rpm package
suse/kernel-livepatch-SLE15-SP5_Update_13&distro=SUSE Linux Enterprise Live Patching 15 SP5
pkg:rpm/suse/kernel-livepatch-SLE15-SP5_Update_13&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP5
Vulnerabilities (255)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-26687 | — | < 1-150500.11.3.2 | 1-150500.11.3.2 | Apr 3, 2024 | In the Linux kernel, the following vulnerability has been resolved: xen/events: close evtchn after mapping cleanup shutdown_pirq and startup_pirq are not taking the irq_mapping_update_lock because they can't due to lock inversion. Both are called with the irq_desc->lock being t | ||
| CVE-2024-26685 | — | < 1-150500.11.3.2 | 1-150500.11.3.2 | Apr 3, 2024 | In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential bug in end_buffer_async_write According to a syzbot report, end_buffer_async_write(), which handles the completion of block device writes, may detect abnormal condition of the buffer async | ||
| CVE-2024-26684 | — | < 1-150500.11.3.2 | 1-150500.11.3.2 | Apr 2, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: stmmac: xgmac: fix handling of DPP safety error for DMA channels Commit 56e58d6c8a56 ("net: stmmac: Implement Safety Features in XGMAC core") checks and reports safety errors, but leaves the Data Path Pari | ||
| CVE-2024-26681 | — | < 1-150500.11.3.2 | 1-150500.11.3.2 | Apr 2, 2024 | In the Linux kernel, the following vulnerability has been resolved: netdevsim: avoid potential loop in nsim_dev_trap_report_work() Many syzbot reports include the following trace [1] If nsim_dev_trap_report_work() can not grab the mutex, it should rearm itself at least one jif | ||
| CVE-2024-26680 | — | < 1-150500.11.3.2 | 1-150500.11.3.2 | Apr 2, 2024 | In the Linux kernel, the following vulnerability has been resolved: net: atlantic: Fix DMA mapping for PTP hwts ring Function aq_ring_hwts_rx_alloc() maps extra AQ_CFG_RXDS_DEF bytes for PTP HWTS ring but then generic aq_ring_free() does not take this into account. Create and u | ||
| CVE-2024-26675 | — | < 1-150500.11.3.2 | 1-150500.11.3.2 | Apr 2, 2024 | In the Linux kernel, the following vulnerability has been resolved: ppp_async: limit MRU to 64K syzbot triggered a warning [1] in __alloc_pages(): WARN_ON_ONCE_GFP(order > MAX_PAGE_ORDER, gfp) Willem fixed a similar issue in commit c0a2a1b0d631 ("ppp: limit MRU to 64K") Adop | ||
| CVE-2023-52636 | — | < 1-150500.11.3.2 | 1-150500.11.3.2 | Apr 2, 2024 | In the Linux kernel, the following vulnerability has been resolved: libceph: just wait for more data to be available on the socket A short read may occur while reading the message footer from the socket. Later, when the socket is ready for another read, the messenger invokes a | ||
| CVE-2024-26673 | — | < 1-150500.11.3.2 | 1-150500.11.3.2 | Apr 2, 2024 | In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations - Disallow families other than NFPROTO_{IPV4,IPV6,INET}. - Disallow layer 4 protocol with no ports, since destination port is a | ||
| CVE-2024-26671 | — | < 1-150500.11.3.2 | 1-150500.11.3.2 | Apr 2, 2024 | In the Linux kernel, the following vulnerability has been resolved: blk-mq: fix IO hang from sbitmap wakeup race In blk_mq_mark_tag_wait(), __add_wait_queue() may be re-ordered with the following blk_mq_get_driver_tag() in case of getting driver tag failure. Then in __sbitmap_ | ||
| CVE-2023-52635 | — | < 1-150500.11.3.2 | 1-150500.11.3.2 | Apr 2, 2024 | In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: Synchronize devfreq_monitor_[start/stop] There is a chance if a frequent switch of the governor done in a loop result in timer list corruption where timer cancel being done from two place one from | ||
| CVE-2024-26660 | — | < 1-150500.11.3.2 | 1-150500.11.3.2 | Apr 2, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Implement bounds check for stream encoder creation in DCN301 'stream_enc_regs' array is an array of dcn10_stream_enc_registers structures. The array is initialized with four elements, correspon | ||
| CVE-2024-26656 | — | < 1-150500.11.3.2 | 1-150500.11.3.2 | Apr 2, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix use-after-free bug The bug can be triggered by sending a single amdgpu_gem_userptr_ioctl to the AMDGPU DRM driver on any ASICs with an invalid address and size. The bug was reported by Joonkyo J | ||
| CVE-2023-52627 | — | < 1-150500.11.3.2 | 1-150500.11.3.2 | Mar 26, 2024 | In the Linux kernel, the following vulnerability has been resolved: iio: adc: ad7091r: Allow users to configure device events AD7091R-5 devices are supported by the ad7091r-5 driver together with the ad7091r-base driver. Those drivers declared iio events for notifying user spac | ||
| CVE-2023-52620 | Low | 2.5 | < 1-150500.11.3.2 | 1-150500.11.3.2 | Mar 21, 2024 | In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: disallow timeout for anonymous sets Never used from userspace, disallow these parameters. | |
| CVE-2023-52614 | Hig | 7.8 | < 1-150500.11.3.2 | 1-150500.11.3.2 | Mar 18, 2024 | In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: Fix buffer overflow in trans_stat_show Fix buffer overflow in trans_stat_show(). Convert simple snprintf to the more secure scnprintf with size of PAGE_SIZE. Add condition checking if we are exc | |
| CVE-2023-52616 | — | < 1-150500.11.3.2 | 1-150500.11.3.2 | Mar 18, 2024 | In the Linux kernel, the following vulnerability has been resolved: crypto: lib/mpi - Fix unexpected pointer access in mpi_ec_init When the mpi_ec_ctx structure is initialized, some fields are not cleared, causing a crash when referencing the field when the structure was releas | ||
| CVE-2023-52593 | — | < 1-150500.11.3.2 | 1-150500.11.3.2 | Mar 6, 2024 | In the Linux kernel, the following vulnerability has been resolved: wifi: wfx: fix possible NULL pointer dereference in wfx_set_mfp_ap() Since 'ieee80211_beacon_get()' can return NULL, 'wfx_set_mfp_ap()' should check the return value before examining skb data. So convert the la | ||
| CVE-2023-52591 | — | < 1-150500.11.3.2 | 1-150500.11.3.2 | Mar 6, 2024 | In the Linux kernel, the following vulnerability has been resolved: reiserfs: Avoid touching renamed directory if parent does not change The VFS will not be locking moved directory if its parent does not change. Change reiserfs rename code to avoid touching renamed directory if | ||
| CVE-2023-52590 | — | < 1-150500.11.3.2 | 1-150500.11.3.2 | Mar 6, 2024 | In the Linux kernel, the following vulnerability has been resolved: ocfs2: Avoid touching renamed directory if parent does not change The VFS will not be locking moved directory if its parent does not change. Change ocfs2 rename code to avoid touching renamed directory if its p | ||
| CVE-2023-52589 | — | < 1-150500.11.3.2 | 1-150500.11.3.2 | Mar 6, 2024 | In the Linux kernel, the following vulnerability has been resolved: media: rkisp1: Fix IRQ disable race issue In rkisp1_isp_stop() and rkisp1_csi_disable() the driver masks the interrupts and then apparently assumes that the interrupt handler won't be running, and proceeds in t |
- CVE-2024-26687Apr 3, 2024affected < 1-150500.11.3.2fixed 1-150500.11.3.2
In the Linux kernel, the following vulnerability has been resolved: xen/events: close evtchn after mapping cleanup shutdown_pirq and startup_pirq are not taking the irq_mapping_update_lock because they can't due to lock inversion. Both are called with the irq_desc->lock being t
- CVE-2024-26685Apr 3, 2024affected < 1-150500.11.3.2fixed 1-150500.11.3.2
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix potential bug in end_buffer_async_write According to a syzbot report, end_buffer_async_write(), which handles the completion of block device writes, may detect abnormal condition of the buffer async
- CVE-2024-26684Apr 2, 2024affected < 1-150500.11.3.2fixed 1-150500.11.3.2
In the Linux kernel, the following vulnerability has been resolved: net: stmmac: xgmac: fix handling of DPP safety error for DMA channels Commit 56e58d6c8a56 ("net: stmmac: Implement Safety Features in XGMAC core") checks and reports safety errors, but leaves the Data Path Pari
- CVE-2024-26681Apr 2, 2024affected < 1-150500.11.3.2fixed 1-150500.11.3.2
In the Linux kernel, the following vulnerability has been resolved: netdevsim: avoid potential loop in nsim_dev_trap_report_work() Many syzbot reports include the following trace [1] If nsim_dev_trap_report_work() can not grab the mutex, it should rearm itself at least one jif
- CVE-2024-26680Apr 2, 2024affected < 1-150500.11.3.2fixed 1-150500.11.3.2
In the Linux kernel, the following vulnerability has been resolved: net: atlantic: Fix DMA mapping for PTP hwts ring Function aq_ring_hwts_rx_alloc() maps extra AQ_CFG_RXDS_DEF bytes for PTP HWTS ring but then generic aq_ring_free() does not take this into account. Create and u
- CVE-2024-26675Apr 2, 2024affected < 1-150500.11.3.2fixed 1-150500.11.3.2
In the Linux kernel, the following vulnerability has been resolved: ppp_async: limit MRU to 64K syzbot triggered a warning [1] in __alloc_pages(): WARN_ON_ONCE_GFP(order > MAX_PAGE_ORDER, gfp) Willem fixed a similar issue in commit c0a2a1b0d631 ("ppp: limit MRU to 64K") Adop
- CVE-2023-52636Apr 2, 2024affected < 1-150500.11.3.2fixed 1-150500.11.3.2
In the Linux kernel, the following vulnerability has been resolved: libceph: just wait for more data to be available on the socket A short read may occur while reading the message footer from the socket. Later, when the socket is ready for another read, the messenger invokes a
- CVE-2024-26673Apr 2, 2024affected < 1-150500.11.3.2fixed 1-150500.11.3.2
In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_ct: sanitize layer 3 and 4 protocol number in custom expectations - Disallow families other than NFPROTO_{IPV4,IPV6,INET}. - Disallow layer 4 protocol with no ports, since destination port is a
- CVE-2024-26671Apr 2, 2024affected < 1-150500.11.3.2fixed 1-150500.11.3.2
In the Linux kernel, the following vulnerability has been resolved: blk-mq: fix IO hang from sbitmap wakeup race In blk_mq_mark_tag_wait(), __add_wait_queue() may be re-ordered with the following blk_mq_get_driver_tag() in case of getting driver tag failure. Then in __sbitmap_
- CVE-2023-52635Apr 2, 2024affected < 1-150500.11.3.2fixed 1-150500.11.3.2
In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: Synchronize devfreq_monitor_[start/stop] There is a chance if a frequent switch of the governor done in a loop result in timer list corruption where timer cancel being done from two place one from
- CVE-2024-26660Apr 2, 2024affected < 1-150500.11.3.2fixed 1-150500.11.3.2
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Implement bounds check for stream encoder creation in DCN301 'stream_enc_regs' array is an array of dcn10_stream_enc_registers structures. The array is initialized with four elements, correspon
- CVE-2024-26656Apr 2, 2024affected < 1-150500.11.3.2fixed 1-150500.11.3.2
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: fix use-after-free bug The bug can be triggered by sending a single amdgpu_gem_userptr_ioctl to the AMDGPU DRM driver on any ASICs with an invalid address and size. The bug was reported by Joonkyo J
- CVE-2023-52627Mar 26, 2024affected < 1-150500.11.3.2fixed 1-150500.11.3.2
In the Linux kernel, the following vulnerability has been resolved: iio: adc: ad7091r: Allow users to configure device events AD7091R-5 devices are supported by the ad7091r-5 driver together with the ad7091r-base driver. Those drivers declared iio events for notifying user spac
- affected < 1-150500.11.3.2fixed 1-150500.11.3.2
In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: disallow timeout for anonymous sets Never used from userspace, disallow these parameters.
- affected < 1-150500.11.3.2fixed 1-150500.11.3.2
In the Linux kernel, the following vulnerability has been resolved: PM / devfreq: Fix buffer overflow in trans_stat_show Fix buffer overflow in trans_stat_show(). Convert simple snprintf to the more secure scnprintf with size of PAGE_SIZE. Add condition checking if we are exc
- CVE-2023-52616Mar 18, 2024affected < 1-150500.11.3.2fixed 1-150500.11.3.2
In the Linux kernel, the following vulnerability has been resolved: crypto: lib/mpi - Fix unexpected pointer access in mpi_ec_init When the mpi_ec_ctx structure is initialized, some fields are not cleared, causing a crash when referencing the field when the structure was releas
- CVE-2023-52593Mar 6, 2024affected < 1-150500.11.3.2fixed 1-150500.11.3.2
In the Linux kernel, the following vulnerability has been resolved: wifi: wfx: fix possible NULL pointer dereference in wfx_set_mfp_ap() Since 'ieee80211_beacon_get()' can return NULL, 'wfx_set_mfp_ap()' should check the return value before examining skb data. So convert the la
- CVE-2023-52591Mar 6, 2024affected < 1-150500.11.3.2fixed 1-150500.11.3.2
In the Linux kernel, the following vulnerability has been resolved: reiserfs: Avoid touching renamed directory if parent does not change The VFS will not be locking moved directory if its parent does not change. Change reiserfs rename code to avoid touching renamed directory if
- CVE-2023-52590Mar 6, 2024affected < 1-150500.11.3.2fixed 1-150500.11.3.2
In the Linux kernel, the following vulnerability has been resolved: ocfs2: Avoid touching renamed directory if parent does not change The VFS will not be locking moved directory if its parent does not change. Change ocfs2 rename code to avoid touching renamed directory if its p
- CVE-2023-52589Mar 6, 2024affected < 1-150500.11.3.2fixed 1-150500.11.3.2
In the Linux kernel, the following vulnerability has been resolved: media: rkisp1: Fix IRQ disable race issue In rkisp1_isp_stop() and rkisp1_csi_disable() the driver masks the interrupts and then apparently assumes that the interrupt handler won't be running, and proceeds in t
Page 12 of 13