rpm package

suse/kernel-livepatch-MICRO-6-0-RT_Update_4&distro=SUSE Linux Micro 6.1

pkg:rpm/suse/kernel-livepatch-MICRO-6-0-RT_Update_4&distro=SUSE%20Linux%20Micro%206.1

Vulnerabilities (570)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2024-50004		—	< 1-1.1	1-1.1	Oct 21, 2024	In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: update DML2 policy EnhancedPrefetchScheduleAccelerationFinal DCN35 [WHY & HOW] Mismatch in DCN35 DML2 cause bw validation failed to acquire unexpected DPP pipe to cause grey screen and system h
CVE-2024-50003		—	< 1-1.1	1-1.1	Oct 21, 2024	In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix system hang while resume with TBT monitor [Why] Connected with a Thunderbolt monitor and do the suspend and the system may hang while resume. The TBT monitor HPD will be triggered during t
CVE-2024-50001	Med	5.5	< 1-1.1	1-1.1	Oct 21, 2024	In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix error path in multi-packet WQE transmit Remove the erroneous unmap in case no DMA mapping was established The multi-packet WQE transmit code attempts to obtain a DMA mapping for the skb. This cou
CVE-2024-49973	Med	5.5	< 1-1.1	1-1.1	Oct 21, 2024	In the Linux kernel, the following vulnerability has been resolved: r8169: add tally counter fields added with RTL8125 RTL8125 added fields to the tally counter, what may result in the chip dma'ing these new fields to unallocated memory. Therefore make sure that the allocated m
CVE-2024-49955	Med	5.5	< 1-1.1	1-1.1	Oct 21, 2024	In the Linux kernel, the following vulnerability has been resolved: ACPI: battery: Fix possible crash when unregistering a battery hook When a battery hook returns an error when adding a new battery, then the battery hook is automatically unregistered. However the battery hook
CVE-2024-49952	Med	5.5	< 1-1.1	1-1.1	Oct 21, 2024	In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: prevent nf_skb_duplicated corruption syzbot found that nf_dup_ipv4() or nf_dup_ipv6() could write per-cpu variable nf_skb_duplicated in an unsafe way [1]. Disabling preemption as hinted b
CVE-2024-49949	Med	5.5	< 1-1.1	1-1.1	Oct 21, 2024	In the Linux kernel, the following vulnerability has been resolved: net: avoid potential underflow in qdisc_pkt_len_init() with UFO After commit 7c6d2ecbda83 ("net: be more gentle about silly gso requests coming from user") virtio_net_hdr_to_skb() had sanity check to detect mal
CVE-2024-49944	Med	5.5	< 1-1.1	1-1.1	Oct 21, 2024	In the Linux kernel, the following vulnerability has been resolved: sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start In sctp_listen_start() invoked by sctp_inet_listen(), it should set the sk_state back to CLOSED if sctp_autobind() fails due to whatever
CVE-2024-49938	Med	5.5	< 1-1.1	1-1.1	Oct 21, 2024	In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k_htc: Use __skb_set_length() for resetting urb before resubmit Syzbot points out that skb_trim() has a sanity check on the existing length of the skb, which can be uninitialised in some error paths.
CVE-2024-49930	Hig	7.8	< 1-1.1	1-1.1	Oct 21, 2024	In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix array out-of-bound access in SoC stats Currently, the ath11k_soc_dp_stats::hal_reo_error array is defined with a maximum size of DP_REO_DST_RING_MAX. However, the ath11k_dp_process_rx() functi
CVE-2024-49903	Hig	7.0	< 1-1.1	1-1.1	Oct 21, 2024	In the Linux kernel, the following vulnerability has been resolved: jfs: Fix uaf in dbFreeBits [syzbot reported] ================================================================== BUG: KASAN: slab-use-after-free in __mutex_lock_common kernel/locking/mutex.c:587 [inline] BUG: KA
CVE-2024-49902	Med	5.5	< 1-1.1	1-1.1	Oct 21, 2024	In the Linux kernel, the following vulnerability has been resolved: jfs: check if leafidx greater than num leaves per dmap tree syzbot report a out of bounds in dbSplit, it because dmt_leafidx greater than num leaves per dmap tree, add a checking for dmt_leafidx in dbFindLeaf.
CVE-2024-49900	Hig	7.1	< 1-1.1	1-1.1	Oct 21, 2024	In the Linux kernel, the following vulnerability has been resolved: jfs: Fix uninit-value access of new_ea in ea_buffer syzbot reports that lzo1x_1_do_compress is using uninit-value: ===================================================== BUG: KMSAN: uninit-value in lzo1x_1_do_c
CVE-2024-49894	Hig	7.8	< 1-1.1	1-1.1	Oct 21, 2024	In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix index out of bounds in degamma hardware format translation Fixes index out of bounds issue in `cm_helper_translate_curve_to_degamma_hw_format` function. The issue could occur when the index
CVE-2024-49892	Med	5.5	< 1-1.1	1-1.1	Oct 21, 2024	In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Initialize get_bytes_per_element's default to 1 Variables, used as denominators and maybe not assigned to other values, should not be 0. bytes_per_element_y & bytes_per_element_c are initialize
CVE-2024-49890	Med	5.5	< 1-1.1	1-1.1	Oct 21, 2024	In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: ensure the fw_info is not null before using it This resolves the dereference null return value warning reported by Coverity.
CVE-2024-49884	Hig	7.8	< 1-1.1	1-1.1	Oct 21, 2024	In the Linux kernel, the following vulnerability has been resolved: ext4: fix slab-use-after-free in ext4_split_extent_at() We hit the following use-after-free: ================================================================== BUG: KASAN: slab-use-after-free in ext4_split_ext
CVE-2024-49883	Hig	7.8	< 1-1.1	1-1.1	Oct 21, 2024	In the Linux kernel, the following vulnerability has been resolved: ext4: aovid use-after-free in ext4_ext_insert_extent() As Ojaswin mentioned in Link, in ext4_ext_insert_extent(), if the path is reallocated in ext4_ext_create_new_leaf(), we'll use the stale path and cause UAF
CVE-2024-49882	Hig	7.8	< 1-1.1	1-1.1	Oct 21, 2024	In the Linux kernel, the following vulnerability has been resolved: ext4: fix double brelse() the buffer of the extents path In ext4_ext_try_to_merge_up(), set path[1].p_bh to NULL after it has been released, otherwise it may be released twice. An example of what triggers this
CVE-2024-50002		—	< 1-1.1	1-1.1	Oct 21, 2024	In the Linux kernel, the following vulnerability has been resolved: static_call: Handle module init failure correctly in static_call_del_module() Module insertion invokes static_call_add_module() to initialize the static calls in a module. static_call_add_module() invokes __sta

CVE-2024-50004Oct 21, 2024
affected < 1-1.1fixed 1-1.1
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: update DML2 policy EnhancedPrefetchScheduleAccelerationFinal DCN35 [WHY & HOW] Mismatch in DCN35 DML2 cause bw validation failed to acquire unexpected DPP pipe to cause grey screen and system h
CVE-2024-50003Oct 21, 2024
affected < 1-1.1fixed 1-1.1
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix system hang while resume with TBT monitor [Why] Connected with a Thunderbolt monitor and do the suspend and the system may hang while resume. The TBT monitor HPD will be triggered during t
CVE-2024-50001MedOct 21, 2024
affected < 1-1.1fixed 1-1.1
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fix error path in multi-packet WQE transmit Remove the erroneous unmap in case no DMA mapping was established The multi-packet WQE transmit code attempts to obtain a DMA mapping for the skb. This cou
CVE-2024-49973MedOct 21, 2024
affected < 1-1.1fixed 1-1.1
In the Linux kernel, the following vulnerability has been resolved: r8169: add tally counter fields added with RTL8125 RTL8125 added fields to the tally counter, what may result in the chip dma'ing these new fields to unallocated memory. Therefore make sure that the allocated m
CVE-2024-49955MedOct 21, 2024
affected < 1-1.1fixed 1-1.1
In the Linux kernel, the following vulnerability has been resolved: ACPI: battery: Fix possible crash when unregistering a battery hook When a battery hook returns an error when adding a new battery, then the battery hook is automatically unregistered. However the battery hook
CVE-2024-49952MedOct 21, 2024
affected < 1-1.1fixed 1-1.1
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: prevent nf_skb_duplicated corruption syzbot found that nf_dup_ipv4() or nf_dup_ipv6() could write per-cpu variable nf_skb_duplicated in an unsafe way [1]. Disabling preemption as hinted b
CVE-2024-49949MedOct 21, 2024
affected < 1-1.1fixed 1-1.1
In the Linux kernel, the following vulnerability has been resolved: net: avoid potential underflow in qdisc_pkt_len_init() with UFO After commit 7c6d2ecbda83 ("net: be more gentle about silly gso requests coming from user") virtio_net_hdr_to_skb() had sanity check to detect mal
CVE-2024-49944MedOct 21, 2024
affected < 1-1.1fixed 1-1.1
In the Linux kernel, the following vulnerability has been resolved: sctp: set sk_state back to CLOSED if autobind fails in sctp_listen_start In sctp_listen_start() invoked by sctp_inet_listen(), it should set the sk_state back to CLOSED if sctp_autobind() fails due to whatever
CVE-2024-49938MedOct 21, 2024
affected < 1-1.1fixed 1-1.1
In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k_htc: Use __skb_set_length() for resetting urb before resubmit Syzbot points out that skb_trim() has a sanity check on the existing length of the skb, which can be uninitialised in some error paths.
CVE-2024-49930HigOct 21, 2024
affected < 1-1.1fixed 1-1.1
In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix array out-of-bound access in SoC stats Currently, the ath11k_soc_dp_stats::hal_reo_error array is defined with a maximum size of DP_REO_DST_RING_MAX. However, the ath11k_dp_process_rx() functi
CVE-2024-49903HigOct 21, 2024
affected < 1-1.1fixed 1-1.1
In the Linux kernel, the following vulnerability has been resolved: jfs: Fix uaf in dbFreeBits [syzbot reported] ================================================================== BUG: KASAN: slab-use-after-free in __mutex_lock_common kernel/locking/mutex.c:587 [inline] BUG: KA
CVE-2024-49902MedOct 21, 2024
affected < 1-1.1fixed 1-1.1
In the Linux kernel, the following vulnerability has been resolved: jfs: check if leafidx greater than num leaves per dmap tree syzbot report a out of bounds in dbSplit, it because dmt_leafidx greater than num leaves per dmap tree, add a checking for dmt_leafidx in dbFindLeaf.
CVE-2024-49900HigOct 21, 2024
affected < 1-1.1fixed 1-1.1
In the Linux kernel, the following vulnerability has been resolved: jfs: Fix uninit-value access of new_ea in ea_buffer syzbot reports that lzo1x_1_do_compress is using uninit-value: ===================================================== BUG: KMSAN: uninit-value in lzo1x_1_do_c
CVE-2024-49894HigOct 21, 2024
affected < 1-1.1fixed 1-1.1
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix index out of bounds in degamma hardware format translation Fixes index out of bounds issue in `cm_helper_translate_curve_to_degamma_hw_format` function. The issue could occur when the index
CVE-2024-49892MedOct 21, 2024
affected < 1-1.1fixed 1-1.1
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Initialize get_bytes_per_element's default to 1 Variables, used as denominators and maybe not assigned to other values, should not be 0. bytes_per_element_y & bytes_per_element_c are initialize
CVE-2024-49890MedOct 21, 2024
affected < 1-1.1fixed 1-1.1
In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: ensure the fw_info is not null before using it This resolves the dereference null return value warning reported by Coverity.
CVE-2024-49884HigOct 21, 2024
affected < 1-1.1fixed 1-1.1
In the Linux kernel, the following vulnerability has been resolved: ext4: fix slab-use-after-free in ext4_split_extent_at() We hit the following use-after-free: ================================================================== BUG: KASAN: slab-use-after-free in ext4_split_ext
CVE-2024-49883HigOct 21, 2024
affected < 1-1.1fixed 1-1.1
In the Linux kernel, the following vulnerability has been resolved: ext4: aovid use-after-free in ext4_ext_insert_extent() As Ojaswin mentioned in Link, in ext4_ext_insert_extent(), if the path is reallocated in ext4_ext_create_new_leaf(), we'll use the stale path and cause UAF
CVE-2024-49882HigOct 21, 2024
affected < 1-1.1fixed 1-1.1
In the Linux kernel, the following vulnerability has been resolved: ext4: fix double brelse() the buffer of the extents path In ext4_ext_try_to_merge_up(), set path[1].p_bh to NULL after it has been released, otherwise it may be released twice. An example of what triggers this
CVE-2024-50002Oct 21, 2024
affected < 1-1.1fixed 1-1.1
In the Linux kernel, the following vulnerability has been resolved: static_call: Handle module init failure correctly in static_call_del_module() Module insertion invokes static_call_add_module() to initialize the static calls in a module. static_call_add_module() invokes __sta

Page 15 of 29