VYPR

rpm package

suse/kernel-livepatch-SLE15-SP2_Update_45&distro=SUSE Linux Enterprise Live Patching 15 SP2

pkg:rpm/suse/kernel-livepatch-SLE15-SP2_Update_45&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP2

Vulnerabilities (29)

  • CVE-2024-41059HigJul 29, 2024
    affected < 10-150200.2.1fixed 10-150200.2.1

    In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix uninit-value in copy_name [syzbot reported] BUG: KMSAN: uninit-value in sized_strscpy+0xc4/0x160 sized_strscpy+0xc4/0x160 copy_name+0x2af/0x320 fs/hfsplus/xattr.c:411 hfsplus_listxattr+0x11e9/0x

  • CVE-2023-52340HigJul 5, 2024
    affected < 4-150200.2.1fixed 4-150200.2.1

    The IPv6 implementation in the Linux kernel before 6.3 has a net/ipv6/route.c max_size threshold that can be consumed easily, e.g., leading to a denial of service (network is unreachable errors) when IPv6 packets are sent in a loop via a raw socket.

  • CVE-2021-47600HigJun 19, 2024
    affected < 11-150200.2.1fixed 11-150200.2.1

    In the Linux kernel, the following vulnerability has been resolved: dm btree remove: fix use after free in rebalance_children() Move dm_tm_unlock() after dm_tm_dec().

  • CVE-2021-47598HigJun 19, 2024
    affected < 11-150200.2.1fixed 11-150200.2.1

    In the Linux kernel, the following vulnerability has been resolved: sch_cake: do not call cake_destroy() from cake_init() qdiscs are not supposed to call their own destroy() method from init(), because core stack already does that. syzbot was able to trigger use after free: D

  • CVE-2024-36964MedJun 3, 2024
    affected < 10-150200.2.1fixed 10-150200.2.1

    In the Linux kernel, the following vulnerability has been resolved: fs/9p: only translate RWX permissions for plain 9P2000 Garbage in plain 9P2000's perm bits is allowed through, which causes it to be able to set (among others) the suid bit. This was presumably not the intent s

  • CVE-2023-52752HigMay 21, 2024
    affected < 11-150200.2.1fixed 11-150200.2.1

    In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() Skip SMB sessions that are being teared down (e.g. @ses->ses_status == SES_EXITING) in cifs_debug_data_proc_show() to avoid use-after-free in @

  • CVE-2021-47402HigMay 21, 2024
    affected < 9-150200.2.1fixed 9-150200.2.1

    In the Linux kernel, the following vulnerability has been resolved: net: sched: flower: protect fl_walk() with rcu Patch that refactored fl_walk() to use idr_for_each_entry_continue_ul() also removed rcu protection of individual filters which causes following use-after-free whe

  • CVE-2021-47378CriMay 21, 2024
    affected < 9-150200.2.1fixed 9-150200.2.1

    In the Linux kernel, the following vulnerability has been resolved: nvme-rdma: destroy cm id before destroy qp to avoid use after free We should always destroy cm_id before destroy qp to avoid to get cma event after qp was destroyed, which may lead to use after free. In RDMA co

  • CVE-2021-47291HigMay 21, 2024
    affected < 10-150200.2.1fixed 10-150200.2.1

    In the Linux kernel, the following vulnerability has been resolved: ipv6: fix another slab-out-of-bounds in fib6_nh_flush_exceptions While running the self-tests on a KASAN enabled kernel, I observed a slab-out-of-bounds splat very similar to the one reported in commit 821bbf79

  • CVE-2024-35864HigMay 19, 2024
    affected < 11-150200.2.1fixed 11-150200.2.1

    In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF in smb2_is_valid_lease_break() Skip sessions that are being teared down (status == SES_EXITING) to avoid UAF.

  • CVE-2024-35862HigMay 19, 2024
    affected < 11-150200.2.1fixed 11-150200.2.1

    In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF in smb2_is_network_name_deleted() Skip sessions that are being teared down (status == SES_EXITING) to avoid UAF.

  • CVE-2024-35861HigMay 19, 2024
    affected < 10-150200.2.1fixed 10-150200.2.1

    In the Linux kernel, the following vulnerability has been resolved: smb: client: fix potential UAF in cifs_signal_cifsd_for_reconnect() Skip sessions that are being teared down (status == SES_EXITING) to avoid UAF.

  • CVE-2023-6536MedFeb 7, 2024
    affected < 1-150200.5.3.1fixed 1-150200.5.3.1

    A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial

  • CVE-2023-6535MedFeb 7, 2024
    affected < 1-150200.5.3.1fixed 1-150200.5.3.1

    A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver, causing kernel panic and a denial

  • CVE-2023-6356MedFeb 7, 2024
    affected < 1-150200.5.3.1fixed 1-150200.5.3.1

    A flaw was found in the Linux kernel's NVMe driver. This issue may allow an unauthenticated malicious actor to send a set of crafted TCP packages when using NVMe over TCP, leading the NVMe driver to a NULL pointer dereference in the NVMe driver and causing kernel panic and a deni

  • CVE-2024-1086HigKEVJan 31, 2024
    affected < 1-150200.5.3.1fixed 1-150200.5.3.1

    A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cau

  • CVE-2023-46838HigJan 29, 2024
    affected < 1-150200.5.3.1fixed 1-150200.5.3.1

    Transmit requests in Xen's virtual network protocol can consist of multiple parts. While not really useful, except for the initial part any of them may be of zero length, i.e. carry no data at all. Besides a certain initial portion of the to be transferred data, these parts are

  • CVE-2023-51043HigJan 23, 2024
    affected < 1-150200.5.3.1fixed 1-150200.5.3.1

    In the Linux kernel before 6.4.5, drivers/gpu/drm/drm_atomic.c has a use-after-free during a race condition between a nonblocking atomic commit and a driver unload.

  • CVE-2024-0775MedJan 22, 2024
    affected < 1-150200.5.3.1fixed 1-150200.5.3.1

    A use-after-free flaw was found in the __ext4_remount in fs/ext4/super.c in ext4 in the Linux kernel. This flaw allows a local user to cause an information leak problem while freeing the old quota file names before a potential failure, leading to a use-after-free.

  • CVE-2023-6531HigJan 21, 2024
    affected < 3-150200.2.3fixed 3-150200.2.3

    A use-after-free flaw was found in the Linux Kernel due to a race problem in the unix garbage collector's deletion of SKB races with unix_stream_read_generic() on the socket that the SKB is queued on.

Page 1 of 2