rpm package
suse/kernel-livepatch-SLE15-SP4_Update_33&distro=SUSE Linux Enterprise Live Patching 15 SP4
pkg:rpm/suse/kernel-livepatch-SLE15-SP4_Update_33&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP4
Vulnerabilities (153)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2023-52881 | — | < 1-150400.9.5.1 | 1-150400.9.5.1 | May 29, 2024 | In the Linux kernel, the following vulnerability has been resolved: tcp: do not accept ACK of bytes we never sent This patch is based on a detailed report and ideas from Yepeng Pan and Christian Rossow. ACK seq validation is currently following RFC 5961 5.2 guidelines: The | ||
| CVE-2021-47534 | — | < 1-150400.9.5.1 | 1-150400.9.5.1 | May 24, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/vc4: kms: Add missing drm_crtc_commit_put Commit 9ec03d7f1ed3 ("drm/vc4: kms: Wait on previous FIFO users before a commit") introduced a global state for the HVS, with each FIFO storing the current CRTC com | ||
| CVE-2023-52800 | — | < 1-150400.9.5.1 | 1-150400.9.5.1 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix htt pktlog locking The ath11k active pdevs are protected by RCU but the htt pktlog handling code calling ath11k_mac_get_ar_by_pdev_id() was not marked as a read-side critical section. Mark th | ||
| CVE-2023-52766 | — | < 1-150400.9.5.1 | 1-150400.9.5.1 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: i3c: mipi-i3c-hci: Fix out of bounds access in hci_dma_irq_handler Do not loop over ring headers in hci_dma_irq_handler() that are not allocated and enabled in hci_dma_init(). Otherwise out of bounds access wil | ||
| CVE-2021-47416 | — | < 1-150400.9.5.1 | 1-150400.9.5.1 | May 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: phy: mdio: fix memory leak Syzbot reported memory leak in MDIO bus interface, the problem was in wrong state logic. MDIOBUS_ALLOCATED indicates 2 states: 1. Bus is only allocated 2. Bus allocated and __mdiob | ||
| CVE-2024-27043 | — | < 1-150400.9.5.1 | 1-150400.9.5.1 | May 1, 2024 | In the Linux kernel, the following vulnerability has been resolved: media: edia: dvbdev: fix a use-after-free In dvb_register_device, *pdvbdev is set equal to dvbdev, which is freed in several error-handling paths. However, *pdvbdev is not set to NULL after dvbdev's deallocatio | ||
| CVE-2022-48664 | — | < 1-150400.9.5.1 | 1-150400.9.5.1 | Apr 28, 2024 | In the Linux kernel, the following vulnerability has been resolved: btrfs: fix hang during unmount when stopping a space reclaim worker Often when running generic/562 from fstests we can hang during unmount, resulting in a trace like this: Sep 07 11:52:00 debian9 unknown: ru | ||
| CVE-2024-26808 | — | < 14-150400.2.1 | 14-150400.2.1 | Apr 4, 2024 | In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechain Remove netdevice from inet/ingress basechain in case NETDEV_UNREGISTER event is reported, otherwise a stale reference to netdevic | ||
| CVE-2023-6270 | — | < 1-150400.9.5.1 | 1-150400.9.5.1 | Jan 4, 2024 | A flaw was found in the ATA over Ethernet (AoE) driver in the Linux kernel. The aoecmd_cfg_pkts() function improperly updates the refcnt on `struct net_device`, and a use-after-free can be triggered by racing between the free on the struct and the access through the `skbtxq` glob | ||
| CVE-2023-28327 | — | < 1-150400.9.5.1 | 1-150400.9.5.1 | Apr 19, 2023 | A NULL pointer dereference flaw was found in the UNIX protocol in net/unix/diag.c In unix_diag_get_exact in the Linux Kernel. The newly allocated skb does not have sk, leading to a NULL pointer. This flaw allows a local user to crash or potentially cause a denial of service. | ||
| CVE-2023-2166 | — | < 1-150400.9.5.1 | 1-150400.9.5.1 | Apr 19, 2023 | A null pointer dereference issue was found in can protocol in net/can/af_can.c in the Linux before Linux. ml_priv may not be initialized in the receive path of CAN frames. A local user could use this flaw to crash the system or potentially cause a denial of service. | ||
| CVE-2022-45934 | — | < 1-150400.9.5.1 | 1-150400.9.5.1 | Nov 27, 2022 | An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets. | ||
| CVE-2022-3435 | — | < 1-150400.9.5.1 | 1-150400.9.5.1 | Oct 8, 2022 | A vulnerability classified as problematic has been found in Linux Kernel. This affects the function fib_nh_match of the file net/ipv4/fib_semantics.c of the component IPv4 Handler. The manipulation leads to out-of-bounds read. It is possible to initiate the attack remotely. It is |
- CVE-2023-52881May 29, 2024affected < 1-150400.9.5.1fixed 1-150400.9.5.1
In the Linux kernel, the following vulnerability has been resolved: tcp: do not accept ACK of bytes we never sent This patch is based on a detailed report and ideas from Yepeng Pan and Christian Rossow. ACK seq validation is currently following RFC 5961 5.2 guidelines: The
- CVE-2021-47534May 24, 2024affected < 1-150400.9.5.1fixed 1-150400.9.5.1
In the Linux kernel, the following vulnerability has been resolved: drm/vc4: kms: Add missing drm_crtc_commit_put Commit 9ec03d7f1ed3 ("drm/vc4: kms: Wait on previous FIFO users before a commit") introduced a global state for the HVS, with each FIFO storing the current CRTC com
- CVE-2023-52800May 21, 2024affected < 1-150400.9.5.1fixed 1-150400.9.5.1
In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix htt pktlog locking The ath11k active pdevs are protected by RCU but the htt pktlog handling code calling ath11k_mac_get_ar_by_pdev_id() was not marked as a read-side critical section. Mark th
- CVE-2023-52766May 21, 2024affected < 1-150400.9.5.1fixed 1-150400.9.5.1
In the Linux kernel, the following vulnerability has been resolved: i3c: mipi-i3c-hci: Fix out of bounds access in hci_dma_irq_handler Do not loop over ring headers in hci_dma_irq_handler() that are not allocated and enabled in hci_dma_init(). Otherwise out of bounds access wil
- CVE-2021-47416May 21, 2024affected < 1-150400.9.5.1fixed 1-150400.9.5.1
In the Linux kernel, the following vulnerability has been resolved: phy: mdio: fix memory leak Syzbot reported memory leak in MDIO bus interface, the problem was in wrong state logic. MDIOBUS_ALLOCATED indicates 2 states: 1. Bus is only allocated 2. Bus allocated and __mdiob
- CVE-2024-27043May 1, 2024affected < 1-150400.9.5.1fixed 1-150400.9.5.1
In the Linux kernel, the following vulnerability has been resolved: media: edia: dvbdev: fix a use-after-free In dvb_register_device, *pdvbdev is set equal to dvbdev, which is freed in several error-handling paths. However, *pdvbdev is not set to NULL after dvbdev's deallocatio
- CVE-2022-48664Apr 28, 2024affected < 1-150400.9.5.1fixed 1-150400.9.5.1
In the Linux kernel, the following vulnerability has been resolved: btrfs: fix hang during unmount when stopping a space reclaim worker Often when running generic/562 from fstests we can hang during unmount, resulting in a trace like this: Sep 07 11:52:00 debian9 unknown: ru
- CVE-2024-26808Apr 4, 2024affected < 14-150400.2.1fixed 14-150400.2.1
In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechain Remove netdevice from inet/ingress basechain in case NETDEV_UNREGISTER event is reported, otherwise a stale reference to netdevic
- CVE-2023-6270Jan 4, 2024affected < 1-150400.9.5.1fixed 1-150400.9.5.1
A flaw was found in the ATA over Ethernet (AoE) driver in the Linux kernel. The aoecmd_cfg_pkts() function improperly updates the refcnt on `struct net_device`, and a use-after-free can be triggered by racing between the free on the struct and the access through the `skbtxq` glob
- CVE-2023-28327Apr 19, 2023affected < 1-150400.9.5.1fixed 1-150400.9.5.1
A NULL pointer dereference flaw was found in the UNIX protocol in net/unix/diag.c In unix_diag_get_exact in the Linux Kernel. The newly allocated skb does not have sk, leading to a NULL pointer. This flaw allows a local user to crash or potentially cause a denial of service.
- CVE-2023-2166Apr 19, 2023affected < 1-150400.9.5.1fixed 1-150400.9.5.1
A null pointer dereference issue was found in can protocol in net/can/af_can.c in the Linux before Linux. ml_priv may not be initialized in the receive path of CAN frames. A local user could use this flaw to crash the system or potentially cause a denial of service.
- CVE-2022-45934Nov 27, 2022affected < 1-150400.9.5.1fixed 1-150400.9.5.1
An issue was discovered in the Linux kernel through 6.0.10. l2cap_config_req in net/bluetooth/l2cap_core.c has an integer wraparound via L2CAP_CONF_REQ packets.
- CVE-2022-3435Oct 8, 2022affected < 1-150400.9.5.1fixed 1-150400.9.5.1
A vulnerability classified as problematic has been found in Linux Kernel. This affects the function fib_nh_match of the file net/ipv4/fib_semantics.c of the component IPv4 Handler. The manipulation leads to out-of-bounds read. It is possible to initiate the attack remotely. It is
Page 8 of 8