rpm package
suse/kernel-livepatch-SLE15-SP3_Update_43&distro=SUSE Linux Enterprise Live Patching 15 SP3
pkg:rpm/suse/kernel-livepatch-SLE15-SP3_Update_43&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP3
Vulnerabilities (192)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-47142 | — | < 1-150300.7.3.5 | 1-150300.7.3.5 | Mar 25, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix a use-after-free looks like we forget to set ttm->sg to NULL. Hit panic below [ 1235.844104] general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b7b4b: 0000 [#1] SMP DEBUG | ||
| CVE-2021-47141 | — | < 1-150300.7.3.5 | 1-150300.7.3.5 | Mar 25, 2024 | In the Linux kernel, the following vulnerability has been resolved: gve: Add NULL pointer checks when freeing irqs. When freeing notification blocks, we index priv->msix_vectors. If we failed to allocate priv->msix_vectors (see abort_with_msix_vectors) this could lead to a NULL | ||
| CVE-2021-47139 | — | < 1-150300.7.3.5 | 1-150300.7.3.5 | Mar 25, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: hns3: put off calling register_netdev() until client initialize complete Currently, the netdevice is registered before client initializing complete. So there is a timewindow between netdevice available and | ||
| CVE-2021-47138 | — | < 1-150300.7.3.5 | 1-150300.7.3.5 | Mar 25, 2024 | In the Linux kernel, the following vulnerability has been resolved: cxgb4: avoid accessing registers when clearing filters Hardware register having the server TID base can contain invalid values when adapter is in bad state (for example, due to AER fatal error). Reading these i | ||
| CVE-2021-47137 | — | < 1-150300.7.3.5 | 1-150300.7.3.5 | Mar 25, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: lantiq: fix memory corruption in RX ring In a situation where memory allocation or dma mapping fails, an invalid address is programmed into the descriptor. This can lead to memory corruption. If the memory | ||
| CVE-2021-47136 | — | < 1-150300.7.3.5 | 1-150300.7.3.5 | Mar 25, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: zero-initialize tc skb extension on allocation Function skb_ext_add() doesn't initialize created skb extension with any value and leaves it up to the user. However, since extension of type TC_SKB_EXT origi | ||
| CVE-2024-26642 | Med | 5.5 | < 1-150300.7.3.5 | 1-150300.7.3.5 | Mar 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: disallow anonymous set with timeout flag Anonymous sets are never used with timeout from userspace, reject this. Exception to this rule is NFT_SET_EVAL to ensure legacy meters still work. | |
| CVE-2021-47130 | — | < 1-150300.7.3.5 | 1-150300.7.3.5 | Mar 15, 2024 | In the Linux kernel, the following vulnerability has been resolved: nvmet: fix freeing unallocated p2pmem In case p2p device was found but the p2p pool is empty, the nvme target is still trying to free the sgl from the p2p pool instead of the regular sgl pool and causing a cras | ||
| CVE-2021-47120 | — | < 1-150300.7.3.5 | 1-150300.7.3.5 | Mar 15, 2024 | In the Linux kernel, the following vulnerability has been resolved: HID: magicmouse: fix NULL-deref on disconnect Commit 9d7b18668956 ("HID: magicmouse: add support for Apple Magic Trackpad 2") added a sanity check for an Apple trackpad but returned success instead of -ENODEV w | ||
| CVE-2021-47119 | — | < 1-150300.7.3.5 | 1-150300.7.3.5 | Mar 15, 2024 | In the Linux kernel, the following vulnerability has been resolved: ext4: fix memory leak in ext4_fill_super Buffer head references must be released before calling kill_bdev(); otherwise the buffer head (and its page referenced by b_data) will not be freed by kill_bdev, and sub | ||
| CVE-2021-47118 | — | < 1-150300.7.3.5 | 1-150300.7.3.5 | Mar 15, 2024 | In the Linux kernel, the following vulnerability has been resolved: pid: take a reference when initializing `cad_pid` During boot, kernel_init_freeable() initializes `cad_pid` to the init task's struct pid. Later on, we may change `cad_pid` via a sysctl, and when this happens | ||
| CVE-2021-47117 | — | < 1-150300.7.3.5 | 1-150300.7.3.5 | Mar 15, 2024 | In the Linux kernel, the following vulnerability has been resolved: ext4: fix bug on in ext4_es_cache_extent as ext4_split_extent_at failed We got follow bug_on when run fsstress with injecting IO fault: [130747.323114] kernel BUG at fs/ext4/extents_status.c:762! [130747.323117 | ||
| CVE-2021-47114 | — | < 1-150300.7.3.5 | 1-150300.7.3.5 | Mar 15, 2024 | In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix data corruption by fallocate When fallocate punches holes out of inode size, if original isize is in the middle of last cluster, then the part from isize to the end of the cluster will be zeroed with | ||
| CVE-2021-47112 | — | < 1-150300.7.3.5 | 1-150300.7.3.5 | Mar 15, 2024 | In the Linux kernel, the following vulnerability has been resolved: x86/kvm: Teardown PV features on boot CPU as well Various PV features (Async PF, PV EOI, steal time) work through memory shared with hypervisor and when we restore from hibernation we must properly teardown all | ||
| CVE-2021-47110 | — | < 1-150300.7.3.5 | 1-150300.7.3.5 | Mar 15, 2024 | In the Linux kernel, the following vulnerability has been resolved: x86/kvm: Disable kvmclock on all CPUs on shutdown Currenly, we disable kvmclock from machine_shutdown() hook and this only happens for boot CPU. We need to disable it for all CPUs to guard against memory corrup | ||
| CVE-2021-47109 | — | < 1-150300.7.3.5 | 1-150300.7.3.5 | Mar 15, 2024 | In the Linux kernel, the following vulnerability has been resolved: neighbour: allow NUD_NOARP entries to be forced GCed IFF_POINTOPOINT interfaces use NUD_NOARP entries for IPv6. It's possible to fill up the neighbour table with enough entries that it will overflow for valid c | ||
| CVE-2023-28746 | Med | 6.5 | < 1-150300.7.3.5 | 1-150300.7.3.5 | Mar 14, 2024 | Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access. | |
| CVE-2023-52607 | — | < 1-150300.7.3.5 | 1-150300.7.3.5 | Mar 6, 2024 | In the Linux kernel, the following vulnerability has been resolved: powerpc/mm: Fix null-pointer dereference in pgtable_cache_add kasprintf() returns a pointer to dynamically allocated memory which can be NULL upon failure. Ensure the allocation was successful by checking the p | ||
| CVE-2023-52591 | — | < 1-150300.7.3.5 | 1-150300.7.3.5 | Mar 6, 2024 | In the Linux kernel, the following vulnerability has been resolved: reiserfs: Avoid touching renamed directory if parent does not change The VFS will not be locking moved directory if its parent does not change. Change reiserfs rename code to avoid touching renamed directory if | ||
| CVE-2023-52590 | — | < 1-150300.7.3.5 | 1-150300.7.3.5 | Mar 6, 2024 | In the Linux kernel, the following vulnerability has been resolved: ocfs2: Avoid touching renamed directory if parent does not change The VFS will not be locking moved directory if its parent does not change. Change ocfs2 rename code to avoid touching renamed directory if its p |
- CVE-2021-47142Mar 25, 2024affected < 1-150300.7.3.5fixed 1-150300.7.3.5
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: Fix a use-after-free looks like we forget to set ttm->sg to NULL. Hit panic below [ 1235.844104] general protection fault, probably for non-canonical address 0x6b6b6b6b6b6b7b4b: 0000 [#1] SMP DEBUG
- CVE-2021-47141Mar 25, 2024affected < 1-150300.7.3.5fixed 1-150300.7.3.5
In the Linux kernel, the following vulnerability has been resolved: gve: Add NULL pointer checks when freeing irqs. When freeing notification blocks, we index priv->msix_vectors. If we failed to allocate priv->msix_vectors (see abort_with_msix_vectors) this could lead to a NULL
- CVE-2021-47139Mar 25, 2024affected < 1-150300.7.3.5fixed 1-150300.7.3.5
In the Linux kernel, the following vulnerability has been resolved: net: hns3: put off calling register_netdev() until client initialize complete Currently, the netdevice is registered before client initializing complete. So there is a timewindow between netdevice available and
- CVE-2021-47138Mar 25, 2024affected < 1-150300.7.3.5fixed 1-150300.7.3.5
In the Linux kernel, the following vulnerability has been resolved: cxgb4: avoid accessing registers when clearing filters Hardware register having the server TID base can contain invalid values when adapter is in bad state (for example, due to AER fatal error). Reading these i
- CVE-2021-47137Mar 25, 2024affected < 1-150300.7.3.5fixed 1-150300.7.3.5
In the Linux kernel, the following vulnerability has been resolved: net: lantiq: fix memory corruption in RX ring In a situation where memory allocation or dma mapping fails, an invalid address is programmed into the descriptor. This can lead to memory corruption. If the memory
- CVE-2021-47136Mar 25, 2024affected < 1-150300.7.3.5fixed 1-150300.7.3.5
In the Linux kernel, the following vulnerability has been resolved: net: zero-initialize tc skb extension on allocation Function skb_ext_add() doesn't initialize created skb extension with any value and leaves it up to the user. However, since extension of type TC_SKB_EXT origi
- affected < 1-150300.7.3.5fixed 1-150300.7.3.5
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: disallow anonymous set with timeout flag Anonymous sets are never used with timeout from userspace, reject this. Exception to this rule is NFT_SET_EVAL to ensure legacy meters still work.
- CVE-2021-47130Mar 15, 2024affected < 1-150300.7.3.5fixed 1-150300.7.3.5
In the Linux kernel, the following vulnerability has been resolved: nvmet: fix freeing unallocated p2pmem In case p2p device was found but the p2p pool is empty, the nvme target is still trying to free the sgl from the p2p pool instead of the regular sgl pool and causing a cras
- CVE-2021-47120Mar 15, 2024affected < 1-150300.7.3.5fixed 1-150300.7.3.5
In the Linux kernel, the following vulnerability has been resolved: HID: magicmouse: fix NULL-deref on disconnect Commit 9d7b18668956 ("HID: magicmouse: add support for Apple Magic Trackpad 2") added a sanity check for an Apple trackpad but returned success instead of -ENODEV w
- CVE-2021-47119Mar 15, 2024affected < 1-150300.7.3.5fixed 1-150300.7.3.5
In the Linux kernel, the following vulnerability has been resolved: ext4: fix memory leak in ext4_fill_super Buffer head references must be released before calling kill_bdev(); otherwise the buffer head (and its page referenced by b_data) will not be freed by kill_bdev, and sub
- CVE-2021-47118Mar 15, 2024affected < 1-150300.7.3.5fixed 1-150300.7.3.5
In the Linux kernel, the following vulnerability has been resolved: pid: take a reference when initializing `cad_pid` During boot, kernel_init_freeable() initializes `cad_pid` to the init task's struct pid. Later on, we may change `cad_pid` via a sysctl, and when this happens
- CVE-2021-47117Mar 15, 2024affected < 1-150300.7.3.5fixed 1-150300.7.3.5
In the Linux kernel, the following vulnerability has been resolved: ext4: fix bug on in ext4_es_cache_extent as ext4_split_extent_at failed We got follow bug_on when run fsstress with injecting IO fault: [130747.323114] kernel BUG at fs/ext4/extents_status.c:762! [130747.323117
- CVE-2021-47114Mar 15, 2024affected < 1-150300.7.3.5fixed 1-150300.7.3.5
In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix data corruption by fallocate When fallocate punches holes out of inode size, if original isize is in the middle of last cluster, then the part from isize to the end of the cluster will be zeroed with
- CVE-2021-47112Mar 15, 2024affected < 1-150300.7.3.5fixed 1-150300.7.3.5
In the Linux kernel, the following vulnerability has been resolved: x86/kvm: Teardown PV features on boot CPU as well Various PV features (Async PF, PV EOI, steal time) work through memory shared with hypervisor and when we restore from hibernation we must properly teardown all
- CVE-2021-47110Mar 15, 2024affected < 1-150300.7.3.5fixed 1-150300.7.3.5
In the Linux kernel, the following vulnerability has been resolved: x86/kvm: Disable kvmclock on all CPUs on shutdown Currenly, we disable kvmclock from machine_shutdown() hook and this only happens for boot CPU. We need to disable it for all CPUs to guard against memory corrup
- CVE-2021-47109Mar 15, 2024affected < 1-150300.7.3.5fixed 1-150300.7.3.5
In the Linux kernel, the following vulnerability has been resolved: neighbour: allow NUD_NOARP entries to be forced GCed IFF_POINTOPOINT interfaces use NUD_NOARP entries for IPv6. It's possible to fill up the neighbour table with enough entries that it will overflow for valid c
- affected < 1-150300.7.3.5fixed 1-150300.7.3.5
Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.
- CVE-2023-52607Mar 6, 2024affected < 1-150300.7.3.5fixed 1-150300.7.3.5
In the Linux kernel, the following vulnerability has been resolved: powerpc/mm: Fix null-pointer dereference in pgtable_cache_add kasprintf() returns a pointer to dynamically allocated memory which can be NULL upon failure. Ensure the allocation was successful by checking the p
- CVE-2023-52591Mar 6, 2024affected < 1-150300.7.3.5fixed 1-150300.7.3.5
In the Linux kernel, the following vulnerability has been resolved: reiserfs: Avoid touching renamed directory if parent does not change The VFS will not be locking moved directory if its parent does not change. Change reiserfs rename code to avoid touching renamed directory if
- CVE-2023-52590Mar 6, 2024affected < 1-150300.7.3.5fixed 1-150300.7.3.5
In the Linux kernel, the following vulnerability has been resolved: ocfs2: Avoid touching renamed directory if parent does not change The VFS will not be locking moved directory if its parent does not change. Change ocfs2 rename code to avoid touching renamed directory if its p
Page 4 of 10