VYPR

rpm package

suse/kernel-livepatch-SLE15-SP3_Update_42&distro=SUSE Linux Enterprise Live Patching 15 SP3

pkg:rpm/suse/kernel-livepatch-SLE15-SP3_Update_42&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP3

Vulnerabilities (108)

  • CVE-2024-26622Mar 4, 2024
    affected < 1-150300.7.3.2fixed 1-150300.7.3.2

    In the Linux kernel, the following vulnerability has been resolved: tomoyo: fix UAF write bug in tomoyo_write_control() Since tomoyo_write_control() updates head->write_buf when write() of long lines is requested, we need to fetch head->write_buf after head->io_sem is held. Ot

  • CVE-2023-52574Mar 2, 2024
    affected < 1-150300.7.3.2fixed 1-150300.7.3.2

    In the Linux kernel, the following vulnerability has been resolved: team: fix null-ptr-deref when team device type is changed Get a null-ptr-deref bug as follows with reproducer [1]. BUG: kernel NULL pointer dereference, address: 0000000000000228 ... RIP: 0010:vlan_dev_hard_he

  • CVE-2023-52569Mar 2, 2024
    affected < 1-150300.7.3.2fixed 1-150300.7.3.2

    In the Linux kernel, the following vulnerability has been resolved: btrfs: remove BUG() after failure to insert delayed dir index item Instead of calling BUG() when we fail to insert a delayed dir index item into the delayed node's tree, we can just release all the resources we

  • CVE-2023-52532Mar 2, 2024
    affected < 1-150300.7.3.2fixed 1-150300.7.3.2

    In the Linux kernel, the following vulnerability has been resolved: net: mana: Fix TX CQE error handling For an unknown TX CQE error type (probably from a newer hardware), still free the SKB, update the queue tail, etc., otherwise the accounting will be wrong. Also, TX errors

  • CVE-2023-52531Mar 2, 2024
    affected < 1-150300.7.3.2fixed 1-150300.7.3.2

    In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: Fix a memory corruption issue A few lines above, space is kzalloc()'ed for: sizeof(struct iwl_nvm_data) + sizeof(struct ieee80211_channel) + sizeof(struct ieee80211_rate) 'mvm->nvm_data'

  • CVE-2023-52530Mar 2, 2024
    affected < 1-150300.7.3.2fixed 1-150300.7.3.2

    In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix potential key use-after-free When ieee80211_key_link() is called by ieee80211_gtk_rekey_add() but returns 0 due to KRACK protection (identical key reinstall), ieee80211_gtk_rekey_add() will

  • CVE-2023-52502Mar 2, 2024
    affected < 1-150300.7.3.2fixed 1-150300.7.3.2

    In the Linux kernel, the following vulnerability has been resolved: net: nfc: fix races in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn() Sili Luo reported a race in nfc_llcp_sock_get(), leading to UAF. Getting a reference on the socket found in a lookup while holding a lock s

  • CVE-2022-48627Mar 2, 2024
    affected < 1-150300.7.3.2fixed 1-150300.7.3.2

    In the Linux kernel, the following vulnerability has been resolved: vt: fix memory overlapping when deleting chars in the buffer A memory overlapping copy occurs when deleting a long line. This memory overlapping copy can cause data corruption when scr_memcpyw is optimized to m

  • CVE-2021-47078Mar 1, 2024
    affected < 1-150300.7.3.2fixed 1-150300.7.3.2

    In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Clear all QP fields if creation failed rxe_qp_do_cleanup() relies on valid pointer values in QP for the properly created ones, but in case rxe_qp_from_init() failed it was filled with garbage and caus

  • CVE-2021-47076Mar 1, 2024
    affected < 1-150300.7.3.2fixed 1-150300.7.3.2

    In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Return CQE error if invalid lkey was supplied RXE is missing update of WQE status in LOCAL_WRITE failures. This caused the following kernel panic if someone sent an atomic operation with an explicitl

  • CVE-2021-47069Mar 1, 2024
    affected < 1-150300.7.3.2fixed 1-150300.7.3.2

    In the Linux kernel, the following vulnerability has been resolved: ipc/mqueue, msg, sem: avoid relying on a stack reference past its expiry do_mq_timedreceive calls wq_sleep with a stack local address. The sender (do_mq_timedsend) uses this address to later call pipelined_sen

  • CVE-2021-47061Feb 29, 2024
    affected < 1-150300.7.3.2fixed 1-150300.7.3.2

    In the Linux kernel, the following vulnerability has been resolved: KVM: Destroy I/O bus devices on unregister failure _after_ sync'ing SRCU If allocating a new instance of an I/O bus fails when unregistering a device, wait to destroy the device until after all readers are guar

  • CVE-2021-47060Feb 29, 2024
    affected < 1-150300.7.3.2fixed 1-150300.7.3.2

    In the Linux kernel, the following vulnerability has been resolved: KVM: Stop looking for coalesced MMIO zones if the bus is destroyed Abort the walk of coalesced MMIO zones if kvm_io_bus_unregister_dev() fails to allocate memory for the new instance of the bus. If it can't in

  • CVE-2021-47054Feb 29, 2024
    affected < 1-150300.7.3.2fixed 1-150300.7.3.2

    In the Linux kernel, the following vulnerability has been resolved: bus: qcom: Put child node before return Put child node before return to fix potential reference count leak. Generally, the reference count of child is incremented and decremented automatically in the macro for_

  • CVE-2024-26610Feb 29, 2024
    affected < 3-150300.7.6.1fixed 3-150300.7.6.1

    In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: fix a memory corruption iwl_fw_ini_trigger_tlv::data is a pointer to a __le32, which means that if we copy to iwl_fw_ini_trigger_tlv::data + offset while offset is in bytes, we'll write past the

  • CVE-2024-26607Feb 29, 2024
    affected < 1-150300.7.3.2fixed 1-150300.7.3.2

    In the Linux kernel, the following vulnerability has been resolved: drm/bridge: sii902x: Fix probing race issue A null pointer dereference crash has been observed rarely on TI platforms using sii9022 bridge: [ 53.271356] sii902x_get_edid+0x34/0x70 [sii902x] [ 53.276066]

  • CVE-2023-52482Feb 29, 2024
    affected < 1-150300.7.3.2fixed 1-150300.7.3.2

    In the Linux kernel, the following vulnerability has been resolved: x86/srso: Add SRSO mitigation for Hygon processors Add mitigation for the speculative return stack overflow vulnerability which exists on Hygon processors too.

  • CVE-2023-52478Feb 29, 2024
    affected < 1-150300.7.3.2fixed 1-150300.7.3.2

    In the Linux kernel, the following vulnerability has been resolved: HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect hidpp_connect_event() has *four* time-of-check vs time-of-use (TOCTOU) races when it races with itself. hidpp_connect_event() primarily runs fro

  • CVE-2023-52475Feb 29, 2024
    affected < 1-150300.7.3.2fixed 1-150300.7.3.2

    In the Linux kernel, the following vulnerability has been resolved: Input: powermate - fix use-after-free in powermate_config_complete syzbot has found a use-after-free bug [1] in the powermate driver. This happens when the device is disconnected, which leads to a memory free f

  • CVE-2021-47013Feb 28, 2024
    affected < 1-150300.7.3.2fixed 1-150300.7.3.2

    In the Linux kernel, the following vulnerability has been resolved: net:emac/emac-mac: Fix a use after free in emac_mac_tx_buf_send In emac_mac_tx_buf_send, it calls emac_tx_fill_tpd(..,skb,..). If some error happens in emac_tx_fill_tpd(), the skb will be freed via dev_kfree_sk

Page 3 of 6