VYPR

rpm package

suse/kernel-livepatch-SLE15-SP3_Update_51&distro=SUSE Linux Enterprise Live Patching 15 SP3

pkg:rpm/suse/kernel-livepatch-SLE15-SP3_Update_51&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP3

Vulnerabilities (59)

  • CVE-2024-50264Nov 19, 2024
    affected < 1-150300.7.3.1fixed 1-150300.7.3.1

    In the Linux kernel, the following vulnerability has been resolved: vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans During loopback communication, a dangling pointer can be created in vsk->trans, potentially leading to a Use-After-Free condition. T

  • CVE-2024-50205MedNov 8, 2024
    affected < 1-150300.7.3.1fixed 1-150300.7.3.1

    In the Linux kernel, the following vulnerability has been resolved: ALSA: firewire-lib: Avoid division by zero in apply_constraint_to_size() The step variable is initialized to zero. It is changed in the loop, but if it's not changed it will remain zero. Add a variable check be

  • CVE-2024-50208Nov 8, 2024
    affected < 1-150300.7.3.1fixed 1-150300.7.3.1

    In the Linux kernel, the following vulnerability has been resolved: RDMA/bnxt_re: Fix a bug while setting up Level-2 PBL pages Avoid memory corruption while setting up Level-2 PBL pages for the non MR resources when num_pages > 256K. There will be a single PDE page address (co

  • CVE-2024-50154Nov 7, 2024
    affected < 1-150300.7.3.1fixed 1-150300.7.3.1

    In the Linux kernel, the following vulnerability has been resolved: tcp/dccp: Don't use timer_pending() in reqsk_queue_unlink(). Martin KaFai Lau reported use-after-free [0] in reqsk_timer_handler(). """ We are seeing a use-after-free from a bpf prog attached to trace_tc

  • CVE-2024-50127HigNov 5, 2024
    affected < 1-150300.7.3.1fixed 1-150300.7.3.1

    In the Linux kernel, the following vulnerability has been resolved: net: sched: fix use-after-free in taprio_change() In 'taprio_change()', 'admin' pointer may become dangling due to sched switch / removal caused by 'advance_sched()', and critical section protected by 'q->curre

  • CVE-2024-50125Nov 5, 2024
    affected < 1-150300.7.3.1fixed 1-150300.7.3.1

    In the Linux kernel, the following vulnerability has been resolved: Bluetooth: SCO: Fix UAF on sco_sock_timeout conn->sk maybe have been unlinked/freed while waiting for sco_conn_lock so this checks if the conn->sk is still valid by checking if it part of sco_sk_list.

  • CVE-2024-50115Nov 5, 2024
    affected < 1-150300.7.3.1fixed 1-150300.7.3.1

    In the Linux kernel, the following vulnerability has been resolved: KVM: nSVM: Ignore nCR3[4:0] when loading PDPTEs from memory Ignore nCR3[4:0] when loading PDPTEs from memory for nested SVM, as bits 4:0 of CR3 are ignored when PAE paging is used, and thus VMRUN doesn't enforc

  • CVE-2022-49032Oct 21, 2024
    affected < 1-150300.7.3.1fixed 1-150300.7.3.1

    In the Linux kernel, the following vulnerability has been resolved: iio: health: afe4404: Fix oob read in afe4404_[read|write]_raw KASAN report out-of-bounds read as follows: BUG: KASAN: global-out-of-bounds in afe4404_read_raw+0x2ce/0x380 Read of size 4 at addr ffffffffc00e46

  • CVE-2022-49031Oct 21, 2024
    affected < 1-150300.7.3.1fixed 1-150300.7.3.1

    In the Linux kernel, the following vulnerability has been resolved: iio: health: afe4403: Fix oob read in afe4403_read_raw KASAN report out-of-bounds read as follows: BUG: KASAN: global-out-of-bounds in afe4403_read_raw+0x42e/0x4c0 Read of size 4 at addr ffffffffc02ac638 by ta

  • CVE-2022-49029Oct 21, 2024
    affected < 1-150300.7.3.1fixed 1-150300.7.3.1

    In the Linux kernel, the following vulnerability has been resolved: hwmon: (ibmpex) Fix possible UAF when ibmpex_register_bmc() fails Smatch report warning as follows: drivers/hwmon/ibmpex.c:509 ibmpex_register_bmc() warn: '&data->list' not removed from list If ibmpex_find_

  • CVE-2022-49022Oct 21, 2024
    affected < 1-150300.7.3.1fixed 1-150300.7.3.1

    In the Linux kernel, the following vulnerability has been resolved: wifi: mac8021: fix possible oob access in ieee80211_get_rate_duration Fix possible out-of-bound access in ieee80211_get_rate_duration routine as reported by the following UBSAN report: UBSAN: array-index-out-o

  • CVE-2022-49021Oct 21, 2024
    affected < 1-150300.7.3.1fixed 1-150300.7.3.1

    In the Linux kernel, the following vulnerability has been resolved: net: phy: fix null-ptr-deref while probe() failed I got a null-ptr-deref report as following when doing fault injection test: BUG: kernel NULL pointer dereference, address: 0000000000000058 Oops: 0000 [#1] PRE

  • CVE-2022-49019Oct 21, 2024
    affected < 1-150300.7.3.1fixed 1-150300.7.3.1

    In the Linux kernel, the following vulnerability has been resolved: net: ethernet: nixge: fix NULL dereference In function nixge_hw_dma_bd_release() dereference of NULL pointer priv->rx_bd_v is possible for the case of its allocation failure in nixge_hw_dma_bd_init(). Move for

  • CVE-2022-49011Oct 21, 2024
    affected < 1-150300.7.3.1fixed 1-150300.7.3.1

    In the Linux kernel, the following vulnerability has been resolved: hwmon: (coretemp) fix pci device refcount leak in nv1a_ram_new() As comment of pci_get_domain_bus_and_slot() says, it returns a pci device with refcount increment, when finish using it, the caller must decremen

  • CVE-2022-49010Oct 21, 2024
    affected < 1-150300.7.3.1fixed 1-150300.7.3.1

    In the Linux kernel, the following vulnerability has been resolved: hwmon: (coretemp) Check for null before removing sysfs attrs If coretemp_add_core() gets an error then pdata->core_data[indx] is already NULL and has been kfreed. Don't pass that to sysfs_remove_group() as that

  • CVE-2022-49006Oct 21, 2024
    affected < 1-150300.7.3.1fixed 1-150300.7.3.1

    In the Linux kernel, the following vulnerability has been resolved: tracing: Free buffers when a used dynamic event is removed After 65536 dynamic events have been added and removed, the "type" field of the event then uses the first type number that is available (not currently

  • CVE-2022-48985Oct 21, 2024
    affected < 1-150300.7.3.1fixed 1-150300.7.3.1

    In the Linux kernel, the following vulnerability has been resolved: net: mana: Fix race on per-CQ variable napi work_done After calling napi_complete_done(), the NAPIF_STATE_SCHED bit may be cleared, and another CPU can start napi thread and access per-CQ variable, cq->work_don

  • CVE-2024-49925MedOct 21, 2024
    affected < 1-150300.7.3.1fixed 1-150300.7.3.1

    In the Linux kernel, the following vulnerability has been resolved: fbdev: efifb: Register sysfs groups through driver core The driver core can register and cleanup sysfs groups already. Make use of that functionality to simplify the error handling and cleanup. Also avoid a UA

  • CVE-2023-52524Mar 2, 2024
    affected < 1-150300.7.3.1fixed 1-150300.7.3.1

    In the Linux kernel, the following vulnerability has been resolved: net: nfc: llcp: Add lock when modifying device list The device list needs its associated lock held when modifying it, or the list could become corrupted, as syzbot discovered.

Page 3 of 3