VYPR

rpm package

suse/kernel-livepatch-SLE15-SP3_Update_43&distro=SUSE Linux Enterprise Live Patching 15 SP3

pkg:rpm/suse/kernel-livepatch-SLE15-SP3_Update_43&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP3

Vulnerabilities (192)

  • CVE-2021-47058Feb 29, 2024
    affected < 1-150300.7.3.5fixed 1-150300.7.3.5

    In the Linux kernel, the following vulnerability has been resolved: regmap: set debugfs_name to NULL after it is freed There is a upstream commit cffa4b2122f5("regmap:debugfs: Fix a memory leak when calling regmap_attach_dev") that adds a if condition when create name for debug

  • CVE-2021-47056Feb 29, 2024
    affected < 1-150300.7.3.5fixed 1-150300.7.3.5

    In the Linux kernel, the following vulnerability has been resolved: crypto: qat - ADF_STATUS_PF_RUNNING should be set after adf_dev_init ADF_STATUS_PF_RUNNING is (only) used and checked by adf_vf2pf_shutdown() before calling adf_iov_putmsg()->mutex_lock(vf2pf_lock), however the

  • CVE-2021-47055Feb 29, 2024
    affected < 1-150300.7.3.5fixed 1-150300.7.3.5

    In the Linux kernel, the following vulnerability has been resolved: mtd: require write permissions for locking and badblock ioctls MEMLOCK, MEMUNLOCK and OTPLOCK modify protection bits. Thus require write permission. Depending on the hardware MEMLOCK might even be write-once, e

  • CVE-2021-47020Feb 29, 2024
    affected < 1-150300.7.3.5fixed 1-150300.7.3.5

    In the Linux kernel, the following vulnerability has been resolved: soundwire: stream: fix memory leak in stream config error path When stream config is failed, master runtime will release all slave runtime in the slave_rt_list, but slave runtime is not added to the list at thi

  • CVE-2021-46959Feb 29, 2024
    affected < 1-150300.7.3.5fixed 1-150300.7.3.5

    In the Linux kernel, the following vulnerability has been resolved: spi: Fix use-after-free with devm_spi_alloc_* We can't rely on the contents of the devres list during spi_unregister_controller(), as the list is already torn down at the time we perform devres_find() for devm_

  • CVE-2024-26614Feb 29, 2024
    affected < 1-150300.7.3.5fixed 1-150300.7.3.5

    In the Linux kernel, the following vulnerability has been resolved: tcp: make sure init the accept_queue's spinlocks once When I run syz's reproduction C program locally, it causes the following issue: pvqspinlock: lock 0xffff9d181cd5c660 has corrupted value 0x0! WARNING: CPU:

  • CVE-2024-26610Feb 29, 2024
    affected < 2-150300.7.6.1fixed 2-150300.7.6.1

    In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: fix a memory corruption iwl_fw_ini_trigger_tlv::data is a pointer to a __le32, which means that if we copy to iwl_fw_ini_trigger_tlv::data + offset while offset is in bytes, we'll write past the

  • CVE-2023-52492Feb 29, 2024
    affected < 1-150300.7.3.5fixed 1-150300.7.3.5

    In the Linux kernel, the following vulnerability has been resolved: dmaengine: fix NULL pointer in channel unregistration function __dma_async_device_channel_register() can fail. In case of failure, chan->local is freed (with free_percpu()), and chan->local is nullified. When d

  • CVE-2023-52477Feb 29, 2024
    affected < 1-150300.7.3.5fixed 1-150300.7.3.5

    In the Linux kernel, the following vulnerability has been resolved: usb: hub: Guard against accesses to uninitialized BOS descriptors Many functions in drivers/usb/core/hub.c and drivers/usb/core/hub.h access fields inside udev->bos without checking if it was allocated and init

  • CVE-2023-52476Feb 29, 2024
    affected < 1-150300.7.3.5fixed 1-150300.7.3.5

    In the Linux kernel, the following vulnerability has been resolved: perf/x86/lbr: Filter vsyscall addresses We found that a panic can occur when a vsyscall is made while LBR sampling is active. If the vsyscall is interrupted (NMI) for perf sampling, this call sequence can occur

  • CVE-2021-47051Feb 28, 2024
    affected < 1-150300.7.3.5fixed 1-150300.7.3.5

    In the Linux kernel, the following vulnerability has been resolved: spi: fsl-lpspi: Fix PM reference leak in lpspi_prepare_xfer_hardware() pm_runtime_get_sync will increment pm usage counter even it failed. Forgetting to putting operation will result in reference leak here. Fix

  • CVE-2021-47049Feb 28, 2024
    affected < 1-150300.7.3.5fixed 1-150300.7.3.5

    In the Linux kernel, the following vulnerability has been resolved: Drivers: hv: vmbus: Use after free in __vmbus_open() The "open_info" variable is added to the &vmbus_connection.chn_msg_list, but the error handling frees "open_info" without removing it from the list. This wi

  • CVE-2021-47046Feb 28, 2024
    affected < 1-150300.7.3.5fixed 1-150300.7.3.5

    In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix off by one in hdmi_14_process_transaction() The hdcp_i2c_offsets[] array did not have an entry for HDCP_MESSAGE_ID_WRITE_CONTENT_STREAM_TYPE so it led to an off by one read overflow. I add

  • CVE-2021-47045Feb 28, 2024
    affected < 1-150300.7.3.5fixed 1-150300.7.3.5

    In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix null pointer dereference in lpfc_prep_els_iocb() It is possible to call lpfc_issue_els_plogi() passing a did for which no matching ndlp is found. A call is then made to lpfc_prep_els_iocb() with

  • CVE-2021-47044Feb 28, 2024
    affected < 1-150300.7.3.5fixed 1-150300.7.3.5

    In the Linux kernel, the following vulnerability has been resolved: sched/fair: Fix shift-out-of-bounds in load_balance() Syzbot reported a handful of occurrences where an sd->nr_balance_failed can grow to much higher values than one would expect. A successful load_balance() r

  • CVE-2021-47038Feb 28, 2024
    affected < 1-150300.7.3.5fixed 1-150300.7.3.5

    In the Linux kernel, the following vulnerability has been resolved: Bluetooth: avoid deadlock between hci_dev->lock and socket lock Commit eab2404ba798 ("Bluetooth: Add BT_PHY socket option") added a dependency between socket lock and hci_dev->lock that could lead to deadlock.

  • CVE-2021-47035Feb 28, 2024
    affected < 1-150300.7.3.5fixed 1-150300.7.3.5

    In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Remove WO permissions on second-level paging entries When the first level page table is used for IOVA translation, it only supports Read-Only and Read-Write permissions. The Write-Only permission is

  • CVE-2021-47034Feb 28, 2024
    affected < 1-150300.7.3.5fixed 1-150300.7.3.5

    In the Linux kernel, the following vulnerability has been resolved: powerpc/64s: Fix pte update for kernel memory on radix When adding a PTE a ptesync is needed to order the update of the PTE with subsequent accesses otherwise a spurious fault may be raised. radix__set_pte_at(

  • CVE-2021-47026Feb 28, 2024
    affected < 1-150300.7.3.5fixed 1-150300.7.3.5

    In the Linux kernel, the following vulnerability has been resolved: RDMA/rtrs-clt: destroy sysfs after removing session from active list A session can be removed dynamically by sysfs interface "remove_path" that eventually calls rtrs_clt_remove_path_from_sysfs function. The cu

  • CVE-2021-47017Feb 28, 2024
    affected < 1-150300.7.3.5fixed 1-150300.7.3.5

    In the Linux kernel, the following vulnerability has been resolved: ath10k: Fix a use after free in ath10k_htc_send_bundle In ath10k_htc_send_bundle, the bundle_skb could be freed by dev_kfree_skb_any(bundle_skb). But the bundle_skb is used later by bundle_skb->len. As skb_len

Page 6 of 10