rpm package
suse/kernel-livepatch-SLE15-SP4_Update_14&distro=SUSE Linux Enterprise Live Patching 15 SP4
pkg:rpm/suse/kernel-livepatch-SLE15-SP4_Update_14&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP4
Vulnerabilities (35)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-35950 | Med | 5.5 | < 14-150400.2.1 | 14-150400.2.1 | May 20, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/client: Fully protect modes[] with dev->mode_config.mutex The modes[] array contains pointers to modes on the connectors' mode lists, which are protected by dev->mode_config.mutex. Thus we need to extend mo | |
| CVE-2024-27398 | Hig | 7.8 | < 14-150400.2.1 | 14-150400.2.1 | May 14, 2024 | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout When the sco connection is established and then, the sco socket is releasing, timeout_work will be scheduled to judge whether the sco disconnection | |
| CVE-2022-48651 | Hig | 7.7 | < 11-150400.2.1 | 11-150400.2.1 | Apr 28, 2024 | In the Linux kernel, the following vulnerability has been resolved: ipvlan: Fix out-of-bound bugs caused by unset skb->mac_header If an AF_PACKET socket is used to send packets through ipvlan and the default xmit function of the AF_PACKET socket is changed from dev_queue_xmit() | |
| CVE-2024-26766 | Med | 5.5 | < 11-150400.2.1 | 11-150400.2.1 | Apr 3, 2024 | In the Linux kernel, the following vulnerability has been resolved: IB/hfi1: Fix sdma.h tx->num_descs off-by-one error Unfortunately the commit `fd8958efe877` introduced another error causing the `descs` array to overflow. This reults in further crashes easily reproducible by ` | |
| CVE-2024-26610 | Hig | 7.8 | < 11-150400.2.1 | 11-150400.2.1 | Mar 11, 2024 | In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: fix a memory corruption iwl_fw_ini_trigger_tlv::data is a pointer to a __le32, which means that if we copy to iwl_fw_ini_trigger_tlv::data + offset while offset is in bytes, we'll write past the | |
| CVE-2024-26622 | Hig | 7.8 | < 10-150400.2.1 | 10-150400.2.1 | Mar 4, 2024 | In the Linux kernel, the following vulnerability has been resolved: tomoyo: fix UAF write bug in tomoyo_write_control() Since tomoyo_write_control() updates head->write_buf when write() of long lines is requested, we need to fetch head->write_buf after head->io_sem is held. Ot | |
| CVE-2023-52502 | Med | 6.3 | < 11-150400.2.1 | 11-150400.2.1 | Mar 2, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: nfc: fix races in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn() Sili Luo reported a race in nfc_llcp_sock_get(), leading to UAF. Getting a reference on the socket found in a lookup while holding a lock s | |
| CVE-2024-26585 | Med | 4.7 | < 11-150400.2.1 | 11-150400.2.1 | Feb 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: tls: fix race between tx work scheduling and socket close Similarly to previous commit, the submitting thread (recvmsg/sendmsg) may exit as soon as the async crypto handler calls complete(). Reorder scheduling | |
| CVE-2024-1086 | Hig | 7.8 | KEV | < 10-150400.2.1 | 10-150400.2.1 | Jan 31, 2024 | A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cau |
| CVE-2024-0775 | Med | 6.7 | < 10-150400.2.1 | 10-150400.2.1 | Jan 22, 2024 | A use-after-free flaw was found in the __ext4_remount in fs/ext4/super.c in ext4 in the Linux kernel. This flaw allows a local user to cause an information leak problem while freeing the old quota file names before a potential failure, leading to a use-after-free. | |
| CVE-2023-6546 | Hig | 7.0 | < 11-150400.2.1 | 11-150400.2.1 | Dec 21, 2023 | A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSMIOC_SETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled, and can lead to a use-after-free problem on a struct gsm_dlci | |
| CVE-2023-6931 | Hig | 7.8 | < 11-150400.2.1 | 11-150400.2.1 | Dec 19, 2023 | A heap out-of-bounds write vulnerability in the Linux kernel's Performance Events system component can be exploited to achieve local privilege escalation. A perf_event's read_size can overflow, leading to an heap out-of-bounds increment or write in perf_read_group(). We recomme | |
| CVE-2023-5717 | Hig | 7.8 | < 10-150400.2.1 | 10-150400.2.1 | Oct 25, 2023 | A heap out-of-bounds write vulnerability in the Linux kernel's Linux Kernel Performance Events (perf) component can be exploited to achieve local privilege escalation. If perf_read_group() is called while an event's sibling_list is smaller than its child's sibling_list, it can i | |
| CVE-2023-4273 | Med | 6.0 | < 3-150400.2.1 | 3-150400.2.1 | Aug 9, 2023 | A flaw was found in the exFAT driver of the Linux kernel. The vulnerability exists in the implementation of the file name reconstruction function, which is responsible for reading file name entries from a directory index and merging file name parts belonging to one file into a si | |
| CVE-2023-3776 | Hig | 7.8 | < 3-150400.2.1 | 3-150400.2.1 | Jul 21, 2023 | A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation. If tcf_change_indev() fails, fw_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_b | |
| CVE-2023-3609 | Hig | 7.8 | < 3-150400.2.1 | 3-150400.2.1 | Jul 21, 2023 | A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation. If tcf_change_indev() fails, u32_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf | |
| CVE-2023-35001 | Hig | 7.8 | < 2-150400.2.1 | 2-150400.2.1 | Jul 5, 2023 | Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace | |
| CVE-2023-31248 | Hig | 7.8 | < 3-150400.2.1 | 3-150400.2.1 | Jul 5, 2023 | Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace | |
| CVE-2023-3358 | Med | 5.5 | < 1-150400.9.3.1 | 1-150400.9.3.1 | Jun 28, 2023 | A null pointer dereference was found in the Linux kernel's Integrated Sensor Hub (ISH) driver. This issue could allow a local user to crash the system. | |
| CVE-2023-3357 | Med | 5.5 | < 1-150400.9.3.1 | 1-150400.9.3.1 | Jun 28, 2023 | A NULL pointer dereference flaw was found in the Linux kernel AMD Sensor Fusion Hub driver. This flaw allows a local user to crash the system. |
- affected < 14-150400.2.1fixed 14-150400.2.1
In the Linux kernel, the following vulnerability has been resolved: drm/client: Fully protect modes[] with dev->mode_config.mutex The modes[] array contains pointers to modes on the connectors' mode lists, which are protected by dev->mode_config.mutex. Thus we need to extend mo
- affected < 14-150400.2.1fixed 14-150400.2.1
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix use-after-free bugs caused by sco_sock_timeout When the sco connection is established and then, the sco socket is releasing, timeout_work will be scheduled to judge whether the sco disconnection
- affected < 11-150400.2.1fixed 11-150400.2.1
In the Linux kernel, the following vulnerability has been resolved: ipvlan: Fix out-of-bound bugs caused by unset skb->mac_header If an AF_PACKET socket is used to send packets through ipvlan and the default xmit function of the AF_PACKET socket is changed from dev_queue_xmit()
- affected < 11-150400.2.1fixed 11-150400.2.1
In the Linux kernel, the following vulnerability has been resolved: IB/hfi1: Fix sdma.h tx->num_descs off-by-one error Unfortunately the commit `fd8958efe877` introduced another error causing the `descs` array to overflow. This reults in further crashes easily reproducible by `
- affected < 11-150400.2.1fixed 11-150400.2.1
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: fix a memory corruption iwl_fw_ini_trigger_tlv::data is a pointer to a __le32, which means that if we copy to iwl_fw_ini_trigger_tlv::data + offset while offset is in bytes, we'll write past the
- affected < 10-150400.2.1fixed 10-150400.2.1
In the Linux kernel, the following vulnerability has been resolved: tomoyo: fix UAF write bug in tomoyo_write_control() Since tomoyo_write_control() updates head->write_buf when write() of long lines is requested, we need to fetch head->write_buf after head->io_sem is held. Ot
- affected < 11-150400.2.1fixed 11-150400.2.1
In the Linux kernel, the following vulnerability has been resolved: net: nfc: fix races in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn() Sili Luo reported a race in nfc_llcp_sock_get(), leading to UAF. Getting a reference on the socket found in a lookup while holding a lock s
- affected < 11-150400.2.1fixed 11-150400.2.1
In the Linux kernel, the following vulnerability has been resolved: tls: fix race between tx work scheduling and socket close Similarly to previous commit, the submitting thread (recvmsg/sendmsg) may exit as soon as the async crypto handler calls complete(). Reorder scheduling
- affected < 10-150400.2.1fixed 10-150400.2.1
A use-after-free vulnerability in the Linux kernel's netfilter: nf_tables component can be exploited to achieve local privilege escalation. The nft_verdict_init() function allows positive values as drop error within the hook verdict, and hence the nf_hook_slow() function can cau
- affected < 10-150400.2.1fixed 10-150400.2.1
A use-after-free flaw was found in the __ext4_remount in fs/ext4/super.c in ext4 in the Linux kernel. This flaw allows a local user to cause an information leak problem while freeing the old quota file names before a potential failure, leading to a use-after-free.
- affected < 11-150400.2.1fixed 11-150400.2.1
A race condition was found in the GSM 0710 tty multiplexor in the Linux kernel. This issue occurs when two threads execute the GSMIOC_SETCONF ioctl on the same tty file descriptor with the gsm line discipline enabled, and can lead to a use-after-free problem on a struct gsm_dlci
- affected < 11-150400.2.1fixed 11-150400.2.1
A heap out-of-bounds write vulnerability in the Linux kernel's Performance Events system component can be exploited to achieve local privilege escalation. A perf_event's read_size can overflow, leading to an heap out-of-bounds increment or write in perf_read_group(). We recomme
- affected < 10-150400.2.1fixed 10-150400.2.1
A heap out-of-bounds write vulnerability in the Linux kernel's Linux Kernel Performance Events (perf) component can be exploited to achieve local privilege escalation. If perf_read_group() is called while an event's sibling_list is smaller than its child's sibling_list, it can i
- affected < 3-150400.2.1fixed 3-150400.2.1
A flaw was found in the exFAT driver of the Linux kernel. The vulnerability exists in the implementation of the file name reconstruction function, which is responsible for reading file name entries from a directory index and merging file name parts belonging to one file into a si
- affected < 3-150400.2.1fixed 3-150400.2.1
A use-after-free vulnerability in the Linux kernel's net/sched: cls_fw component can be exploited to achieve local privilege escalation. If tcf_change_indev() fails, fw_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf_b
- affected < 3-150400.2.1fixed 3-150400.2.1
A use-after-free vulnerability in the Linux kernel's net/sched: cls_u32 component can be exploited to achieve local privilege escalation. If tcf_change_indev() fails, u32_set_parms() will immediately return an error after incrementing or decrementing the reference counter in tcf
- affected < 2-150400.2.1fixed 2-150400.2.1
Linux Kernel nftables Out-Of-Bounds Read/Write Vulnerability; nft_byteorder poorly handled vm register contents when CAP_NET_ADMIN is in any user or network namespace
- affected < 3-150400.2.1fixed 3-150400.2.1
Linux Kernel nftables Use-After-Free Local Privilege Escalation Vulnerability; `nft_chain_lookup_byid()` failed to check whether a chain was active and CAP_NET_ADMIN is in any user or network namespace
- affected < 1-150400.9.3.1fixed 1-150400.9.3.1
A null pointer dereference was found in the Linux kernel's Integrated Sensor Hub (ISH) driver. This issue could allow a local user to crash the system.
- affected < 1-150400.9.3.1fixed 1-150400.9.3.1
A NULL pointer dereference flaw was found in the Linux kernel AMD Sensor Fusion Hub driver. This flaw allows a local user to crash the system.
Page 1 of 2