rpm package
suse/kernel-livepatch-MICRO-6-0_Update_5&distro=SUSE Linux Micro 6.1
pkg:rpm/suse/kernel-livepatch-MICRO-6-0_Update_5&distro=SUSE%20Linux%20Micro%206.1
Vulnerabilities (424)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-56574 | — | < 1-1.2 | 1-1.2 | Dec 27, 2024 | In the Linux kernel, the following vulnerability has been resolved: media: ts2020: fix null-ptr-deref in ts2020_probe() KASAN reported a null-ptr-deref issue when executing the following command: # echo ts2020 0x20 > /sys/bus/i2c/devices/i2c-0/new_device KASAN: null-ptr- | ||
| CVE-2024-56573 | — | < 1-1.2 | 1-1.2 | Dec 27, 2024 | In the Linux kernel, the following vulnerability has been resolved: efi/libstub: Free correct pointer on failure cmdline_ptr is an out parameter, which is not allocated by the function itself, and likely points into the caller's stack. cmdline refers to the pool allocation tha | ||
| CVE-2024-56572 | — | < 1-1.2 | 1-1.2 | Dec 27, 2024 | In the Linux kernel, the following vulnerability has been resolved: media: platform: allegro-dvt: Fix possible memory leak in allocate_buffers_internal() The buffer in the loop should be released under the exception path, otherwise there may be a memory leak here. To mitigate | ||
| CVE-2024-56570 | — | < 1-1.2 | 1-1.2 | Dec 27, 2024 | In the Linux kernel, the following vulnerability has been resolved: ovl: Filter invalid inodes with missing lookup function Add a check to the ovl_dentry_weird() function to prevent the processing of directory inodes that lack the lookup function. This is important because such | ||
| CVE-2024-56569 | — | < 1-1.2 | 1-1.2 | Dec 27, 2024 | In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix regression with module command in stack_trace_filter When executing the following command: # echo "write*:mod:ext3" > /sys/kernel/tracing/stack_trace_filter The current mod command causes a nu | ||
| CVE-2024-56568 | — | < 1-1.2 | 1-1.2 | Dec 27, 2024 | In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu: Defer probe of clients after smmu device bound Null pointer dereference occurs due to a race between smmu driver probe and client driver probe, when of_dma_configure() for client is called after | ||
| CVE-2024-56567 | — | < 1-1.2 | 1-1.2 | Dec 27, 2024 | In the Linux kernel, the following vulnerability has been resolved: ad7780: fix division by zero in ad7780_write_raw() In the ad7780_write_raw() , val2 can be zero, which might lead to a division by zero error in DIV_ROUND_CLOSEST(). The ad7780_write_raw() is based on iio_info' | ||
| CVE-2024-56566 | — | < 1-1.2 | 1-1.2 | Dec 27, 2024 | In the Linux kernel, the following vulnerability has been resolved: mm/slub: Avoid list corruption when removing a slab from the full list Boot with slub_debug=UFPZ. If allocated object failed in alloc_consistency_checks, all objects of the slab will be marked as used, and the | ||
| CVE-2024-56562 | — | < 1-1.2 | 1-1.2 | Dec 27, 2024 | In the Linux kernel, the following vulnerability has been resolved: i3c: master: Fix miss free init_dyn_addr at i3c_master_put_i3c_addrs() if (dev->boardinfo && dev->boardinfo->init_dyn_addr) ^^^ here check "init_dyn_addr" i3c_bus_set_addr | ||
| CVE-2024-56558 | — | < 1-1.2 | 1-1.2 | Dec 27, 2024 | In the Linux kernel, the following vulnerability has been resolved: nfsd: make sure exp active before svc_export_show The function `e_show` was called with protection from RCU. This only ensures that `exp` will not be freed. Therefore, the reference count for `exp` can drop to | ||
| CVE-2024-56551 | — | < 1-1.2 | 1-1.2 | Dec 27, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix usage slab after free [ +0.000021] BUG: KASAN: slab-use-after-free in drm_sched_entity_flush+0x6cb/0x7a0 [gpu_sched] [ +0.000027] Read of size 8 at addr ffff8881b8605f88 by task amd_pci_unplug | ||
| CVE-2024-53166 | Hig | 7.8 | < 1-1.2 | 1-1.2 | Dec 27, 2024 | In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix bfqq uaf in bfq_limit_depth() Set new allocated bfqq to bic or remove freed bfqq from bic are both protected by bfqd->lock, however bfq_limit_depth() is deferencing bfqq from bic without the loc | |
| CVE-2024-56549 | — | < 1-1.2 | 1-1.2 | Dec 27, 2024 | In the Linux kernel, the following vulnerability has been resolved: cachefiles: Fix NULL pointer dereference in object->file At present, the object->file has the NULL pointer dereference problem in ondemand-mode. The root cause is that the allocated fd and object->file lifetime | ||
| CVE-2024-56548 | — | < 1-1.2 | 1-1.2 | Dec 27, 2024 | In the Linux kernel, the following vulnerability has been resolved: hfsplus: don't query the device logical block size multiple times Devices block sizes may change. One of these cases is a loop device by using ioctl LOOP_SET_BLOCK_SIZE. While this may cause other issues like | ||
| CVE-2024-56546 | — | < 1-1.2 | 1-1.2 | Dec 27, 2024 | In the Linux kernel, the following vulnerability has been resolved: drivers: soc: xilinx: add the missing kfree in xlnx_add_cb_for_suspend() If we fail to allocate memory for cb_data by kmalloc, the memory allocation for eve_data is never freed, add the missing kfree() in the e | ||
| CVE-2024-56543 | — | < 1-1.2 | 1-1.2 | Dec 27, 2024 | In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Skip Rx TID cleanup for self peer During peer create, dp setup for the peer is done where Rx TID is updated for all the TIDs. Peer object for self peer will not go through dp setup. When core hal | ||
| CVE-2024-56539 | — | < 1-1.2 | 1-1.2 | Dec 27, 2024 | In the Linux kernel, the following vulnerability has been resolved: wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan() Replace one-element array with a flexible-array member in `struct mwifiex_ie_types_wildcard_ssid_params` to fix the following wa | ||
| CVE-2024-56538 | — | < 1-1.2 | 1-1.2 | Dec 27, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm: zynqmp_kms: Unplug DRM device before removal Prevent userspace accesses to the DRM device from causing use-after-frees by unplugging the device before we remove it. This causes any further userspace access | ||
| CVE-2024-56536 | — | < 1-1.2 | 1-1.2 | Dec 27, 2024 | In the Linux kernel, the following vulnerability has been resolved: wifi: cw1200: Fix potential NULL dereference A recent refactoring was identified by static analysis to cause a potential NULL dereference, fix this! | ||
| CVE-2024-56533 | — | < 1-1.2 | 1-1.2 | Dec 27, 2024 | In the Linux kernel, the following vulnerability has been resolved: ALSA: usx2y: Use snd_card_free_when_closed() at disconnection The USB disconnect callback is supposed to be short and not too-long waiting. OTOH, the current code uses snd_card_free() at disconnection, but thi |
- CVE-2024-56574Dec 27, 2024affected < 1-1.2fixed 1-1.2
In the Linux kernel, the following vulnerability has been resolved: media: ts2020: fix null-ptr-deref in ts2020_probe() KASAN reported a null-ptr-deref issue when executing the following command: # echo ts2020 0x20 > /sys/bus/i2c/devices/i2c-0/new_device KASAN: null-ptr-
- CVE-2024-56573Dec 27, 2024affected < 1-1.2fixed 1-1.2
In the Linux kernel, the following vulnerability has been resolved: efi/libstub: Free correct pointer on failure cmdline_ptr is an out parameter, which is not allocated by the function itself, and likely points into the caller's stack. cmdline refers to the pool allocation tha
- CVE-2024-56572Dec 27, 2024affected < 1-1.2fixed 1-1.2
In the Linux kernel, the following vulnerability has been resolved: media: platform: allegro-dvt: Fix possible memory leak in allocate_buffers_internal() The buffer in the loop should be released under the exception path, otherwise there may be a memory leak here. To mitigate
- CVE-2024-56570Dec 27, 2024affected < 1-1.2fixed 1-1.2
In the Linux kernel, the following vulnerability has been resolved: ovl: Filter invalid inodes with missing lookup function Add a check to the ovl_dentry_weird() function to prevent the processing of directory inodes that lack the lookup function. This is important because such
- CVE-2024-56569Dec 27, 2024affected < 1-1.2fixed 1-1.2
In the Linux kernel, the following vulnerability has been resolved: ftrace: Fix regression with module command in stack_trace_filter When executing the following command: # echo "write*:mod:ext3" > /sys/kernel/tracing/stack_trace_filter The current mod command causes a nu
- CVE-2024-56568Dec 27, 2024affected < 1-1.2fixed 1-1.2
In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu: Defer probe of clients after smmu device bound Null pointer dereference occurs due to a race between smmu driver probe and client driver probe, when of_dma_configure() for client is called after
- CVE-2024-56567Dec 27, 2024affected < 1-1.2fixed 1-1.2
In the Linux kernel, the following vulnerability has been resolved: ad7780: fix division by zero in ad7780_write_raw() In the ad7780_write_raw() , val2 can be zero, which might lead to a division by zero error in DIV_ROUND_CLOSEST(). The ad7780_write_raw() is based on iio_info'
- CVE-2024-56566Dec 27, 2024affected < 1-1.2fixed 1-1.2
In the Linux kernel, the following vulnerability has been resolved: mm/slub: Avoid list corruption when removing a slab from the full list Boot with slub_debug=UFPZ. If allocated object failed in alloc_consistency_checks, all objects of the slab will be marked as used, and the
- CVE-2024-56562Dec 27, 2024affected < 1-1.2fixed 1-1.2
In the Linux kernel, the following vulnerability has been resolved: i3c: master: Fix miss free init_dyn_addr at i3c_master_put_i3c_addrs() if (dev->boardinfo && dev->boardinfo->init_dyn_addr) ^^^ here check "init_dyn_addr" i3c_bus_set_addr
- CVE-2024-56558Dec 27, 2024affected < 1-1.2fixed 1-1.2
In the Linux kernel, the following vulnerability has been resolved: nfsd: make sure exp active before svc_export_show The function `e_show` was called with protection from RCU. This only ensures that `exp` will not be freed. Therefore, the reference count for `exp` can drop to
- CVE-2024-56551Dec 27, 2024affected < 1-1.2fixed 1-1.2
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix usage slab after free [ +0.000021] BUG: KASAN: slab-use-after-free in drm_sched_entity_flush+0x6cb/0x7a0 [gpu_sched] [ +0.000027] Read of size 8 at addr ffff8881b8605f88 by task amd_pci_unplug
- affected < 1-1.2fixed 1-1.2
In the Linux kernel, the following vulnerability has been resolved: block, bfq: fix bfqq uaf in bfq_limit_depth() Set new allocated bfqq to bic or remove freed bfqq from bic are both protected by bfqd->lock, however bfq_limit_depth() is deferencing bfqq from bic without the loc
- CVE-2024-56549Dec 27, 2024affected < 1-1.2fixed 1-1.2
In the Linux kernel, the following vulnerability has been resolved: cachefiles: Fix NULL pointer dereference in object->file At present, the object->file has the NULL pointer dereference problem in ondemand-mode. The root cause is that the allocated fd and object->file lifetime
- CVE-2024-56548Dec 27, 2024affected < 1-1.2fixed 1-1.2
In the Linux kernel, the following vulnerability has been resolved: hfsplus: don't query the device logical block size multiple times Devices block sizes may change. One of these cases is a loop device by using ioctl LOOP_SET_BLOCK_SIZE. While this may cause other issues like
- CVE-2024-56546Dec 27, 2024affected < 1-1.2fixed 1-1.2
In the Linux kernel, the following vulnerability has been resolved: drivers: soc: xilinx: add the missing kfree in xlnx_add_cb_for_suspend() If we fail to allocate memory for cb_data by kmalloc, the memory allocation for eve_data is never freed, add the missing kfree() in the e
- CVE-2024-56543Dec 27, 2024affected < 1-1.2fixed 1-1.2
In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Skip Rx TID cleanup for self peer During peer create, dp setup for the peer is done where Rx TID is updated for all the TIDs. Peer object for self peer will not go through dp setup. When core hal
- CVE-2024-56539Dec 27, 2024affected < 1-1.2fixed 1-1.2
In the Linux kernel, the following vulnerability has been resolved: wifi: mwifiex: Fix memcpy() field-spanning write warning in mwifiex_config_scan() Replace one-element array with a flexible-array member in `struct mwifiex_ie_types_wildcard_ssid_params` to fix the following wa
- CVE-2024-56538Dec 27, 2024affected < 1-1.2fixed 1-1.2
In the Linux kernel, the following vulnerability has been resolved: drm: zynqmp_kms: Unplug DRM device before removal Prevent userspace accesses to the DRM device from causing use-after-frees by unplugging the device before we remove it. This causes any further userspace access
- CVE-2024-56536Dec 27, 2024affected < 1-1.2fixed 1-1.2
In the Linux kernel, the following vulnerability has been resolved: wifi: cw1200: Fix potential NULL dereference A recent refactoring was identified by static analysis to cause a potential NULL dereference, fix this!
- CVE-2024-56533Dec 27, 2024affected < 1-1.2fixed 1-1.2
In the Linux kernel, the following vulnerability has been resolved: ALSA: usx2y: Use snd_card_free_when_closed() at disconnection The USB disconnect callback is supposed to be short and not too-long waiting. OTOH, the current code uses snd_card_free() at disconnection, but thi
Page 15 of 22