rpm package
suse/kernel-livepatch-SLE15-SP4_Update_29&distro=SUSE Linux Enterprise Live Patching 15 SP4
pkg:rpm/suse/kernel-livepatch-SLE15-SP4_Update_29&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP4
Vulnerabilities (225)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-47607 | — | < 1-150400.9.3.1 | 1-150400.9.3.1 | Jun 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: bpf: Fix kernel address leakage in atomic cmpxchg's r0 aux reg The implementation of BPF_CMPXCHG on a high level has the following parameters: .-[old-val] .-[new-val] | ||
| CVE-2021-47603 | — | < 1-150400.9.3.1 | 1-150400.9.3.1 | Jun 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: audit: improve robustness of the audit queue handling If the audit daemon were ever to get stuck in a stopped state the kernel's kauditd_thread() could get blocked attempting to send audit records to the usersp | ||
| CVE-2021-47602 | — | < 1-150400.9.3.1 | 1-150400.9.3.1 | Jun 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: mac80211: track only QoS data frames for admission control For admission control, obviously all of that only works for QoS data frames, otherwise we cannot even access the QoS field in the header. Syzbot repor | ||
| CVE-2021-47601 | — | < 1-150400.9.3.1 | 1-150400.9.3.1 | Jun 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: tee: amdtee: fix an IS_ERR() vs NULL bug The __get_free_pages() function does not return error pointers it returns NULL so fix this condition to avoid a NULL dereference. | ||
| CVE-2021-47600 | — | < 1-150400.9.3.1 | 1-150400.9.3.1 | Jun 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: dm btree remove: fix use after free in rebalance_children() Move dm_tm_unlock() after dm_tm_dec(). | ||
| CVE-2021-47598 | — | < 1-150400.9.3.1 | 1-150400.9.3.1 | Jun 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: sch_cake: do not call cake_destroy() from cake_init() qdiscs are not supposed to call their own destroy() method from init(), because core stack already does that. syzbot was able to trigger use after free: D | ||
| CVE-2021-47597 | — | < 1-150400.9.3.1 | 1-150400.9.3.1 | Jun 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: inet_diag: fix kernel-infoleak for UDP sockets KMSAN reported a kernel-infoleak [1], that can exploited by unpriv users. After analysis it turned out UDP was not initializing r->idiag_expires. Other users of i | ||
| CVE-2021-47596 | — | < 1-150400.9.3.1 | 1-150400.9.3.1 | Jun 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix use-after-free bug in hclgevf_send_mbx_msg Currently, the hns3_remove function firstly uninstall client instance, and then uninstall acceletion engine device. The netdevice is freed in client ins | ||
| CVE-2021-47592 | — | < 1-150400.9.3.1 | 1-150400.9.3.1 | Jun 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: stmmac: fix tc flower deletion for VLAN priority Rx steering To replicate the issue:- 1) Add 1 flower filter for VLAN Priority based frame steering:- $ IFDEVNAME=eth0 $ tc qdisc add dev $IFDEVNAME ingress | ||
| CVE-2021-47589 | — | < 1-150400.9.3.1 | 1-150400.9.3.1 | Jun 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: igbvf: fix double free in `igbvf_probe` In `igbvf_probe`, if register_netdev() fails, the program will go to label err_hw_init, and then to label err_ioremap. In free_netdev() which is just below label err_iore | ||
| CVE-2021-47587 | — | < 1-150400.9.3.1 | 1-150400.9.3.1 | Jun 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: systemport: Add global locking for descriptor lifecycle The descriptor list is a shared resource across all of the transmit queues, and the locking mechanism used today only protects concurrency across a g | ||
| CVE-2021-47586 | — | < 1-150400.9.3.1 | 1-150400.9.3.1 | Jun 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: stmmac: dwmac-rk: fix oob read in rk_gmac_setup KASAN reports an out-of-bounds read in rk_gmac_setup on the line: while (ops->regs[i]) { This happens for most platforms since the regs flexible array mem | ||
| CVE-2021-47585 | — | < 1-150400.9.3.1 | 1-150400.9.3.1 | Jun 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: btrfs: fix memory leak in __add_inode_ref() Line 1169 (#3) allocates a memory chunk for victim_name by kmalloc(), but when the function returns in line 1184 (#4) victim_name allocated by line 1169 (#3) is not | ||
| CVE-2021-47584 | — | < 1-150400.9.3.1 | 1-150400.9.3.1 | Jun 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: iocost: Fix divide-by-zero on donation from low hweight cgroup The donation calculation logic assumes that the donor has non-zero after-donation hweight, so the lowest active hweight a donating cgroup can have | ||
| CVE-2021-47583 | — | < 1-150400.9.3.1 | 1-150400.9.3.1 | Jun 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: media: mxl111sf: change mutex_init() location Syzbot reported, that mxl111sf_ctrl_msg() uses uninitialized mutex. The problem was in wrong mutex_init() location. Previous mutex_init(&state->msg_lock) call was | ||
| CVE-2021-47582 | — | < 1-150400.9.3.1 | 1-150400.9.3.1 | Jun 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: USB: core: Make do_proc_control() and do_proc_bulk() killable The USBDEVFS_CONTROL and USBDEVFS_BULK ioctls invoke usb_start_wait_urb(), which contains an uninterruptible wait with a user-specified timeout valu | ||
| CVE-2021-47580 | — | < 1-150400.9.3.1 | 1-150400.9.3.1 | Jun 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: scsi: scsi_debug: Fix type in min_t to avoid stack OOB Change min_t() to use type "u32" instead of type "int" to avoid stack out of bounds. With min_t() type "int" the values get sign extended and the larger va | ||
| CVE-2021-47578 | — | < 1-150400.9.3.1 | 1-150400.9.3.1 | Jun 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: scsi: scsi_debug: Don't call kcalloc() if size arg is zero If the size arg to kcalloc() is zero, it returns ZERO_SIZE_PTR. Because of that, for a following NULL pointer check to work on the returned pointer, k | ||
| CVE-2021-47576 | — | < 1-150400.9.3.1 | 1-150400.9.3.1 | Jun 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: scsi: scsi_debug: Sanity check block descriptor length in resp_mode_select() In resp_mode_select() sanity check the block descriptor len to avoid UAF. BUG: KASAN: use-after-free in resp_mode_select+0xa4c/0xb40 | ||
| CVE-2024-38559 | Med | 4.4 | < 1-150400.9.3.1 | 1-150400.9.3.1 | Jun 19, 2024 | In the Linux kernel, the following vulnerability has been resolved: scsi: qedf: Ensure the copied buf is NUL terminated Currently, we allocate a count-sized kernel buffer and copy count from userspace to that buffer. Later, we use kstrtouint on this buffer but we don't ensure t |
- CVE-2021-47607Jun 19, 2024affected < 1-150400.9.3.1fixed 1-150400.9.3.1
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix kernel address leakage in atomic cmpxchg's r0 aux reg The implementation of BPF_CMPXCHG on a high level has the following parameters: .-[old-val] .-[new-val]
- CVE-2021-47603Jun 19, 2024affected < 1-150400.9.3.1fixed 1-150400.9.3.1
In the Linux kernel, the following vulnerability has been resolved: audit: improve robustness of the audit queue handling If the audit daemon were ever to get stuck in a stopped state the kernel's kauditd_thread() could get blocked attempting to send audit records to the usersp
- CVE-2021-47602Jun 19, 2024affected < 1-150400.9.3.1fixed 1-150400.9.3.1
In the Linux kernel, the following vulnerability has been resolved: mac80211: track only QoS data frames for admission control For admission control, obviously all of that only works for QoS data frames, otherwise we cannot even access the QoS field in the header. Syzbot repor
- CVE-2021-47601Jun 19, 2024affected < 1-150400.9.3.1fixed 1-150400.9.3.1
In the Linux kernel, the following vulnerability has been resolved: tee: amdtee: fix an IS_ERR() vs NULL bug The __get_free_pages() function does not return error pointers it returns NULL so fix this condition to avoid a NULL dereference.
- CVE-2021-47600Jun 19, 2024affected < 1-150400.9.3.1fixed 1-150400.9.3.1
In the Linux kernel, the following vulnerability has been resolved: dm btree remove: fix use after free in rebalance_children() Move dm_tm_unlock() after dm_tm_dec().
- CVE-2021-47598Jun 19, 2024affected < 1-150400.9.3.1fixed 1-150400.9.3.1
In the Linux kernel, the following vulnerability has been resolved: sch_cake: do not call cake_destroy() from cake_init() qdiscs are not supposed to call their own destroy() method from init(), because core stack already does that. syzbot was able to trigger use after free: D
- CVE-2021-47597Jun 19, 2024affected < 1-150400.9.3.1fixed 1-150400.9.3.1
In the Linux kernel, the following vulnerability has been resolved: inet_diag: fix kernel-infoleak for UDP sockets KMSAN reported a kernel-infoleak [1], that can exploited by unpriv users. After analysis it turned out UDP was not initializing r->idiag_expires. Other users of i
- CVE-2021-47596Jun 19, 2024affected < 1-150400.9.3.1fixed 1-150400.9.3.1
In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix use-after-free bug in hclgevf_send_mbx_msg Currently, the hns3_remove function firstly uninstall client instance, and then uninstall acceletion engine device. The netdevice is freed in client ins
- CVE-2021-47592Jun 19, 2024affected < 1-150400.9.3.1fixed 1-150400.9.3.1
In the Linux kernel, the following vulnerability has been resolved: net: stmmac: fix tc flower deletion for VLAN priority Rx steering To replicate the issue:- 1) Add 1 flower filter for VLAN Priority based frame steering:- $ IFDEVNAME=eth0 $ tc qdisc add dev $IFDEVNAME ingress
- CVE-2021-47589Jun 19, 2024affected < 1-150400.9.3.1fixed 1-150400.9.3.1
In the Linux kernel, the following vulnerability has been resolved: igbvf: fix double free in `igbvf_probe` In `igbvf_probe`, if register_netdev() fails, the program will go to label err_hw_init, and then to label err_ioremap. In free_netdev() which is just below label err_iore
- CVE-2021-47587Jun 19, 2024affected < 1-150400.9.3.1fixed 1-150400.9.3.1
In the Linux kernel, the following vulnerability has been resolved: net: systemport: Add global locking for descriptor lifecycle The descriptor list is a shared resource across all of the transmit queues, and the locking mechanism used today only protects concurrency across a g
- CVE-2021-47586Jun 19, 2024affected < 1-150400.9.3.1fixed 1-150400.9.3.1
In the Linux kernel, the following vulnerability has been resolved: net: stmmac: dwmac-rk: fix oob read in rk_gmac_setup KASAN reports an out-of-bounds read in rk_gmac_setup on the line: while (ops->regs[i]) { This happens for most platforms since the regs flexible array mem
- CVE-2021-47585Jun 19, 2024affected < 1-150400.9.3.1fixed 1-150400.9.3.1
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix memory leak in __add_inode_ref() Line 1169 (#3) allocates a memory chunk for victim_name by kmalloc(), but when the function returns in line 1184 (#4) victim_name allocated by line 1169 (#3) is not
- CVE-2021-47584Jun 19, 2024affected < 1-150400.9.3.1fixed 1-150400.9.3.1
In the Linux kernel, the following vulnerability has been resolved: iocost: Fix divide-by-zero on donation from low hweight cgroup The donation calculation logic assumes that the donor has non-zero after-donation hweight, so the lowest active hweight a donating cgroup can have
- CVE-2021-47583Jun 19, 2024affected < 1-150400.9.3.1fixed 1-150400.9.3.1
In the Linux kernel, the following vulnerability has been resolved: media: mxl111sf: change mutex_init() location Syzbot reported, that mxl111sf_ctrl_msg() uses uninitialized mutex. The problem was in wrong mutex_init() location. Previous mutex_init(&state->msg_lock) call was
- CVE-2021-47582Jun 19, 2024affected < 1-150400.9.3.1fixed 1-150400.9.3.1
In the Linux kernel, the following vulnerability has been resolved: USB: core: Make do_proc_control() and do_proc_bulk() killable The USBDEVFS_CONTROL and USBDEVFS_BULK ioctls invoke usb_start_wait_urb(), which contains an uninterruptible wait with a user-specified timeout valu
- CVE-2021-47580Jun 19, 2024affected < 1-150400.9.3.1fixed 1-150400.9.3.1
In the Linux kernel, the following vulnerability has been resolved: scsi: scsi_debug: Fix type in min_t to avoid stack OOB Change min_t() to use type "u32" instead of type "int" to avoid stack out of bounds. With min_t() type "int" the values get sign extended and the larger va
- CVE-2021-47578Jun 19, 2024affected < 1-150400.9.3.1fixed 1-150400.9.3.1
In the Linux kernel, the following vulnerability has been resolved: scsi: scsi_debug: Don't call kcalloc() if size arg is zero If the size arg to kcalloc() is zero, it returns ZERO_SIZE_PTR. Because of that, for a following NULL pointer check to work on the returned pointer, k
- CVE-2021-47576Jun 19, 2024affected < 1-150400.9.3.1fixed 1-150400.9.3.1
In the Linux kernel, the following vulnerability has been resolved: scsi: scsi_debug: Sanity check block descriptor length in resp_mode_select() In resp_mode_select() sanity check the block descriptor len to avoid UAF. BUG: KASAN: use-after-free in resp_mode_select+0xa4c/0xb40
- affected < 1-150400.9.3.1fixed 1-150400.9.3.1
In the Linux kernel, the following vulnerability has been resolved: scsi: qedf: Ensure the copied buf is NUL terminated Currently, we allocate a count-sized kernel buffer and copy count from userspace to that buffer. Later, we use kstrtouint on this buffer but we don't ensure t
Page 10 of 12