rpm package
suse/kernel-livepatch-SLE15-SP5-RT_Update_16&distro=SUSE Linux Enterprise Live Patching 15 SP5
pkg:rpm/suse/kernel-livepatch-SLE15-SP5-RT_Update_16&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP5
Vulnerabilities (561)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-27075 | — | < 1-150500.11.3.1 | 1-150500.11.3.1 | May 1, 2024 | In the Linux kernel, the following vulnerability has been resolved: media: dvb-frontends: avoid stack overflow warnings with clang A previous patch worked around a KASAN issue in stv0367, now a similar problem showed up with clang: drivers/media/dvb-frontends/stv0367.c:1222:12 | ||
| CVE-2024-27074 | — | < 1-150500.11.3.1 | 1-150500.11.3.1 | May 1, 2024 | In the Linux kernel, the following vulnerability has been resolved: media: go7007: fix a memleak in go7007_load_encoder In go7007_load_encoder, bounce(i.e. go->boot_fw), is allocated without a deallocation thereafter. After the following call chain: saa7134_go7007_init |-> g | ||
| CVE-2024-27073 | — | < 1-150500.11.3.1 | 1-150500.11.3.1 | May 1, 2024 | In the Linux kernel, the following vulnerability has been resolved: media: ttpci: fix two memleaks in budget_av_attach When saa7146_register_device and saa7146_vv_init fails, budget_av_attach should free the resources it allocates, like the error-handling of ttpci_budget_init d | ||
| CVE-2023-52653 | — | < 1-150500.11.3.1 | 1-150500.11.3.1 | May 1, 2024 | In the Linux kernel, the following vulnerability has been resolved: SUNRPC: fix a memleak in gss_import_v2_context The ctx->mech_used.data allocated by kmemdup is not freed in neither gss_import_v2_context nor it only caller gss_krb5_import_sec_context, which frees ctx on error | ||
| CVE-2022-48669 | — | < 1-150500.11.3.1 | 1-150500.11.3.1 | May 1, 2024 | In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries: Fix potential memleak in papr_get_attr() `buf` is allocated in papr_get_attr(), and krealloc() of `buf` could fail. We need to free the original `buf` in the case of failure. | ||
| CVE-2024-27054 | — | < 1-150500.11.3.1 | 1-150500.11.3.1 | May 1, 2024 | In the Linux kernel, the following vulnerability has been resolved: s390/dasd: fix double module refcount decrement Once the discipline is associated with the device, deleting the device takes care of decrementing the module's refcount. Doing it manually on this error path cau | ||
| CVE-2024-27051 | — | < 1-150500.11.3.1 | 1-150500.11.3.1 | May 1, 2024 | In the Linux kernel, the following vulnerability has been resolved: cpufreq: brcmstb-avs-cpufreq: add check for cpufreq_cpu_get's return value cpufreq_cpu_get may return NULL. To avoid NULL-dereference check it and return 0 in case of error. Found by Linux Verification Center | ||
| CVE-2024-27045 | — | < 1-150500.11.3.1 | 1-150500.11.3.1 | May 1, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix a potential buffer overflow in 'dp_dsc_clock_en_read()' Tell snprintf() to store at most 10 bytes in the output buffer instead of 30. Fixes the below: drivers/gpu/drm/amd/amdgpu/../display | ||
| CVE-2024-27037 | — | < 1-150500.11.3.1 | 1-150500.11.3.1 | May 1, 2024 | In the Linux kernel, the following vulnerability has been resolved: clk: zynq: Prevent null pointer dereference caused by kmalloc failure The kmalloc() in zynq_clk_setup() will return null if the physical memory has run out. As a result, if we use snprintf() to write data to th | ||
| CVE-2024-27028 | — | < 1-150500.11.3.1 | 1-150500.11.3.1 | May 1, 2024 | In the Linux kernel, the following vulnerability has been resolved: spi: spi-mt65xx: Fix NULL pointer access in interrupt handler The TX buffer in spi_transfer can be a NULL pointer, so the interrupt handler may end up writing to the invalid memory and cause crashes. Add a che | ||
| CVE-2023-52650 | — | < 1-150500.11.3.1 | 1-150500.11.3.1 | May 1, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/tegra: dsi: Add missing check for of_find_device_by_node Add check for the return value of of_find_device_by_node() and return the error if it fails in order to avoid NULL pointer dereference. | ||
| CVE-2024-27004 | Med | 5.5 | < 1-150500.11.3.1 | 1-150500.11.3.1 | May 1, 2024 | In the Linux kernel, the following vulnerability has been resolved: clk: Get runtime PM before walking tree during disable_unused Doug reported [1] the following hung task: INFO: task swapper/0:1 blocked for more than 122 seconds. Not tainted 5.15.149-21875-gf795ebc40e | |
| CVE-2024-26988 | Hig | 7.8 | < 1-150500.11.3.1 | 1-150500.11.3.1 | May 1, 2024 | In the Linux kernel, the following vulnerability has been resolved: init/main.c: Fix potential static_command_line memory overflow We allocate memory of size 'xlen + strlen(boot_command_line) + 1' for static_command_line, but the strings copied into static_command_line are extr | |
| CVE-2024-26974 | Hig | 7.0 | < 1-150500.11.3.1 | 1-150500.11.3.1 | May 1, 2024 | In the Linux kernel, the following vulnerability has been resolved: crypto: qat - resolve race condition during AER recovery During the PCI AER system's error recovery process, the kernel driver may encounter a race condition with freeing the reset_data structure's memory. If t | |
| CVE-2024-26958 | Hig | 7.8 | < 1-150500.11.3.1 | 1-150500.11.3.1 | May 1, 2024 | In the Linux kernel, the following vulnerability has been resolved: nfs: fix UAF in direct writes In production we have been hitting the following warning consistently ------------[ cut here ]------------ refcount_t: underflow; use-after-free. WARNING: CPU: 17 PID: 1800359 at | |
| CVE-2024-26937 | Med | 5.5 | < 1-150500.11.3.1 | 1-150500.11.3.1 | May 1, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/i915/gt: Reset queue_priority_hint on parking Originally, with strict in order execution, we could complete execution only when the queue was empty. Preempt-to-busy allows replacement of an active request t | |
| CVE-2024-26935 | Med | 5.5 | < 1-150500.11.3.1 | 1-150500.11.3.1 | May 1, 2024 | In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix unremoved procfs host directory regression Commit fc663711b944 ("scsi: core: Remove the /proc/scsi/${proc_name} directory earlier") fixed a bug related to modules loading/unloading, by adding a | |
| CVE-2024-26934 | Hig | 7.8 | < 1-150500.11.3.1 | 1-150500.11.3.1 | May 1, 2024 | In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix deadlock in usb_deauthorize_interface() Among the attribute file callback routines in drivers/usb/core/sysfs.c, the interface_authorized_store() function is the only one which acquires a device l | |
| CVE-2024-27008 | — | < 1-150500.11.3.1 | 1-150500.11.3.1 | May 1, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm: nv04: Fix out of bounds access When Output Resource (dcb->or) value is assigned in fabricate_dcb_output(), there may be out of bounds access to dac_users array in case dcb->or is zero because ffs(dcb->or) | ||
| CVE-2024-27001 | — | < 1-150500.11.3.1 | 1-150500.11.3.1 | May 1, 2024 | In the Linux kernel, the following vulnerability has been resolved: comedi: vmk80xx: fix incomplete endpoint checking While vmk80xx does have endpoint checking implemented, some things can fall through the cracks. Depending on the hardware model, URBs can have either bulk or in |
- CVE-2024-27075May 1, 2024affected < 1-150500.11.3.1fixed 1-150500.11.3.1
In the Linux kernel, the following vulnerability has been resolved: media: dvb-frontends: avoid stack overflow warnings with clang A previous patch worked around a KASAN issue in stv0367, now a similar problem showed up with clang: drivers/media/dvb-frontends/stv0367.c:1222:12
- CVE-2024-27074May 1, 2024affected < 1-150500.11.3.1fixed 1-150500.11.3.1
In the Linux kernel, the following vulnerability has been resolved: media: go7007: fix a memleak in go7007_load_encoder In go7007_load_encoder, bounce(i.e. go->boot_fw), is allocated without a deallocation thereafter. After the following call chain: saa7134_go7007_init |-> g
- CVE-2024-27073May 1, 2024affected < 1-150500.11.3.1fixed 1-150500.11.3.1
In the Linux kernel, the following vulnerability has been resolved: media: ttpci: fix two memleaks in budget_av_attach When saa7146_register_device and saa7146_vv_init fails, budget_av_attach should free the resources it allocates, like the error-handling of ttpci_budget_init d
- CVE-2023-52653May 1, 2024affected < 1-150500.11.3.1fixed 1-150500.11.3.1
In the Linux kernel, the following vulnerability has been resolved: SUNRPC: fix a memleak in gss_import_v2_context The ctx->mech_used.data allocated by kmemdup is not freed in neither gss_import_v2_context nor it only caller gss_krb5_import_sec_context, which frees ctx on error
- CVE-2022-48669May 1, 2024affected < 1-150500.11.3.1fixed 1-150500.11.3.1
In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries: Fix potential memleak in papr_get_attr() `buf` is allocated in papr_get_attr(), and krealloc() of `buf` could fail. We need to free the original `buf` in the case of failure.
- CVE-2024-27054May 1, 2024affected < 1-150500.11.3.1fixed 1-150500.11.3.1
In the Linux kernel, the following vulnerability has been resolved: s390/dasd: fix double module refcount decrement Once the discipline is associated with the device, deleting the device takes care of decrementing the module's refcount. Doing it manually on this error path cau
- CVE-2024-27051May 1, 2024affected < 1-150500.11.3.1fixed 1-150500.11.3.1
In the Linux kernel, the following vulnerability has been resolved: cpufreq: brcmstb-avs-cpufreq: add check for cpufreq_cpu_get's return value cpufreq_cpu_get may return NULL. To avoid NULL-dereference check it and return 0 in case of error. Found by Linux Verification Center
- CVE-2024-27045May 1, 2024affected < 1-150500.11.3.1fixed 1-150500.11.3.1
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix a potential buffer overflow in 'dp_dsc_clock_en_read()' Tell snprintf() to store at most 10 bytes in the output buffer instead of 30. Fixes the below: drivers/gpu/drm/amd/amdgpu/../display
- CVE-2024-27037May 1, 2024affected < 1-150500.11.3.1fixed 1-150500.11.3.1
In the Linux kernel, the following vulnerability has been resolved: clk: zynq: Prevent null pointer dereference caused by kmalloc failure The kmalloc() in zynq_clk_setup() will return null if the physical memory has run out. As a result, if we use snprintf() to write data to th
- CVE-2024-27028May 1, 2024affected < 1-150500.11.3.1fixed 1-150500.11.3.1
In the Linux kernel, the following vulnerability has been resolved: spi: spi-mt65xx: Fix NULL pointer access in interrupt handler The TX buffer in spi_transfer can be a NULL pointer, so the interrupt handler may end up writing to the invalid memory and cause crashes. Add a che
- CVE-2023-52650May 1, 2024affected < 1-150500.11.3.1fixed 1-150500.11.3.1
In the Linux kernel, the following vulnerability has been resolved: drm/tegra: dsi: Add missing check for of_find_device_by_node Add check for the return value of of_find_device_by_node() and return the error if it fails in order to avoid NULL pointer dereference.
- affected < 1-150500.11.3.1fixed 1-150500.11.3.1
In the Linux kernel, the following vulnerability has been resolved: clk: Get runtime PM before walking tree during disable_unused Doug reported [1] the following hung task: INFO: task swapper/0:1 blocked for more than 122 seconds. Not tainted 5.15.149-21875-gf795ebc40e
- affected < 1-150500.11.3.1fixed 1-150500.11.3.1
In the Linux kernel, the following vulnerability has been resolved: init/main.c: Fix potential static_command_line memory overflow We allocate memory of size 'xlen + strlen(boot_command_line) + 1' for static_command_line, but the strings copied into static_command_line are extr
- affected < 1-150500.11.3.1fixed 1-150500.11.3.1
In the Linux kernel, the following vulnerability has been resolved: crypto: qat - resolve race condition during AER recovery During the PCI AER system's error recovery process, the kernel driver may encounter a race condition with freeing the reset_data structure's memory. If t
- affected < 1-150500.11.3.1fixed 1-150500.11.3.1
In the Linux kernel, the following vulnerability has been resolved: nfs: fix UAF in direct writes In production we have been hitting the following warning consistently ------------[ cut here ]------------ refcount_t: underflow; use-after-free. WARNING: CPU: 17 PID: 1800359 at
- affected < 1-150500.11.3.1fixed 1-150500.11.3.1
In the Linux kernel, the following vulnerability has been resolved: drm/i915/gt: Reset queue_priority_hint on parking Originally, with strict in order execution, we could complete execution only when the queue was empty. Preempt-to-busy allows replacement of an active request t
- affected < 1-150500.11.3.1fixed 1-150500.11.3.1
In the Linux kernel, the following vulnerability has been resolved: scsi: core: Fix unremoved procfs host directory regression Commit fc663711b944 ("scsi: core: Remove the /proc/scsi/${proc_name} directory earlier") fixed a bug related to modules loading/unloading, by adding a
- affected < 1-150500.11.3.1fixed 1-150500.11.3.1
In the Linux kernel, the following vulnerability has been resolved: USB: core: Fix deadlock in usb_deauthorize_interface() Among the attribute file callback routines in drivers/usb/core/sysfs.c, the interface_authorized_store() function is the only one which acquires a device l
- CVE-2024-27008May 1, 2024affected < 1-150500.11.3.1fixed 1-150500.11.3.1
In the Linux kernel, the following vulnerability has been resolved: drm: nv04: Fix out of bounds access When Output Resource (dcb->or) value is assigned in fabricate_dcb_output(), there may be out of bounds access to dac_users array in case dcb->or is zero because ffs(dcb->or)
- CVE-2024-27001May 1, 2024affected < 1-150500.11.3.1fixed 1-150500.11.3.1
In the Linux kernel, the following vulnerability has been resolved: comedi: vmk80xx: fix incomplete endpoint checking While vmk80xx does have endpoint checking implemented, some things can fall through the cracks. Depending on the hardware model, URBs can have either bulk or in
Page 24 of 29