rpm package
suse/kernel-livepatch-SLE15-SP2_Update_47&distro=SUSE Linux Enterprise Live Patching 15 SP2
pkg:rpm/suse/kernel-livepatch-SLE15-SP2_Update_47&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP2
Vulnerabilities (135)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-47153 | — | < 1-150200.5.3.3 | 1-150200.5.3.3 | Mar 25, 2024 | In the Linux kernel, the following vulnerability has been resolved: i2c: i801: Don't generate an interrupt on bus reset Now that the i2c-i801 driver supports interrupts, setting the KILL bit in a attempt to recover from a timed out transaction triggers an interrupt. Unfortunate | ||
| CVE-2021-47142 | — | < 1-150200.5.3.3 | 1-150200.5.3.3 | Mar 25, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix a use-after-free looks like we forget to set ttm->sg to NULL. Hit panic below [ 1235.844104] general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b7b4b: 0000 [#1] SMP DEBUG | ||
| CVE-2021-47141 | — | < 1-150200.5.3.3 | 1-150200.5.3.3 | Mar 25, 2024 | In the Linux kernel, the following vulnerability has been resolved: gve: Add NULL pointer checks when freeing irqs. When freeing notification blocks, we index priv->msix_vectors. If we failed to allocate priv->msix_vectors (see abort_with_msix_vectors) this could lead to a NULL | ||
| CVE-2021-47139 | — | < 1-150200.5.3.3 | 1-150200.5.3.3 | Mar 25, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: hns3: put off calling register_netdev() until client initialize complete Currently, the netdevice is registered before client initializing complete. So there is a timewindow between netdevice available and | ||
| CVE-2021-47138 | — | < 1-150200.5.3.3 | 1-150200.5.3.3 | Mar 25, 2024 | In the Linux kernel, the following vulnerability has been resolved: cxgb4: avoid accessing registers when clearing filters Hardware register having the server TID base can contain invalid values when adapter is in bad state (for example, due to AER fatal error). Reading these i | ||
| CVE-2024-26642 | Med | 5.5 | < 1-150200.5.3.3 | 1-150200.5.3.3 | Mar 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: disallow anonymous set with timeout flag Anonymous sets are never used with timeout from userspace, reject this. Exception to this rule is NFT_SET_EVAL to ensure legacy meters still work. | |
| CVE-2021-47120 | — | < 1-150200.5.3.3 | 1-150200.5.3.3 | Mar 15, 2024 | In the Linux kernel, the following vulnerability has been resolved: HID: magicmouse: fix NULL-deref on disconnect Commit 9d7b18668956 ("HID: magicmouse: add support for Apple Magic Trackpad 2") added a sanity check for an Apple trackpad but returned success instead of -ENODEV w | ||
| CVE-2021-47119 | — | < 1-150200.5.3.3 | 1-150200.5.3.3 | Mar 15, 2024 | In the Linux kernel, the following vulnerability has been resolved: ext4: fix memory leak in ext4_fill_super Buffer head references must be released before calling kill_bdev(); otherwise the buffer head (and its page referenced by b_data) will not be freed by kill_bdev, and sub | ||
| CVE-2021-47118 | — | < 1-150200.5.3.3 | 1-150200.5.3.3 | Mar 15, 2024 | In the Linux kernel, the following vulnerability has been resolved: pid: take a reference when initializing `cad_pid` During boot, kernel_init_freeable() initializes `cad_pid` to the init task's struct pid. Later on, we may change `cad_pid` via a sysctl, and when this happens | ||
| CVE-2021-47117 | — | < 1-150200.5.3.3 | 1-150200.5.3.3 | Mar 15, 2024 | In the Linux kernel, the following vulnerability has been resolved: ext4: fix bug on in ext4_es_cache_extent as ext4_split_extent_at failed We got follow bug_on when run fsstress with injecting IO fault: [130747.323114] kernel BUG at fs/ext4/extents_status.c:762! [130747.323117 | ||
| CVE-2021-47114 | — | < 1-150200.5.3.3 | 1-150200.5.3.3 | Mar 15, 2024 | In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix data corruption by fallocate When fallocate punches holes out of inode size, if original isize is in the middle of last cluster, then the part from isize to the end of the cluster will be zeroed with | ||
| CVE-2021-47112 | — | < 1-150200.5.3.3 | 1-150200.5.3.3 | Mar 15, 2024 | In the Linux kernel, the following vulnerability has been resolved: x86/kvm: Teardown PV features on boot CPU as well Various PV features (Async PF, PV EOI, steal time) work through memory shared with hypervisor and when we restore from hibernation we must properly teardown all | ||
| CVE-2021-47110 | — | < 1-150200.5.3.3 | 1-150200.5.3.3 | Mar 15, 2024 | In the Linux kernel, the following vulnerability has been resolved: x86/kvm: Disable kvmclock on all CPUs on shutdown Currenly, we disable kvmclock from machine_shutdown() hook and this only happens for boot CPU. We need to disable it for all CPUs to guard against memory corrup | ||
| CVE-2021-47109 | — | < 1-150200.5.3.3 | 1-150200.5.3.3 | Mar 15, 2024 | In the Linux kernel, the following vulnerability has been resolved: neighbour: allow NUD_NOARP entries to be forced GCed IFF_POINTOPOINT interfaces use NUD_NOARP entries for IPv6. It's possible to fill up the neighbour table with enough entries that it will overflow for valid c | ||
| CVE-2023-28746 | Med | 6.5 | < 1-150200.5.3.3 | 1-150200.5.3.3 | Mar 14, 2024 | Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | |
| CVE-2023-52607 | — | < 1-150200.5.3.3 | 1-150200.5.3.3 | Mar 6, 2024 | In the Linux kernel, the following vulnerability has been resolved: powerpc/mm: Fix null-pointer dereference in pgtable_cache_add kasprintf() returns a pointer to dynamically allocated memory which can be NULL upon failure. Ensure the allocation was successful by checking the p | ||
| CVE-2023-52591 | — | < 1-150200.5.3.3 | 1-150200.5.3.3 | Mar 6, 2024 | In the Linux kernel, the following vulnerability has been resolved: reiserfs: Avoid touching renamed directory if parent does not change The VFS will not be locking moved directory if its parent does not change. Change reiserfs rename code to avoid touching renamed directory if | ||
| CVE-2023-52590 | — | < 1-150200.5.3.3 | 1-150200.5.3.3 | Mar 6, 2024 | In the Linux kernel, the following vulnerability has been resolved: ocfs2: Avoid touching renamed directory if parent does not change The VFS will not be locking moved directory if its parent does not change. Change ocfs2 rename code to avoid touching renamed directory if its p | ||
| CVE-2023-52583 | — | < 1-150200.5.3.3 | 1-150200.5.3.3 | Mar 6, 2024 | In the Linux kernel, the following vulnerability has been resolved: ceph: fix deadlock or deadcode of misusing dget() The lock order is incorrect between denty and its parent, we should always make sure that the parent get the lock first. But since this deadcode is never used | ||
| CVE-2021-47082 | — | < 1-150200.5.3.3 | 1-150200.5.3.3 | Mar 4, 2024 | In the Linux kernel, the following vulnerability has been resolved: tun: avoid double free in tun_free_netdev Avoid double free in tun_free_netdev() by moving the dev->tstats and tun->security allocs to a new ndo_init routine (tun_net_init()) that will be called by register_net |
- CVE-2021-47153Mar 25, 2024affected < 1-150200.5.3.3fixed 1-150200.5.3.3
In the Linux kernel, the following vulnerability has been resolved: i2c: i801: Don't generate an interrupt on bus reset Now that the i2c-i801 driver supports interrupts, setting the KILL bit in a attempt to recover from a timed out transaction triggers an interrupt. Unfortunate
- CVE-2021-47142Mar 25, 2024affected < 1-150200.5.3.3fixed 1-150200.5.3.3
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix a use-after-free looks like we forget to set ttm->sg to NULL. Hit panic below [ 1235.844104] general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b7b4b: 0000 [#1] SMP DEBUG
- CVE-2021-47141Mar 25, 2024affected < 1-150200.5.3.3fixed 1-150200.5.3.3
In the Linux kernel, the following vulnerability has been resolved: gve: Add NULL pointer checks when freeing irqs. When freeing notification blocks, we index priv->msix_vectors. If we failed to allocate priv->msix_vectors (see abort_with_msix_vectors) this could lead to a NULL
- CVE-2021-47139Mar 25, 2024affected < 1-150200.5.3.3fixed 1-150200.5.3.3
In the Linux kernel, the following vulnerability has been resolved: net: hns3: put off calling register_netdev() until client initialize complete Currently, the netdevice is registered before client initializing complete. So there is a timewindow between netdevice available and
- CVE-2021-47138Mar 25, 2024affected < 1-150200.5.3.3fixed 1-150200.5.3.3
In the Linux kernel, the following vulnerability has been resolved: cxgb4: avoid accessing registers when clearing filters Hardware register having the server TID base can contain invalid values when adapter is in bad state (for example, due to AER fatal error). Reading these i
- affected < 1-150200.5.3.3fixed 1-150200.5.3.3
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: disallow anonymous set with timeout flag Anonymous sets are never used with timeout from userspace, reject this. Exception to this rule is NFT_SET_EVAL to ensure legacy meters still work.
- CVE-2021-47120Mar 15, 2024affected < 1-150200.5.3.3fixed 1-150200.5.3.3
In the Linux kernel, the following vulnerability has been resolved: HID: magicmouse: fix NULL-deref on disconnect Commit 9d7b18668956 ("HID: magicmouse: add support for Apple Magic Trackpad 2") added a sanity check for an Apple trackpad but returned success instead of -ENODEV w
- CVE-2021-47119Mar 15, 2024affected < 1-150200.5.3.3fixed 1-150200.5.3.3
In the Linux kernel, the following vulnerability has been resolved: ext4: fix memory leak in ext4_fill_super Buffer head references must be released before calling kill_bdev(); otherwise the buffer head (and its page referenced by b_data) will not be freed by kill_bdev, and sub
- CVE-2021-47118Mar 15, 2024affected < 1-150200.5.3.3fixed 1-150200.5.3.3
In the Linux kernel, the following vulnerability has been resolved: pid: take a reference when initializing `cad_pid` During boot, kernel_init_freeable() initializes `cad_pid` to the init task's struct pid. Later on, we may change `cad_pid` via a sysctl, and when this happens
- CVE-2021-47117Mar 15, 2024affected < 1-150200.5.3.3fixed 1-150200.5.3.3
In the Linux kernel, the following vulnerability has been resolved: ext4: fix bug on in ext4_es_cache_extent as ext4_split_extent_at failed We got follow bug_on when run fsstress with injecting IO fault: [130747.323114] kernel BUG at fs/ext4/extents_status.c:762! [130747.323117
- CVE-2021-47114Mar 15, 2024affected < 1-150200.5.3.3fixed 1-150200.5.3.3
In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix data corruption by fallocate When fallocate punches holes out of inode size, if original isize is in the middle of last cluster, then the part from isize to the end of the cluster will be zeroed with
- CVE-2021-47112Mar 15, 2024affected < 1-150200.5.3.3fixed 1-150200.5.3.3
In the Linux kernel, the following vulnerability has been resolved: x86/kvm: Teardown PV features on boot CPU as well Various PV features (Async PF, PV EOI, steal time) work through memory shared with hypervisor and when we restore from hibernation we must properly teardown all
- CVE-2021-47110Mar 15, 2024affected < 1-150200.5.3.3fixed 1-150200.5.3.3
In the Linux kernel, the following vulnerability has been resolved: x86/kvm: Disable kvmclock on all CPUs on shutdown Currenly, we disable kvmclock from machine_shutdown() hook and this only happens for boot CPU. We need to disable it for all CPUs to guard against memory corrup
- CVE-2021-47109Mar 15, 2024affected < 1-150200.5.3.3fixed 1-150200.5.3.3
In the Linux kernel, the following vulnerability has been resolved: neighbour: allow NUD_NOARP entries to be forced GCed IFF_POINTOPOINT interfaces use NUD_NOARP entries for IPv6. It's possible to fill up the neighbour table with enough entries that it will overflow for valid c
- affected < 1-150200.5.3.3fixed 1-150200.5.3.3
Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
- CVE-2023-52607Mar 6, 2024affected < 1-150200.5.3.3fixed 1-150200.5.3.3
In the Linux kernel, the following vulnerability has been resolved: powerpc/mm: Fix null-pointer dereference in pgtable_cache_add kasprintf() returns a pointer to dynamically allocated memory which can be NULL upon failure. Ensure the allocation was successful by checking the p
- CVE-2023-52591Mar 6, 2024affected < 1-150200.5.3.3fixed 1-150200.5.3.3
In the Linux kernel, the following vulnerability has been resolved: reiserfs: Avoid touching renamed directory if parent does not change The VFS will not be locking moved directory if its parent does not change. Change reiserfs rename code to avoid touching renamed directory if
- CVE-2023-52590Mar 6, 2024affected < 1-150200.5.3.3fixed 1-150200.5.3.3
In the Linux kernel, the following vulnerability has been resolved: ocfs2: Avoid touching renamed directory if parent does not change The VFS will not be locking moved directory if its parent does not change. Change ocfs2 rename code to avoid touching renamed directory if its p
- CVE-2023-52583Mar 6, 2024affected < 1-150200.5.3.3fixed 1-150200.5.3.3
In the Linux kernel, the following vulnerability has been resolved: ceph: fix deadlock or deadcode of misusing dget() The lock order is incorrect between denty and its parent, we should always make sure that the parent get the lock first. But since this deadcode is never used
- CVE-2021-47082Mar 4, 2024affected < 1-150200.5.3.3fixed 1-150200.5.3.3
In the Linux kernel, the following vulnerability has been resolved: tun: avoid double free in tun_free_netdev Avoid double free in tun_free_netdev() by moving the dev->tstats and tun->security allocs to a new ndo_init routine (tun_net_init()) that will be called by register_net
Page 3 of 7