at least one jif

• CVE-2024-26680Apr 2, 2024
  affected < 5.14.21-150500.55.62.2.150500.6.27.2fixed 5.14.21-150500.55.62.2.150500.6.27.2

  In the Linux kernel, the following vulnerability has been resolved: net: atlantic: Fix DMA mapping for PTP hwts ring Function aq_ring_hwts_rx_alloc() maps extra AQ_CFG_RXDS_DEF bytes for PTP HWTS ring but then generic aq_ring_free() does not take this into account. Create and u

• CVE-2024-26679Apr 2, 2024
  affected < 5.14.21-150500.55.68.1.150500.6.31.1fixed 5.14.21-150500.55.68.1.150500.6.31.1

  In the Linux kernel, the following vulnerability has been resolved: inet: read sk->sk_family once in inet_recv_error() inet_recv_error() is called without holding the socket lock. IPv6 socket could mutate to IPv4 with IPV6_ADDRFORM socket option and trigger a KCSAN warning.

• CVE-2024-26677Apr 2, 2024
  affected < 5.14.21-150500.55.80.2.150500.6.35.6fixed 5.14.21-150500.55.80.2.150500.6.35.6

  In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix delayed ACKs to not set the reference serial number Fix the construction of delayed ACKs to not set the reference serial number as they can't be used as an RTT reference.

• CVE-2024-26675Apr 2, 2024
  affected < 5.14.21-150500.55.62.2.150500.6.27.2fixed 5.14.21-150500.55.62.2.150500.6.27.2

  In the Linux kernel, the following vulnerability has been resolved: ppp_async: limit MRU to 64K syzbot triggered a warning [1] in __alloc_pages(): WARN_ON_ONCE_GFP(order > MAX_PAGE_ORDER, gfp) Willem fixed a similar issue in commit c0a2a1b0d631 ("ppp: limit MRU to 64K") Adop

• CVE-2023-52636Apr 2, 2024
  affected < 5.14.21-150500.55.62.2.150500.6.27.2fixed 5.14.21-150500.55.62.2.150500.6.27.2

  In the Linux kernel, the following vulnerability has been resolved: libceph: just wait for more data to be available on the socket A short read may occur while reading the message footer from the socket. Later, when the socket is ready for another read, the messenger invokes a

• CVE-2024-26673Apr 2, 2024
  affected < 5.14.21-150500.55.62.2.150500.6.27.2fixed 5.14.21-150500.55.62.2.150500.6.27.2

  In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations - Disallow families other than NFPROTO_{IPV4,IPV6,INET}. - Disallow layer 4 protocol with no ports, since destination port is a

• CVE-2024-26671Apr 2, 2024
  affected < 5.14.21-150500.55.62.2.150500.6.27.2fixed 5.14.21-150500.55.62.2.150500.6.27.2

  In the Linux kernel, the following vulnerability has been resolved: blk-mq: fix IO hang from sbitmap wakeup race In blk_mq_mark_tag_wait(), __add_wait_queue() may be re-ordered with the following blk_mq_get_driver_tag() in case of getting driver tag failure. Then in __sbitmap_

• CVE-2023-52635Apr 2, 2024
  affected < 5.14.21-150500.55.62.2.150500.6.27.2fixed 5.14.21-150500.55.62.2.150500.6.27.2

  In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: Synchronize devfreq_monitor_[start/stop] There is a chance if a frequent switch of the governor done in a loop result in timer list corruption where timer cancel being done from two place one from

• CVE-2023-52632Apr 2, 2024
  affected < 5.14.21-150500.55.59.1.150500.6.25.7fixed 5.14.21-150500.55.59.1.150500.6.25.7

  In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix lock dependency warning with srcu ====================================================== WARNING: possible circular locking dependency detected 6.5.0-kfd-yangp #2289 Not tainted ----------------

• CVE-2024-26670Apr 2, 2024
  affected < 5.14.21-150500.55.59.1.150500.6.25.7fixed 5.14.21-150500.55.59.1.150500.6.25.7

  In the Linux kernel, the following vulnerability has been resolved: arm64: entry: fix ARM64_WORKAROUND_SPECULATIVE_UNPRIV_LOAD Currently the ARM64_WORKAROUND_SPECULATIVE_UNPRIV_LOAD workaround isn't quite right, as it is supposed to be applied after the last explicit memory acc

• CVE-2024-26669Apr 2, 2024
  affected < 5.14.21-150500.55.80.2.150500.6.35.6fixed 5.14.21-150500.55.80.2.150500.6.35.6

  In the Linux kernel, the following vulnerability has been resolved: net/sched: flower: Fix chain template offload When a qdisc is deleted from a net device the stack instructs the underlying driver to remove its flow offload callback from the associated filter block using the '

• CVE-2024-26668Apr 2, 2024
  affected < 5.14.21-150500.55.80.2.150500.6.35.6fixed 5.14.21-150500.55.80.2.150500.6.35.6

  In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_limit: reject configurations that cause integer overflow Reject bogus configs where internal token counter wraps around. This only occurs with very very large requests, such as 17gbyte/s. Its be

• CVE-2024-26667Apr 2, 2024
  affected < 5.14.21-150500.55.59.1.150500.6.25.7fixed 5.14.21-150500.55.59.1.150500.6.25.7

  In the Linux kernel, the following vulnerability has been resolved: drm/msm/dpu: check for valid hw_pp in dpu_encoder_helper_phys_cleanup The commit 8b45a26f2ba9 ("drm/msm/dpu: reserve cdm blocks for writeback in case of YUV output") introduced a smatch warning about another co