VYPR

rpm package

suse/kernel-livepatch-SLE15-SP5-RT_Update_19&distro=SUSE Linux Enterprise Live Patching 15 SP5

pkg:rpm/suse/kernel-livepatch-SLE15-SP5-RT_Update_19&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP5

Vulnerabilities (286)

  • CVE-2024-35902MedMay 19, 2024
    affected < 1-150500.11.3.2fixed 1-150500.11.3.2

    In the Linux kernel, the following vulnerability has been resolved: net/rds: fix possible cp null dereference cp might be null, calling cp->cp_conn would produce null dereference [Simon Horman adds:] Analysis: * cp is a parameter of __rds_rdma_map and is not reassigned. * T

  • CVE-2024-35897MedMay 19, 2024
    affected < 1-150500.11.3.2fixed 1-150500.11.3.2

    In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: discard table flag update with pending basechain deletion Hook unregistration is deferred to the commit phase, same occurs with hook updates triggered by the table dormant flag. When both

  • CVE-2024-27403May 17, 2024
    affected < 1-150500.11.3.2fixed 1-150500.11.3.2

    In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_flow_offload: reset dst in route object after setting up flow dst is transferred to the flow object, route object does not own it anymore. Reset dst in route object, otherwise if flow_offload_ad

  • CVE-2024-27024HigMay 1, 2024
    affected < 1-150500.11.3.2fixed 1-150500.11.3.2

    In the Linux kernel, the following vulnerability has been resolved: net/rds: fix WARNING in rds_conn_connect_if_down If connection isn't established yet, get_mr() will fail, trigger connection after get_mr().

  • CVE-2024-27079May 1, 2024
    affected < 1-150500.11.3.2fixed 1-150500.11.3.2

    In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Fix NULL domain on device release In the kdump kernel, the IOMMU operates in deferred_attach mode. In this mode, info->domain may not yet be assigned by the time the release_device function is calle

  • CVE-2024-27016May 1, 2024
    affected < 1-150500.11.3.2fixed 1-150500.11.3.2

    In the Linux kernel, the following vulnerability has been resolved: netfilter: flowtable: validate pppoe header Ensure there is sufficient room to access the protocol field of the PPPoe header. Validate it once before the flowtable lookup, then use a helper function to access p

  • CVE-2024-27011May 1, 2024
    affected < 1-150500.11.3.2fixed 1-150500.11.3.2

    In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fix memleak in map from abort path The delete set command does not rely on the transaction object for element removal, therefore, a combination of delete element + delete set from the abor

  • CVE-2024-27010May 1, 2024
    affected < 1-150500.11.3.2fixed 1-150500.11.3.2

    In the Linux kernel, the following vulnerability has been resolved: net/sched: Fix mirred deadlock on device recursion When the mirred action is used on a classful egress qdisc and a packet is mirrored or redirected to self we hit a qdisc lock deadlock. See trace below. [.....

  • CVE-2022-48645Apr 28, 2024
    affected < 1-150500.11.3.2fixed 1-150500.11.3.2

    In the Linux kernel, the following vulnerability has been resolved: net: enetc: deny offload of tc-based TSN features on VF interfaces TSN features on the ENETC (taprio, cbs, gate, police) are configured through a mix of command BD ring messages and port registers: enetc_port_r

  • CVE-2024-26851MedApr 17, 2024
    affected < 1-150500.11.3.2fixed 1-150500.11.3.2

    In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_conntrack_h323: Add protection for bmp length out of range UBSAN load reports an exception of BRK#5515 SHIFT_ISSUE:Bitwise shifts that are out of bounds for their data type. vmlinux get_bitmap(

  • CVE-2024-26835Apr 17, 2024
    affected < 1-150500.11.3.2fixed 1-150500.11.3.2

    In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: set dormant flag on hook register failure We need to set the dormant flag again if we fail to register the hooks. During memory pressure hook registration can fail and we end up with a ta

  • CVE-2024-26812MedApr 5, 2024
    affected < 1-150500.11.3.2fixed 1-150500.11.3.2

    In the Linux kernel, the following vulnerability has been resolved: vfio/pci: Create persistent INTx handler A vulnerability exists where the eventfd for INTx signaling can be deconfigured, which unregisters the IRQ handler but still allows eventfds to be signaled with a NULL c

  • CVE-2024-26808Apr 4, 2024
    affected < 1-150500.11.3.2fixed 1-150500.11.3.2

    In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_chain_filter: handle NETDEV_UNREGISTER for inet/ingress basechain Remove netdevice from inet/ingress basechain in case NETDEV_UNREGISTER event is reported, otherwise a stale reference to netdevic

  • CVE-2024-26735Apr 3, 2024
    affected < 1-150500.11.3.2fixed 1-150500.11.3.2

    In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: fix possible use-after-free and null-ptr-deref The pernet operations structure for the subsystem must be registered before registering the generic netlink family.

  • CVE-2024-26677Apr 2, 2024
    affected < 1-150500.11.3.2fixed 1-150500.11.3.2

    In the Linux kernel, the following vulnerability has been resolved: rxrpc: Fix delayed ACKs to not set the reference serial number Fix the construction of delayed ACKs to not set the reference serial number as they can't be used as an RTT reference.

  • CVE-2024-26669Apr 2, 2024
    affected < 1-150500.11.3.2fixed 1-150500.11.3.2

    In the Linux kernel, the following vulnerability has been resolved: net/sched: flower: Fix chain template offload When a qdisc is deleted from a net device the stack instructs the underlying driver to remove its flow offload callback from the associated filter block using the '

  • CVE-2024-26668Apr 2, 2024
    affected < 1-150500.11.3.2fixed 1-150500.11.3.2

    In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_limit: reject configurations that cause integer overflow Reject bogus configs where internal token counter wraps around. This only occurs with very very large requests, such as 17gbyte/s. Its be

  • CVE-2024-26631Mar 18, 2024
    affected < 1-150500.11.3.2fixed 1-150500.11.3.2

    In the Linux kernel, the following vulnerability has been resolved: ipv6: mcast: fix data-race in ipv6_mc_down / mld_ifc_work idev->mc_ifc_count can be written over without proper locking. Originally found by syzbot [1], fix this issue by encapsulating calls to mld_ifc_stop_wo

  • CVE-2021-47106Mar 4, 2024
    affected < 1-150500.11.3.2fixed 1-150500.11.3.2

    In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fix use-after-free in nft_set_catchall_destroy() We need to use list_for_each_entry_safe() iterator because we can not access @catchall after kfree_rcu() call. syzbot reported: BUG: KASA

  • CVE-2023-52581Mar 2, 2024
    affected < 1-150500.11.3.2fixed 1-150500.11.3.2

    In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: fix memleak when more than 255 elements expired When more than 255 elements expired we're supposed to switch to a new gc container structure. This never happens: u8 type will wrap before

Page 14 of 15