VYPR

rpm package

suse/kernel-livepatch-SLE15-SP5-RT_Update_17&distro=SUSE Linux Enterprise Live Patching 15 SP5

pkg:rpm/suse/kernel-livepatch-SLE15-SP5-RT_Update_17&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP5

Vulnerabilities (252)

  • CVE-2023-52835HigMay 21, 2024
    affected < 1-150500.11.3.1fixed 1-150500.11.3.1

    In the Linux kernel, the following vulnerability has been resolved: perf/core: Bail out early if the request AUX area is out of bound When perf-record with a large AUX area, e.g 4GB, it fails with: #perf record -C 0 -m ,4G -e arm_spe_0// -- sleep 1 failed to mmap with

  • CVE-2023-52800MedMay 21, 2024
    affected < 1-150500.11.3.1fixed 1-150500.11.3.1

    In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: fix htt pktlog locking The ath11k active pdevs are protected by RCU but the htt pktlog handling code calling ath11k_mac_get_ar_by_pdev_id() was not marked as a read-side critical section. Mark th

  • CVE-2023-52787MedMay 21, 2024
    affected < 1-150500.11.3.1fixed 1-150500.11.3.1

    In the Linux kernel, the following vulnerability has been resolved: blk-mq: make sure active queue usage is held for bio_integrity_prep() blk_integrity_unregister() can come if queue usage counter isn't held for one bio with integrity prepared, so this request may be completed

  • CVE-2023-52784MedMay 21, 2024
    affected < 1-150500.11.3.1fixed 1-150500.11.3.1

    In the Linux kernel, the following vulnerability has been resolved: bonding: stop the device in bond_setup_by_slave() Commit 9eed321cde22 ("net: lapbether: only support ethernet devices") has been able to keep syzbot away from net/lapb, until today. In the following splat [1],

  • CVE-2023-52766HigMay 21, 2024
    affected < 1-150500.11.3.1fixed 1-150500.11.3.1

    In the Linux kernel, the following vulnerability has been resolved: i3c: mipi-i3c-hci: Fix out of bounds access in hci_dma_irq_handler Do not loop over ring headers in hci_dma_irq_handler() that are not allocated and enabled in hci_dma_init(). Otherwise out of bounds access wil

  • CVE-2023-52752HigMay 21, 2024
    affected < 1-150500.11.3.1fixed 1-150500.11.3.1

    In the Linux kernel, the following vulnerability has been resolved: smb: client: fix use-after-free bug in cifs_debug_data_proc_show() Skip SMB sessions that are being teared down (e.g. @ses->ses_status == SES_EXITING) in cifs_debug_data_proc_show() to avoid use-after-free in @

  • CVE-2023-52737MedMay 21, 2024
    affected < 1-150500.11.3.1fixed 1-150500.11.3.1

    In the Linux kernel, the following vulnerability has been resolved: btrfs: lock the inode in shared mode before starting fiemap Currently fiemap does not take the inode's lock (VFS lock), it only locks a file range in the inode's io tree. This however can lead to a deadlock if

  • CVE-2023-52735CriMay 21, 2024
    affected < 1-150500.11.3.1fixed 1-150500.11.3.1

    In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Don't let sock_map_{close,destroy,unhash} call itself sock_map proto callbacks should never call themselves by design. Protect against bugs like [1] and break out of the recursive loop to avoid a

  • CVE-2021-47432MedMay 21, 2024
    affected < 1-150500.11.3.1fixed 1-150500.11.3.1

    In the Linux kernel, the following vulnerability has been resolved: lib/generic-radix-tree.c: Don't overflow in peek() When we started spreading new inode numbers throughout most of the 64 bit inode space, that triggered some corner case bugs, in particular some integer overflo

  • CVE-2024-36008MedMay 20, 2024
    affected < 1-150500.11.3.1fixed 1-150500.11.3.1

    In the Linux kernel, the following vulnerability has been resolved: ipv4: check for NULL idev in ip_route_use_hint() syzbot was able to trigger a NULL deref in fib_validate_source() in an old tree [1]. It appears the bug exists in latest trees. All calls to __in_dev_get_rcu()

  • CVE-2024-36005MedMay 20, 2024
    affected < 1-150500.11.3.1fixed 1-150500.11.3.1

    In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: honor table dormant flag from netdev release event path Check for table dormant flag otherwise netdev release event path tries to unregister an already unregistered hook. [524854.857999]

  • CVE-2024-35997MedMay 20, 2024
    affected < 1-150500.11.3.1fixed 1-150500.11.3.1

    In the Linux kernel, the following vulnerability has been resolved: HID: i2c-hid: remove I2C_HID_READ_PENDING flag to prevent lock-up The flag I2C_HID_READ_PENDING is used to serialize I2C operations. However, this is not necessary, because I2C core already has its own locking

  • CVE-2024-35962MedMay 20, 2024
    affected < 1-150500.11.3.1fixed 1-150500.11.3.1

    In the Linux kernel, the following vulnerability has been resolved: netfilter: complete validation of user input In my recent commit, I missed that do_replace() handlers use copy_from_sockptr() (which I fixed), followed by unsafe copy_from_sockptr_offset() calls. In all functi

  • CVE-2024-35960CriMay 20, 2024
    affected < 1-150500.11.3.1fixed 1-150500.11.3.1

    In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Properly link new fs rules into the tree Previously, add_rule_fg would only add newly created rules from the handle into the tree when they had a refcount of 1. On the other hand, create_flow_handle t

  • CVE-2024-35958MedMay 20, 2024
    affected < 1-150500.11.3.1fixed 1-150500.11.3.1

    In the Linux kernel, the following vulnerability has been resolved: net: ena: Fix incorrect descriptor free behavior ENA has two types of TX queues: - queues which only process TX packets arriving from the network stack - queues which only process TX packets forwarded to it by

  • CVE-2024-35956MedMay 20, 2024
    affected < 1-150500.11.3.1fixed 1-150500.11.3.1

    In the Linux kernel, the following vulnerability has been resolved: btrfs: qgroup: fix qgroup prealloc rsv leak in subvolume operations Create subvolume, create snapshot and delete subvolume all use btrfs_subvolume_reserve_metadata() to reserve metadata for the changes done to

  • CVE-2024-35950MedMay 20, 2024
    affected < 1-150500.11.3.1fixed 1-150500.11.3.1

    In the Linux kernel, the following vulnerability has been resolved: drm/client: Fully protect modes[] with dev->mode_config.mutex The modes[] array contains pointers to modes on the connectors' mode lists, which are protected by dev->mode_config.mutex. Thus we need to extend mo

  • CVE-2024-35949HigMay 20, 2024
    affected < 4-150500.11.6.1fixed 4-150500.11.6.1

    In the Linux kernel, the following vulnerability has been resolved: btrfs: make sure that WRITTEN is set on all metadata blocks We previously would call btrfs_check_leaf() if we had the check integrity code enabled, which meant that we could only run the extended leaf checks if

  • CVE-2024-35925MedMay 19, 2024
    affected < 1-150500.11.3.1fixed 1-150500.11.3.1

    In the Linux kernel, the following vulnerability has been resolved: block: prevent division by zero in blk_rq_stat_sum() The expression dst->nr_samples + src->nr_samples may have zero value on overflow. It is necessary to add a check to avoid division by zero. Found by Linux V

  • CVE-2024-35905HigMay 19, 2024
    affected < 1-150500.11.3.1fixed 1-150500.11.3.1

    In the Linux kernel, the following vulnerability has been resolved: bpf: Protect against int overflow for stack access size This patch re-introduces protection against the size of access to stack memory being negative; the access size can appear negative as a result of overflow