VYPR

rpm package

suse/kernel-livepatch-SLE15-SP4_Update_24&distro=SUSE Linux Enterprise Live Patching 15 SP4

pkg:rpm/suse/kernel-livepatch-SLE15-SP4_Update_24&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP4

Vulnerabilities (93)

  • CVE-2024-26766Apr 3, 2024
    affected < 2-150400.9.6.1fixed 2-150400.9.6.1

    In the Linux kernel, the following vulnerability has been resolved: IB/hfi1: Fix sdma.h tx->num_descs off-by-one error Unfortunately the commit `fd8958efe877` introduced another error causing the `descs` array to overflow. This reults in further crashes easily reproducible by `

  • CVE-2023-28746MedMar 14, 2024
    affected < 1-150400.9.3.1fixed 1-150400.9.3.1

    Information exposure through microarchitectural state after transient execution from some register files for some Intel(R) Atom(R) Processors may allow an authenticated user to potentially enable information disclosure via local access.

  • CVE-2021-47083Mar 4, 2024
    affected < 1-150400.9.3.1fixed 1-150400.9.3.1

    In the Linux kernel, the following vulnerability has been resolved: pinctrl: mediatek: fix global-out-of-bounds issue When eint virtual eint number is greater than gpio number, it maybe produce 'desc[eint_n]' size globle-out-of-bounds issue.

  • CVE-2024-26622Mar 4, 2024
    affected < 1-150400.9.3.1fixed 1-150400.9.3.1

    In the Linux kernel, the following vulnerability has been resolved: tomoyo: fix UAF write bug in tomoyo_write_control() Since tomoyo_write_control() updates head->write_buf when write() of long lines is requested, we need to fetch head->write_buf after head->io_sem is held. Ot

  • CVE-2023-52559Mar 2, 2024
    affected < 1-150400.9.3.1fixed 1-150400.9.3.1

    In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Avoid memory allocation in iommu_suspend() The iommu_suspend() syscore suspend callback is invoked with IRQ disabled. Allocating memory with the GFP_KERNEL flag may re-enable IRQs during the suspend

  • CVE-2023-52531Mar 2, 2024
    affected < 1-150400.9.3.1fixed 1-150400.9.3.1

    In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: Fix a memory corruption issue A few lines above, space is kzalloc()'ed for: sizeof(struct iwl_nvm_data) + sizeof(struct ieee80211_channel) + sizeof(struct ieee80211_rate) 'mvm->nvm_data'

  • CVE-2023-52530Mar 2, 2024
    affected < 1-150400.9.3.1fixed 1-150400.9.3.1

    In the Linux kernel, the following vulnerability has been resolved: wifi: mac80211: fix potential key use-after-free When ieee80211_key_link() is called by ieee80211_gtk_rekey_add() but returns 0 due to KRACK protection (identical key reinstall), ieee80211_gtk_rekey_add() will

  • CVE-2023-52502Mar 2, 2024
    affected < 2-150400.9.6.1fixed 2-150400.9.6.1

    In the Linux kernel, the following vulnerability has been resolved: net: nfc: fix races in nfc_llcp_sock_get() and nfc_llcp_sock_get_sn() Sili Luo reported a race in nfc_llcp_sock_get(), leading to UAF. Getting a reference on the socket found in a lookup while holding a lock s

  • CVE-2022-48627Mar 2, 2024
    affected < 1-150400.9.3.1fixed 1-150400.9.3.1

    In the Linux kernel, the following vulnerability has been resolved: vt: fix memory overlapping when deleting chars in the buffer A memory overlapping copy occurs when deleting a long line. This memory overlapping copy can cause data corruption when scr_memcpyw is optimized to m

  • CVE-2024-26610Feb 29, 2024
    affected < 2-150400.9.6.1fixed 2-150400.9.6.1

    In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: fix a memory corruption iwl_fw_ini_trigger_tlv::data is a pointer to a __le32, which means that if we copy to iwl_fw_ini_trigger_tlv::data + offset while offset is in bytes, we'll write past the

  • CVE-2024-26607Feb 29, 2024
    affected < 1-150400.9.3.1fixed 1-150400.9.3.1

    In the Linux kernel, the following vulnerability has been resolved: drm/bridge: sii902x: Fix probing race issue A null pointer dereference crash has been observed rarely on TI platforms using sii9022 bridge: [ 53.271356] sii902x_get_edid+0x34/0x70 [sii902x] [ 53.276066]

  • CVE-2023-52484Feb 29, 2024
    affected < 1-150400.9.3.1fixed 1-150400.9.3.1

    In the Linux kernel, the following vulnerability has been resolved: iommu/arm-smmu-v3: Fix soft lockup triggered by arm_smmu_mm_invalidate_range When running an SVA case, the following soft lockup is triggered: -------------------------------------------------------------------

  • CVE-2023-52482Feb 29, 2024
    affected < 1-150400.9.3.1fixed 1-150400.9.3.1

    In the Linux kernel, the following vulnerability has been resolved: x86/srso: Add SRSO mitigation for Hygon processors Add mitigation for the speculative return stack overflow vulnerability which exists on Hygon processors too.

  • CVE-2023-52478Feb 29, 2024
    affected < 1-150400.9.3.1fixed 1-150400.9.3.1

    In the Linux kernel, the following vulnerability has been resolved: HID: logitech-hidpp: Fix kernel crash on receiver USB disconnect hidpp_connect_event() has *four* time-of-check vs time-of-use (TOCTOU) races when it races with itself. hidpp_connect_event() primarily runs fro

  • CVE-2023-52475Feb 29, 2024
    affected < 1-150400.9.3.1fixed 1-150400.9.3.1

    In the Linux kernel, the following vulnerability has been resolved: Input: powermate - fix use-after-free in powermate_config_complete syzbot has found a use-after-free bug [1] in the powermate driver. This happens when the device is disconnected, which leads to a memory free f

  • CVE-2021-46934Feb 27, 2024
    affected < 1-150400.9.3.1fixed 1-150400.9.3.1

    In the Linux kernel, the following vulnerability has been resolved: i2c: validate user data in compat ioctl Wrong user data may cause warning in i2c_transfer(), ex: zero msgs. Userspace should not be able to trigger warnings, so this patch adds validation checks for user data i

  • CVE-2021-46932Feb 27, 2024
    affected < 1-150400.9.3.1fixed 1-150400.9.3.1

    In the Linux kernel, the following vulnerability has been resolved: Input: appletouch - initialize work before device registration Syzbot has reported warning in __flush_work(). This warning is caused by work->func == NULL, which means missing work initialization. This may hap

  • CVE-2021-46924Feb 27, 2024
    affected < 1-150400.9.3.1fixed 1-150400.9.3.1

    In the Linux kernel, the following vulnerability has been resolved: NFC: st21nfca: Fix memory leak in device probe and remove 'phy->pending_skb' is alloced when device probe, but forgot to free in the error handling path and remove path, this cause memory leak as follows: unre

  • CVE-2021-46923Feb 27, 2024
    affected < 1-150400.9.3.1fixed 1-150400.9.3.1

    In the Linux kernel, the following vulnerability has been resolved: fs/mount_setattr: always cleanup mount_kattr Make sure that finish_mount_kattr() is called after mount_kattr was succesfully built in both the success and failure case to prevent leaking any references we took

  • CVE-2019-25162Feb 26, 2024
    affected < 1-150400.9.3.1fixed 1-150400.9.3.1

    In the Linux kernel, the following vulnerability has been resolved: i2c: Fix a potential use after free Free the adap structure only after we are done using it. This patch just moves the put_device() down a bit to avoid the use after free. [wsa: added comment to the code, adde