rpm package
suse/kernel-livepatch-MICRO-6-0_Update_2&distro=SUSE Linux Micro 6.0
pkg:rpm/suse/kernel-livepatch-MICRO-6-0_Update_2&distro=SUSE%20Linux%20Micro%206.0
Vulnerabilities (459)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-42322 | — | < 1-1.1 | 1-1.1 | Aug 17, 2024 | In the Linux kernel, the following vulnerability has been resolved: ipvs: properly dereference pe in ip_vs_add_service Use pe directly to resolve sparse warning: net/netfilter/ipvs/ip_vs_ctl.c:1471:27: warning: dereference of noderef expression | ||
| CVE-2024-42320 | — | < 1-1.1 | 1-1.1 | Aug 17, 2024 | In the Linux kernel, the following vulnerability has been resolved: s390/dasd: fix error checks in dasd_copy_pair_store() dasd_add_busid() can return an error via ERR_PTR() if an allocation fails. However, two callsites in dasd_copy_pair_store() do not check the result, potenti | ||
| CVE-2024-42319 | — | < 1-1.1 | 1-1.1 | Aug 17, 2024 | In the Linux kernel, the following vulnerability has been resolved: mailbox: mtk-cmdq: Move devm_mbox_controller_register() after devm_pm_runtime_enable() When mtk-cmdq unbinds, a WARN_ON message with condition pm_runtime_get_sync() < 0 occurs. According to the call tracei bel | ||
| CVE-2024-42318 | — | < 1-1.1 | 1-1.1 | Aug 17, 2024 | In the Linux kernel, the following vulnerability has been resolved: landlock: Don't lose track of restrictions on cred_transfer When a process' cred struct is replaced, this _almost_ always invokes the cred_prepare LSM hook; but in one special case (when KEYCTL_SESSION_TO_PAREN | ||
| CVE-2024-42316 | — | < 1-1.1 | 1-1.1 | Aug 17, 2024 | In the Linux kernel, the following vulnerability has been resolved: mm/mglru: fix div-by-zero in vmpressure_calc_level() evict_folios() uses a second pass to reclaim folios that have gone through page writeback and become clean before it finishes the first pass, since folio_rot | ||
| CVE-2024-42315 | — | < 1-1.1 | 1-1.1 | Aug 17, 2024 | In the Linux kernel, the following vulnerability has been resolved: exfat: fix potential deadlock on __exfat_get_dentry_set When accessing a file with more entries than ES_MAX_ENTRY_NUM, the bh-array is allocated in __exfat_get_entry_set. The problem is that the bh-array is all | ||
| CVE-2024-42314 | — | < 1-1.1 | 1-1.1 | Aug 17, 2024 | In the Linux kernel, the following vulnerability has been resolved: btrfs: fix extent map use-after-free when adding pages to compressed bio At add_ra_bio_pages() we are accessing the extent map to calculate 'add_size' after we dropped our reference on the extent map, resulting | ||
| CVE-2024-42313 | — | < 1-1.1 | 1-1.1 | Aug 17, 2024 | In the Linux kernel, the following vulnerability has been resolved: media: venus: fix use after free in vdec_close There appears to be a possible use after free with vdec_close(). The firmware will add buffer release work to the work queue through HFI callbacks as a normal part | ||
| CVE-2024-42311 | — | < 1-1.1 | 1-1.1 | Aug 17, 2024 | In the Linux kernel, the following vulnerability has been resolved: hfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode() Syzbot reports uninitialized value access issue as below: loop0: detected capacity change from 0 to 64 ================================== | ||
| CVE-2024-42310 | — | < 1-1.1 | 1-1.1 | Aug 17, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes In cdv_intel_lvds_get_modes(), the return value of drm_mode_duplicate() is assigned to mode, which will lead to a NULL pointer dereference on | ||
| CVE-2024-42309 | — | < 1-1.1 | 1-1.1 | Aug 17, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes In psb_intel_lvds_get_modes(), the return value of drm_mode_duplicate() is assigned to mode, which will lead to a possible NULL pointer deref | ||
| CVE-2024-42303 | — | < 1-1.1 | 1-1.1 | Aug 17, 2024 | In the Linux kernel, the following vulnerability has been resolved: media: imx-pxp: Fix ERR_PTR dereference in pxp_probe() devm_regmap_init_mmio() can fail, add a check and bail out in case of error. | ||
| CVE-2024-42301 | — | < 1-1.1 | 1-1.1 | Aug 17, 2024 | In the Linux kernel, the following vulnerability has been resolved: dev/parport: fix the array out-of-bounds risk Fixed array out-of-bounds issues caused by sprintf by replacing it with snprintf for safer data copying, ensuring the destination buffer is not overflowed. Below i | ||
| CVE-2024-42298 | — | < 1-1.1 | 1-1.1 | Aug 17, 2024 | In the Linux kernel, the following vulnerability has been resolved: ASoC: fsl: fsl_qmc_audio: Check devm_kasprintf() returned value devm_kasprintf() can return a NULL pointer on failure but this returned value is not checked. Fix this lack and check the returned value. | ||
| CVE-2024-42295 | — | < 1-1.1 | 1-1.1 | Aug 17, 2024 | In the Linux kernel, the following vulnerability has been resolved: nilfs2: handle inconsistent state in nilfs_btnode_create_block() Syzbot reported that a buffer state inconsistency was detected in nilfs_btnode_create_block(), triggering a kernel bug. It is not appropriate to | ||
| CVE-2024-42291 | — | < 1-1.1 | 1-1.1 | Aug 17, 2024 | In the Linux kernel, the following vulnerability has been resolved: ice: Add a per-VF limit on number of FDIR filters While the iavf driver adds a s/w limit (128) on the number of FDIR filters that the VF can request, a malicious VF driver can request more than that and exhaust | ||
| CVE-2024-42290 | — | < 1-1.1 | 1-1.1 | Aug 17, 2024 | In the Linux kernel, the following vulnerability has been resolved: irqchip/imx-irqsteer: Handle runtime power management correctly The power domain is automatically activated from clk_prepare(). However, on certain platforms like i.MX8QM and i.MX8QXP, the power-on handling inv | ||
| CVE-2024-42289 | — | < 1-1.1 | 1-1.1 | Aug 17, 2024 | In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: During vport delete send async logout explicitly During vport delete, it is observed that during unload we hit a crash because of stale entries in outstanding command array. For all these stale | ||
| CVE-2024-42288 | — | < 1-1.1 | 1-1.1 | Aug 17, 2024 | In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix for possible memory corruption Init Control Block is dereferenced incorrectly. Correctly dereference ICB | ||
| CVE-2024-42287 | — | < 1-1.1 | 1-1.1 | Aug 17, 2024 | In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Complete command early within lock A crash was observed while performing NPIV and FW reset, BUG: kernel NULL pointer dereference, address: 000000000000001c #PF: supervisor read access in kerne |
- CVE-2024-42322Aug 17, 2024affected < 1-1.1fixed 1-1.1
In the Linux kernel, the following vulnerability has been resolved: ipvs: properly dereference pe in ip_vs_add_service Use pe directly to resolve sparse warning: net/netfilter/ipvs/ip_vs_ctl.c:1471:27: warning: dereference of noderef expression
- CVE-2024-42320Aug 17, 2024affected < 1-1.1fixed 1-1.1
In the Linux kernel, the following vulnerability has been resolved: s390/dasd: fix error checks in dasd_copy_pair_store() dasd_add_busid() can return an error via ERR_PTR() if an allocation fails. However, two callsites in dasd_copy_pair_store() do not check the result, potenti
- CVE-2024-42319Aug 17, 2024affected < 1-1.1fixed 1-1.1
In the Linux kernel, the following vulnerability has been resolved: mailbox: mtk-cmdq: Move devm_mbox_controller_register() after devm_pm_runtime_enable() When mtk-cmdq unbinds, a WARN_ON message with condition pm_runtime_get_sync() < 0 occurs. According to the call tracei bel
- CVE-2024-42318Aug 17, 2024affected < 1-1.1fixed 1-1.1
In the Linux kernel, the following vulnerability has been resolved: landlock: Don't lose track of restrictions on cred_transfer When a process' cred struct is replaced, this _almost_ always invokes the cred_prepare LSM hook; but in one special case (when KEYCTL_SESSION_TO_PAREN
- CVE-2024-42316Aug 17, 2024affected < 1-1.1fixed 1-1.1
In the Linux kernel, the following vulnerability has been resolved: mm/mglru: fix div-by-zero in vmpressure_calc_level() evict_folios() uses a second pass to reclaim folios that have gone through page writeback and become clean before it finishes the first pass, since folio_rot
- CVE-2024-42315Aug 17, 2024affected < 1-1.1fixed 1-1.1
In the Linux kernel, the following vulnerability has been resolved: exfat: fix potential deadlock on __exfat_get_dentry_set When accessing a file with more entries than ES_MAX_ENTRY_NUM, the bh-array is allocated in __exfat_get_entry_set. The problem is that the bh-array is all
- CVE-2024-42314Aug 17, 2024affected < 1-1.1fixed 1-1.1
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix extent map use-after-free when adding pages to compressed bio At add_ra_bio_pages() we are accessing the extent map to calculate 'add_size' after we dropped our reference on the extent map, resulting
- CVE-2024-42313Aug 17, 2024affected < 1-1.1fixed 1-1.1
In the Linux kernel, the following vulnerability has been resolved: media: venus: fix use after free in vdec_close There appears to be a possible use after free with vdec_close(). The firmware will add buffer release work to the work queue through HFI callbacks as a normal part
- CVE-2024-42311Aug 17, 2024affected < 1-1.1fixed 1-1.1
In the Linux kernel, the following vulnerability has been resolved: hfs: fix to initialize fields of hfs_inode_info after hfs_alloc_inode() Syzbot reports uninitialized value access issue as below: loop0: detected capacity change from 0 to 64 ==================================
- CVE-2024-42310Aug 17, 2024affected < 1-1.1fixed 1-1.1
In the Linux kernel, the following vulnerability has been resolved: drm/gma500: fix null pointer dereference in cdv_intel_lvds_get_modes In cdv_intel_lvds_get_modes(), the return value of drm_mode_duplicate() is assigned to mode, which will lead to a NULL pointer dereference on
- CVE-2024-42309Aug 17, 2024affected < 1-1.1fixed 1-1.1
In the Linux kernel, the following vulnerability has been resolved: drm/gma500: fix null pointer dereference in psb_intel_lvds_get_modes In psb_intel_lvds_get_modes(), the return value of drm_mode_duplicate() is assigned to mode, which will lead to a possible NULL pointer deref
- CVE-2024-42303Aug 17, 2024affected < 1-1.1fixed 1-1.1
In the Linux kernel, the following vulnerability has been resolved: media: imx-pxp: Fix ERR_PTR dereference in pxp_probe() devm_regmap_init_mmio() can fail, add a check and bail out in case of error.
- CVE-2024-42301Aug 17, 2024affected < 1-1.1fixed 1-1.1
In the Linux kernel, the following vulnerability has been resolved: dev/parport: fix the array out-of-bounds risk Fixed array out-of-bounds issues caused by sprintf by replacing it with snprintf for safer data copying, ensuring the destination buffer is not overflowed. Below i
- CVE-2024-42298Aug 17, 2024affected < 1-1.1fixed 1-1.1
In the Linux kernel, the following vulnerability has been resolved: ASoC: fsl: fsl_qmc_audio: Check devm_kasprintf() returned value devm_kasprintf() can return a NULL pointer on failure but this returned value is not checked. Fix this lack and check the returned value.
- CVE-2024-42295Aug 17, 2024affected < 1-1.1fixed 1-1.1
In the Linux kernel, the following vulnerability has been resolved: nilfs2: handle inconsistent state in nilfs_btnode_create_block() Syzbot reported that a buffer state inconsistency was detected in nilfs_btnode_create_block(), triggering a kernel bug. It is not appropriate to
- CVE-2024-42291Aug 17, 2024affected < 1-1.1fixed 1-1.1
In the Linux kernel, the following vulnerability has been resolved: ice: Add a per-VF limit on number of FDIR filters While the iavf driver adds a s/w limit (128) on the number of FDIR filters that the VF can request, a malicious VF driver can request more than that and exhaust
- CVE-2024-42290Aug 17, 2024affected < 1-1.1fixed 1-1.1
In the Linux kernel, the following vulnerability has been resolved: irqchip/imx-irqsteer: Handle runtime power management correctly The power domain is automatically activated from clk_prepare(). However, on certain platforms like i.MX8QM and i.MX8QXP, the power-on handling inv
- CVE-2024-42289Aug 17, 2024affected < 1-1.1fixed 1-1.1
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: During vport delete send async logout explicitly During vport delete, it is observed that during unload we hit a crash because of stale entries in outstanding command array. For all these stale
- CVE-2024-42288Aug 17, 2024affected < 1-1.1fixed 1-1.1
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix for possible memory corruption Init Control Block is dereferenced incorrectly. Correctly dereference ICB
- CVE-2024-42287Aug 17, 2024affected < 1-1.1fixed 1-1.1
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Complete command early within lock A crash was observed while performing NPIV and FW reset, BUG: kernel NULL pointer dereference, address: 000000000000001c #PF: supervisor read access in kerne
Page 9 of 23