rpm package
suse/kernel-livepatch-SLE15-SP2_Update_50&distro=SUSE Linux Enterprise Live Patching 15 SP2
pkg:rpm/suse/kernel-livepatch-SLE15-SP2_Update_50&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP2
Vulnerabilities (42)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-43861 | — | < 4-150200.5.6.1 | 4-150200.5.6.1 | Aug 20, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: usb: qmi_wwan: fix memory leak for not ip packets Free the unused skb when not ip packets arrive. | ||
| CVE-2024-41059 | — | < 2-150200.5.6.1 | 2-150200.5.6.1 | Jul 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix uninit-value in copy_name [syzbot reported] BUG: KMSAN: uninit-value in sized_strscpy+0xc4/0x160 sized_strscpy+0xc4/0x160 copy_name+0x2af/0x320 fs/hfsplus/xattr.c:411 hfsplus_listxattr+0x11e9/0x | ||
| CVE-2021-4439 | — | < 1-150200.5.3.1 | 1-150200.5.3.1 | Jun 20, 2024 | In the Linux kernel, the following vulnerability has been resolved: isdn: cpai: check ctr->cnr to avoid array index out of bound The cmtp_add_connection() would add a cmtp session to a controller and run a kernel thread to process cmtp. __module_get(THIS_MODULE); session->ta | ||
| CVE-2022-48771 | — | < 1-150200.5.3.1 | 1-150200.5.3.1 | Jun 20, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix stale file descriptors on failed usercopy A failing usercopy of the fence_rep object will lead to a stale entry in the file descriptor table as put_unused_fd() won't release it. This enables use | ||
| CVE-2022-48760 | — | < 1-150200.5.3.1 | 1-150200.5.3.1 | Jun 20, 2024 | In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix hang in usb_kill_urb by adding memory barriers The syzbot fuzzer has identified a bug in which processes hang waiting for usb_kill_urb() to return. It turns out the issue is not unlinking the UR | ||
| CVE-2022-48711 | — | < 1-150200.5.3.1 | 1-150200.5.3.1 | Jun 20, 2024 | In the Linux kernel, the following vulnerability has been resolved: tipc: improve size validations for received domain records The function tipc_mon_rcv() allows a node to receive and process domain_record structs from peer nodes to track their views of the network topology. T | ||
| CVE-2021-47600 | — | < 3-150200.5.6.1 | 3-150200.5.6.1 | Jun 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: dm btree remove: fix use after free in rebalance_children() Move dm_tm_unlock() after dm_tm_dec(). | ||
| CVE-2021-47598 | — | < 3-150200.5.6.1 | 3-150200.5.6.1 | Jun 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: sch_cake: do not call cake_destroy() from cake_init() qdiscs are not supposed to call their own destroy() method from init(), because core stack already does that. syzbot was able to trigger use after free: D | ||
| CVE-2021-47583 | — | < 1-150200.5.3.1 | 1-150200.5.3.1 | Jun 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: media: mxl111sf: change mutex_init() location Syzbot reported, that mxl111sf_ctrl_msg() uses uninitialized mutex. The problem was in wrong mutex_init() location. Previous mutex_init(&state->msg_lock) call was | ||
| CVE-2024-38560 | Hig | 7.1 | < 1-150200.5.3.1 | 1-150200.5.3.1 | Jun 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: scsi: bfa: Ensure the copied buf is NUL terminated Currently, we allocate a nbytes-sized kernel buffer and copy nbytes from userspace to that buffer. Later, we use sscanf on this buffer but we don't ensure that | |
| CVE-2024-38559 | Med | 4.4 | < 1-150200.5.3.1 | 1-150200.5.3.1 | Jun 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: scsi: qedf: Ensure the copied buf is NUL terminated Currently, we allocate a count-sized kernel buffer and copy count from userspace to that buffer. Later, we use kstrtouint on this buffer but we don't ensure t | |
| CVE-2024-38545 | — | < 1-150200.5.3.1 | 1-150200.5.3.1 | Jun 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix UAF for cq async event The refcount of CQ is not protected by locks. When CQ asynchronous events and CQ destruction are concurrent, CQ may have been released, which will cause UAF. Use the xa_loc | ||
| CVE-2024-38541 | — | < 1-150200.5.3.1 | 1-150200.5.3.1 | Jun 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: of: module: add buffer overflow check in of_modalias() In of_modalias(), if the buffer happens to be too small even for the 1st snprintf() call, the len parameter will become negative and str parameter (if not | ||
| CVE-2024-36964 | — | < 1-150200.5.3.1 | 1-150200.5.3.1 | Jun 3, 2024 | In the Linux kernel, the following vulnerability has been resolved: fs/9p: only translate RWX permissions for plain 9P2000 Garbage in plain 9P2000's perm bits is allowed through, which causes it to be able to set (among others) the suid bit. This was presumably not the intent s | ||
| CVE-2024-36940 | Hig | 7.8 | < 1-150200.5.3.1 | 1-150200.5.3.1 | May 30, 2024 | In the Linux kernel, the following vulnerability has been resolved: pinctrl: core: delete incorrect free in pinctrl_enable() The "pctldev" struct is allocated in devm_pinctrl_register_and_init(). It's a devm_ managed pointer that is freed by devm_pinctrl_dev_release(), so freei | |
| CVE-2024-36904 | Hig | 7.8 | < 1-150200.5.3.1 | 1-150200.5.3.1 | May 30, 2024 | In the Linux kernel, the following vulnerability has been resolved: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). Anderson Nascimento reported a use-after-free splat in tcp_twsk_unique() with nice analysis. Since commit ec94c2696f0b ("tcp/dccp: avoid one atomic operat | |
| CVE-2024-36894 | Med | 5.6 | < 1-150200.5.3.1 | 1-150200.5.3.1 | May 30, 2024 | In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete FFS based applications can utilize the aio_cancel() callback to dequeue pending USB requests submitted to the UDC. There is a scenario | |
| CVE-2023-52881 | — | < 1-150200.5.3.1 | 1-150200.5.3.1 | May 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: tcp: do not accept ACK of bytes we never sent This patch is based on a detailed report and ideas from Yepeng Pan and Christian Rossow. ACK seq validation is currently following RFC 5961 5.2 guidelines: The | ||
| CVE-2021-47571 | — | < 1-150200.5.3.1 | 1-150200.5.3.1 | May 24, 2024 | In the Linux kernel, the following vulnerability has been resolved: staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect() The free_rtllib() function frees the "dev" pointer so there is use after free on the next line. Re-arrange things to avoid that. | ||
| CVE-2023-52752 | — | < 1-150200.5.3.1 | 1-150200.5.3.1 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() Skip SMB sessions that are being teared down (e.g. @ses->ses_status == SES_EXITING) in cifs_debug_data_proc_show() to avoid use-after-free in @ |
- CVE-2024-43861Aug 20, 2024affected < 4-150200.5.6.1fixed 4-150200.5.6.1
In the Linux kernel, the following vulnerability has been resolved: net: usb: qmi_wwan: fix memory leak for not ip packets Free the unused skb when not ip packets arrive.
- CVE-2024-41059Jul 29, 2024affected < 2-150200.5.6.1fixed 2-150200.5.6.1
In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix uninit-value in copy_name [syzbot reported] BUG: KMSAN: uninit-value in sized_strscpy+0xc4/0x160 sized_strscpy+0xc4/0x160 copy_name+0x2af/0x320 fs/hfsplus/xattr.c:411 hfsplus_listxattr+0x11e9/0x
- CVE-2021-4439Jun 20, 2024affected < 1-150200.5.3.1fixed 1-150200.5.3.1
In the Linux kernel, the following vulnerability has been resolved: isdn: cpai: check ctr->cnr to avoid array index out of bound The cmtp_add_connection() would add a cmtp session to a controller and run a kernel thread to process cmtp. __module_get(THIS_MODULE); session->ta
- CVE-2022-48771Jun 20, 2024affected < 1-150200.5.3.1fixed 1-150200.5.3.1
In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix stale file descriptors on failed usercopy A failing usercopy of the fence_rep object will lead to a stale entry in the file descriptor table as put_unused_fd() won't release it. This enables use
- CVE-2022-48760Jun 20, 2024affected < 1-150200.5.3.1fixed 1-150200.5.3.1
In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix hang in usb_kill_urb by adding memory barriers The syzbot fuzzer has identified a bug in which processes hang waiting for usb_kill_urb() to return. It turns out the issue is not unlinking the UR
- CVE-2022-48711Jun 20, 2024affected < 1-150200.5.3.1fixed 1-150200.5.3.1
In the Linux kernel, the following vulnerability has been resolved: tipc: improve size validations for received domain records The function tipc_mon_rcv() allows a node to receive and process domain_record structs from peer nodes to track their views of the network topology. T
- CVE-2021-47600Jun 19, 2024affected < 3-150200.5.6.1fixed 3-150200.5.6.1
In the Linux kernel, the following vulnerability has been resolved: dm btree remove: fix use after free in rebalance_children() Move dm_tm_unlock() after dm_tm_dec().
- CVE-2021-47598Jun 19, 2024affected < 3-150200.5.6.1fixed 3-150200.5.6.1
In the Linux kernel, the following vulnerability has been resolved: sch_cake: do not call cake_destroy() from cake_init() qdiscs are not supposed to call their own destroy() method from init(), because core stack already does that. syzbot was able to trigger use after free: D
- CVE-2021-47583Jun 19, 2024affected < 1-150200.5.3.1fixed 1-150200.5.3.1
In the Linux kernel, the following vulnerability has been resolved: media: mxl111sf: change mutex_init() location Syzbot reported, that mxl111sf_ctrl_msg() uses uninitialized mutex. The problem was in wrong mutex_init() location. Previous mutex_init(&state->msg_lock) call was
- affected < 1-150200.5.3.1fixed 1-150200.5.3.1
In the Linux kernel, the following vulnerability has been resolved: scsi: bfa: Ensure the copied buf is NUL terminated Currently, we allocate a nbytes-sized kernel buffer and copy nbytes from userspace to that buffer. Later, we use sscanf on this buffer but we don't ensure that
- affected < 1-150200.5.3.1fixed 1-150200.5.3.1
In the Linux kernel, the following vulnerability has been resolved: scsi: qedf: Ensure the copied buf is NUL terminated Currently, we allocate a count-sized kernel buffer and copy count from userspace to that buffer. Later, we use kstrtouint on this buffer but we don't ensure t
- CVE-2024-38545Jun 19, 2024affected < 1-150200.5.3.1fixed 1-150200.5.3.1
In the Linux kernel, the following vulnerability has been resolved: RDMA/hns: Fix UAF for cq async event The refcount of CQ is not protected by locks. When CQ asynchronous events and CQ destruction are concurrent, CQ may have been released, which will cause UAF. Use the xa_loc
- CVE-2024-38541Jun 19, 2024affected < 1-150200.5.3.1fixed 1-150200.5.3.1
In the Linux kernel, the following vulnerability has been resolved: of: module: add buffer overflow check in of_modalias() In of_modalias(), if the buffer happens to be too small even for the 1st snprintf() call, the len parameter will become negative and str parameter (if not
- CVE-2024-36964Jun 3, 2024affected < 1-150200.5.3.1fixed 1-150200.5.3.1
In the Linux kernel, the following vulnerability has been resolved: fs/9p: only translate RWX permissions for plain 9P2000 Garbage in plain 9P2000's perm bits is allowed through, which causes it to be able to set (among others) the suid bit. This was presumably not the intent s
- affected < 1-150200.5.3.1fixed 1-150200.5.3.1
In the Linux kernel, the following vulnerability has been resolved: pinctrl: core: delete incorrect free in pinctrl_enable() The "pctldev" struct is allocated in devm_pinctrl_register_and_init(). It's a devm_ managed pointer that is freed by devm_pinctrl_dev_release(), so freei
- affected < 1-150200.5.3.1fixed 1-150200.5.3.1
In the Linux kernel, the following vulnerability has been resolved: tcp: Use refcount_inc_not_zero() in tcp_twsk_unique(). Anderson Nascimento reported a use-after-free splat in tcp_twsk_unique() with nice analysis. Since commit ec94c2696f0b ("tcp/dccp: avoid one atomic operat
- affected < 1-150200.5.3.1fixed 1-150200.5.3.1
In the Linux kernel, the following vulnerability has been resolved: usb: gadget: f_fs: Fix race between aio_cancel() and AIO request complete FFS based applications can utilize the aio_cancel() callback to dequeue pending USB requests submitted to the UDC. There is a scenario
- CVE-2023-52881May 29, 2024affected < 1-150200.5.3.1fixed 1-150200.5.3.1
In the Linux kernel, the following vulnerability has been resolved: tcp: do not accept ACK of bytes we never sent This patch is based on a detailed report and ideas from Yepeng Pan and Christian Rossow. ACK seq validation is currently following RFC 5961 5.2 guidelines: The
- CVE-2021-47571May 24, 2024affected < 1-150200.5.3.1fixed 1-150200.5.3.1
In the Linux kernel, the following vulnerability has been resolved: staging: rtl8192e: Fix use after free in _rtl92e_pci_disconnect() The free_rtllib() function frees the "dev" pointer so there is use after free on the next line. Re-arrange things to avoid that.
- CVE-2023-52752May 21, 2024affected < 1-150200.5.3.1fixed 1-150200.5.3.1
In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() Skip SMB sessions that are being teared down (e.g. @ses->ses_status == SES_EXITING) in cifs_debug_data_proc_show() to avoid use-after-free in @
Page 1 of 3