VYPR

rpm package

suse/kernel-livepatch-SLE15-SP5_Update_15&distro=SUSE Linux Enterprise Live Patching 15 SP5

pkg:rpm/suse/kernel-livepatch-SLE15-SP5_Update_15&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP5

Vulnerabilities (588)

  • CVE-2022-48691May 3, 2024
    affected < 1-150500.11.3.1fixed 1-150500.11.3.1

    In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_tables: clean up hook list when offload flags check fails splice back the hook list so nft_chain_release_hook() has a chance to release the hooks. BUG: memory leak unreferenced object 0xffff88810

  • CVE-2022-48689May 3, 2024
    affected < 1-150500.11.3.1fixed 1-150500.11.3.1

    In the Linux kernel, the following vulnerability has been resolved: tcp: TX zerocopy should not sense pfmemalloc status We got a recent syzbot report [1] showing a possible misuse of pfmemalloc page status in TCP zerocopy paths. Indeed, for pages coming from user space or othe

  • CVE-2024-27078MedMay 1, 2024
    affected < 1-150500.11.3.1fixed 1-150500.11.3.1

    In the Linux kernel, the following vulnerability has been resolved: media: v4l2-tpg: fix some memleaks in tpg_alloc In tpg_alloc, resources should be deallocated in each and every error-handling paths, since they are allocated in for statements. Otherwise there would be memleak

  • CVE-2024-27077MedMay 1, 2024
    affected < 1-150500.11.3.1fixed 1-150500.11.3.1

    In the Linux kernel, the following vulnerability has been resolved: media: v4l2-mem2mem: fix a memleak in v4l2_m2m_register_entity The entity->name (i.e. name) is allocated in v4l2_m2m_register_entity but isn't freed in its following error-handling paths. This patch adds such d

  • CVE-2024-27076MedMay 1, 2024
    affected < 1-150500.11.3.1fixed 1-150500.11.3.1

    In the Linux kernel, the following vulnerability has been resolved: media: imx: csc/scaler: fix v4l2_ctrl_handler memory leak Free the memory allocated in v4l2_ctrl_handler_init on release.

  • CVE-2024-27072MedMay 1, 2024
    affected < 1-150500.11.3.1fixed 1-150500.11.3.1

    In the Linux kernel, the following vulnerability has been resolved: media: usbtv: Remove useless locks in usbtv_video_free() Remove locks calls in usbtv_video_free() because are useless and may led to a deadlock as reported here: https://syzkaller.appspot.com/x/bisect.txt?x=166

  • CVE-2024-27059MedMay 1, 2024
    affected < 1-150500.11.3.1fixed 1-150500.11.3.1

    In the Linux kernel, the following vulnerability has been resolved: USB: usb-storage: Prevent divide-by-0 error in isd200_ata_command The isd200 sub-driver in usb-storage uses the HEADS and SECTORS values in the ATA ID information to calculate cylinder and head values when crea

  • CVE-2024-27053CriMay 1, 2024
    affected < 1-150500.11.3.1fixed 1-150500.11.3.1

    In the Linux kernel, the following vulnerability has been resolved: wifi: wilc1000: fix RCU usage in connect path With lockdep enabled, calls to the connect function from cfg802.11 layer lead to the following warning: ============================= WARNING: suspicious RCU usage

  • CVE-2024-27052HigMay 1, 2024
    affected < 1-150500.11.3.1fixed 1-150500.11.3.1

    In the Linux kernel, the following vulnerability has been resolved: wifi: rtl8xxxu: add cancel_work_sync() for c2hcmd_work The workqueue might still be running, when the driver is stopped. To avoid a use-after-free, call cancel_work_sync() in rtl8xxxu_stop().

  • CVE-2024-27047MedMay 1, 2024
    affected < 1-150500.11.3.1fixed 1-150500.11.3.1

    In the Linux kernel, the following vulnerability has been resolved: net: phy: fix phy_get_internal_delay accessing an empty array The phy_get_internal_delay function could try to access to an empty array in the case that the driver is calling phy_get_internal_delay without defi

  • CVE-2024-27388May 1, 2024
    affected < 1-150500.11.3.1fixed 1-150500.11.3.1

    In the Linux kernel, the following vulnerability has been resolved: SUNRPC: fix some memleaks in gssx_dec_option_array The creds and oa->data need to be freed in the error-handling paths after their allocation. So this patch add these deallocations in the corresponding paths.

  • CVE-2024-27075May 1, 2024
    affected < 1-150500.11.3.1fixed 1-150500.11.3.1

    In the Linux kernel, the following vulnerability has been resolved: media: dvb-frontends: avoid stack overflow warnings with clang A previous patch worked around a KASAN issue in stv0367, now a similar problem showed up with clang: drivers/media/dvb-frontends/stv0367.c:1222:12

  • CVE-2024-27074May 1, 2024
    affected < 1-150500.11.3.1fixed 1-150500.11.3.1

    In the Linux kernel, the following vulnerability has been resolved: media: go7007: fix a memleak in go7007_load_encoder In go7007_load_encoder, bounce(i.e. go->boot_fw), is allocated without a deallocation thereafter. After the following call chain: saa7134_go7007_init |-> g

  • CVE-2024-27073May 1, 2024
    affected < 1-150500.11.3.1fixed 1-150500.11.3.1

    In the Linux kernel, the following vulnerability has been resolved: media: ttpci: fix two memleaks in budget_av_attach When saa7146_register_device and saa7146_vv_init fails, budget_av_attach should free the resources it allocates, like the error-handling of ttpci_budget_init d

  • CVE-2023-52653May 1, 2024
    affected < 1-150500.11.3.1fixed 1-150500.11.3.1

    In the Linux kernel, the following vulnerability has been resolved: SUNRPC: fix a memleak in gss_import_v2_context The ctx->mech_used.data allocated by kmemdup is not freed in neither gss_import_v2_context nor it only caller gss_krb5_import_sec_context, which frees ctx on error

  • CVE-2022-48669May 1, 2024
    affected < 1-150500.11.3.1fixed 1-150500.11.3.1

    In the Linux kernel, the following vulnerability has been resolved: powerpc/pseries: Fix potential memleak in papr_get_attr() `buf` is allocated in papr_get_attr(), and krealloc() of `buf` could fail. We need to free the original `buf` in the case of failure.

  • CVE-2024-27054May 1, 2024
    affected < 1-150500.11.3.1fixed 1-150500.11.3.1

    In the Linux kernel, the following vulnerability has been resolved: s390/dasd: fix double module refcount decrement Once the discipline is associated with the device, deleting the device takes care of decrementing the module's refcount. Doing it manually on this error path cau

  • CVE-2024-27051May 1, 2024
    affected < 1-150500.11.3.1fixed 1-150500.11.3.1

    In the Linux kernel, the following vulnerability has been resolved: cpufreq: brcmstb-avs-cpufreq: add check for cpufreq_cpu_get's return value cpufreq_cpu_get may return NULL. To avoid NULL-dereference check it and return 0 in case of error. Found by Linux Verification Center

  • CVE-2024-27045May 1, 2024
    affected < 1-150500.11.3.1fixed 1-150500.11.3.1

    In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix a potential buffer overflow in 'dp_dsc_clock_en_read()' Tell snprintf() to store at most 10 bytes in the output buffer instead of 30. Fixes the below: drivers/gpu/drm/amd/amdgpu/../display

  • CVE-2024-27037May 1, 2024
    affected < 1-150500.11.3.1fixed 1-150500.11.3.1

    In the Linux kernel, the following vulnerability has been resolved: clk: zynq: Prevent null pointer dereference caused by kmalloc failure The kmalloc() in zynq_clk_setup() will return null if the physical memory has run out. As a result, if we use snprintf() to write data to th

Page 25 of 30