VYPR

rpm package

suse/kernel-livepatch-SLE15-SP3_Update_44&distro=SUSE Linux Enterprise Live Patching 15 SP3

pkg:rpm/suse/kernel-livepatch-SLE15-SP3_Update_44&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP3

Vulnerabilities (107)

  • CVE-2021-47206Apr 10, 2024
    affected < 1-150300.7.3.1fixed 1-150300.7.3.1

    In the Linux kernel, the following vulnerability has been resolved: usb: host: ohci-tmio: check return value after calling platform_get_resource() It will cause null-ptr-deref if platform_get_resource() returns NULL, we need check the return value.

  • CVE-2021-47203Apr 10, 2024
    affected < 1-150300.7.3.1fixed 1-150300.7.3.1

    In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix list_add() corruption in lpfc_drain_txq() When parsing the txq list in lpfc_drain_txq(), the driver attempts to pass the requests to the adapter. If such an attempt fails, a local "fail_msg" str

  • CVE-2021-47202Apr 10, 2024
    affected < 1-150300.7.3.1fixed 1-150300.7.3.1

    In the Linux kernel, the following vulnerability has been resolved: thermal: Fix NULL pointer dereferences in of_thermal_ functions of_parse_thermal_zones() parses the thermal-zones node and registers a thermal_zone device for each subnode. However, if a thermal zone is consumi

  • CVE-2021-47201Apr 10, 2024
    affected < 1-150300.7.3.1fixed 1-150300.7.3.1

    In the Linux kernel, the following vulnerability has been resolved: iavf: free q_vectors before queues in iavf_disable_vf iavf_free_queues() clears adapter->num_active_queues, which iavf_free_q_vectors() relies on, so swap the order of these two function calls in iavf_disable_v

  • CVE-2021-47198Apr 10, 2024
    affected < 1-150300.7.3.1fixed 1-150300.7.3.1

    In the Linux kernel, the following vulnerability has been resolved: scsi: lpfc: Fix use-after-free in lpfc_unreg_rpi() routine An error is detected with the following report when unloading the driver: "KASAN: use-after-free in lpfc_unreg_rpi+0x1b1b" The NLP_REG_LOGIN_SEND nl

  • CVE-2021-47194Apr 10, 2024
    affected < 1-150300.7.3.1fixed 1-150300.7.3.1

    In the Linux kernel, the following vulnerability has been resolved: cfg80211: call cfg80211_stop_ap when switch from P2P_GO type If the userspace tools switch from NL80211_IFTYPE_P2P_GO to NL80211_IFTYPE_ADHOC via send_msg(NL80211_CMD_SET_INTERFACE), it does not call the cleanu

  • CVE-2021-47185Apr 10, 2024
    affected < 1-150300.7.3.1fixed 1-150300.7.3.1

    In the Linux kernel, the following vulnerability has been resolved: tty: tty_buffer: Fix the softlockup issue in flush_to_ldisc When running ltp testcase(ltp/testcases/kernel/pty/pty04.c) with arm64, there is a soft lockup, which look like this one: Workqueue: events_unbound

  • CVE-2021-47184Apr 10, 2024
    affected < 1-150300.7.3.1fixed 1-150300.7.3.1

    In the Linux kernel, the following vulnerability has been resolved: i40e: Fix NULL ptr dereference on VSI filter sync Remove the reason of null pointer dereference in sync VSI filters. Added new I40E_VSI_RELEASING flag to signalize deleting and releasing of VSI resources to syn

  • CVE-2024-26816MedApr 10, 2024
    affected < 1-150300.7.3.1fixed 1-150300.7.3.1

    In the Linux kernel, the following vulnerability has been resolved: x86, relocs: Ignore relocations in .notes section When building with CONFIG_XEN_PV=y, .text symbols are emitted into the .notes section so that Xen can find the "startup_xen" entry point. This information is us

  • CVE-2024-26744Apr 3, 2024
    affected < 1-150300.7.3.1fixed 1-150300.7.3.1

    In the Linux kernel, the following vulnerability has been resolved: RDMA/srpt: Support specifying the srpt_service_guid parameter Make loading ib_srpt with this parameter set work. The current behavior is that setting that parameter while loading the ib_srpt kernel module trigg

  • CVE-2024-26739Apr 3, 2024
    affected < 1-150300.7.3.1fixed 1-150300.7.3.1

    In the Linux kernel, the following vulnerability has been resolved: net/sched: act_mirred: don't override retval if we already lost the skb If we're redirecting the skb, and haven't called tcf_mirred_forward(), yet, we need to tell the core to drop the skb by setting the retcod

  • CVE-2024-26733Apr 3, 2024
    affected < 1-150300.7.3.1fixed 1-150300.7.3.1

    In the Linux kernel, the following vulnerability has been resolved: arp: Prevent overflow in arp_req_get(). syzkaller reported an overflown write in arp_req_get(). [0] When ioctl(SIOCGARP) is issued, arp_req_get() looks up an neighbour entry and copies neigh->ha to struct arpr

  • CVE-2024-26689Apr 3, 2024
    affected < 1-150300.7.3.1fixed 1-150300.7.3.1

    In the Linux kernel, the following vulnerability has been resolved: ceph: prevent use-after-free in encode_cap_msg() In fs/ceph/caps.c, in encode_cap_msg(), "use after free" error was caught by KASAN at this line - 'ceph_buffer_get(arg->xattr_buf);'. This implies before the ref

  • CVE-2024-26688Apr 3, 2024
    affected < 1-150300.7.3.1fixed 1-150300.7.3.1

    In the Linux kernel, the following vulnerability has been resolved: fs,hugetlb: fix NULL pointer dereference in hugetlbs_fill_super When configuring a hugetlb filesystem via the fsconfig() syscall, there is a possible NULL dereference in hugetlbfs_fill_super() caused by assigni

  • CVE-2021-47131Mar 15, 2024
    affected < 1-150300.7.3.1fixed 1-150300.7.3.1

    In the Linux kernel, the following vulnerability has been resolved: net/tls: Fix use-after-free after the TLS device goes down and up When a netdev with active TLS offload goes down, tls_device_down is called to stop the offload and tear down the TLS context. However, the socke

  • CVE-2021-47113Mar 15, 2024
    affected < 1-150300.7.3.1fixed 1-150300.7.3.1

    In the Linux kernel, the following vulnerability has been resolved: btrfs: abort in rename_exchange if we fail to insert the second ref Error injection stress uncovered a problem where we'd leave a dangling inode ref if we failed during a rename_exchange. This happens because

  • CVE-2021-47074Mar 1, 2024
    affected < 1-150300.7.3.1fixed 1-150300.7.3.1

    In the Linux kernel, the following vulnerability has been resolved: nvme-loop: fix memory leak in nvme_loop_create_ctrl() When creating loop ctrl in nvme_loop_create_ctrl(), if nvme_init_ctrl() fails, the loop ctrl should be freed before jumping to the "out" label.

  • CVE-2024-26610Feb 29, 2024
    affected < 1-150300.7.3.1fixed 1-150300.7.3.1

    In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: fix a memory corruption iwl_fw_ini_trigger_tlv::data is a pointer to a __le32, which means that if we copy to iwl_fw_ini_trigger_tlv::data + offset while offset is in bytes, we'll write past the

  • CVE-2021-47041Feb 28, 2024
    affected < 1-150300.7.3.1fixed 1-150300.7.3.1

    In the Linux kernel, the following vulnerability has been resolved: nvmet-tcp: fix incorrect locking in state_change sk callback We are not changing anything in the TCP connection state so we should not take a write_lock but rather a read lock. This caused a deadlock when runn

  • CVE-2021-46955Feb 27, 2024
    affected < 1-150300.7.3.1fixed 1-150300.7.3.1

    In the Linux kernel, the following vulnerability has been resolved: openvswitch: fix stack OOB read while fragmenting IPv4 packets running openvswitch on kernels built with KASAN, it's possible to see the following splat while testing fragmentation of IPv4 packets: BUG: KASAN

Page 5 of 6