rpm package
suse/kernel-livepatch-SLE15-SP5_Update_19&distro=SUSE Linux Enterprise Live Patching 15 SP5
pkg:rpm/suse/kernel-livepatch-SLE15-SP5_Update_19&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP5
Vulnerabilities (344)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2024-43907 | — | < 1-150500.11.3.2 | 1-150500.11.3.2 | Aug 26, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/pm: Fix the null pointer dereference in apply_state_adjust_rules Check the pointer value to fix potential null pointer dereference | ||
| CVE-2024-43905 | — | < 1-150500.11.3.2 | 1-150500.11.3.2 | Aug 26, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Fix the null pointer dereference for vega10_hwmgr Check return value and conduct null pointer handling to avoid null pointer dereference. | ||
| CVE-2024-43904 | — | < 1-150500.11.3.2 | 1-150500.11.3.2 | Aug 26, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add null checks for 'stream' and 'plane' before dereferencing This commit adds null checks for the 'stream' and 'plane' variables in the dcn30_apply_idle_power_optimizations function. These var | ||
| CVE-2024-43902 | — | < 1-150500.11.3.2 | 1-150500.11.3.2 | Aug 26, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add null checker before passing variables Checks null pointer before passing variables to functions. This fixes 3 NULL_RETURNS issues reported by Coverity. | ||
| CVE-2024-43900 | — | < 1-150500.11.3.2 | 1-150500.11.3.2 | Aug 26, 2024 | In the Linux kernel, the following vulnerability has been resolved: media: xc2028: avoid use-after-free in load_firmware_cb() syzkaller reported use-after-free in load_firmware_cb() [1]. The reason is because the module allocated a struct tuner in tuner_probe(), and then the mo | ||
| CVE-2024-43899 | — | < 1-150500.11.3.2 | 1-150500.11.3.2 | Aug 26, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix null pointer deref in dcn20_resource.c Fixes a hang thats triggered when MPV is run on a DCN401 dGPU: mpv --hwdec=vaapi --vo=gpu --hwdec-codecs=all and then enabling fullscreen playback ( | ||
| CVE-2024-43894 | — | < 1-150500.11.3.2 | 1-150500.11.3.2 | Aug 26, 2024 | In the Linux kernel, the following vulnerability has been resolved: drm/client: fix null pointer dereference in drm_client_modeset_probe In drm_client_modeset_probe(), the return value of drm_mode_duplicate() is assigned to modeset->mode, which will lead to a possible NULL poin | ||
| CVE-2024-43892 | — | < 1-150500.11.3.2 | 1-150500.11.3.2 | Aug 26, 2024 | In the Linux kernel, the following vulnerability has been resolved: memcg: protect concurrent access to mem_cgroup_idr Commit 73f576c04b94 ("mm: memcontrol: fix cgroup creation failure after many small jobs") decoupled the memcg IDs from the CSS ID space to fix the cgroup creat | ||
| CVE-2024-43884 | — | < 1-150500.11.3.2 | 1-150500.11.3.2 | Aug 26, 2024 | In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Add error handling to pair_device() hci_conn_params_add() never checks for a NULL value and could lead to a NULL pointer dereference causing a crash. Fixed by adding error handling in the func | ||
| CVE-2024-43883 | — | < 1-150500.11.3.2 | 1-150500.11.3.2 | Aug 23, 2024 | In the Linux kernel, the following vulnerability has been resolved: usb: vhci-hcd: Do not drop references before new references are gained At a few places the driver carries stale pointers to references that can still be used. Make sure that does not happen. This strictly speak | ||
| CVE-2022-48941 | — | < 1-150500.11.3.2 | 1-150500.11.3.2 | Aug 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: ice: fix concurrent reset and removal of VFs Commit c503e63200c6 ("ice: Stop processing VF messages during teardown") introduced a driver state flag, ICE_VF_DEINIT_IN_PROGRESS, which is intended to prevent some | ||
| CVE-2022-48940 | — | < 1-150500.11.3.2 | 1-150500.11.3.2 | Aug 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: bpf: Fix crash due to incorrect copy_map_value When both bpf_spin_lock and bpf_timer are present in a BPF map value, copy_map_value needs to skirt both objects when copying a value into and out of the map. Howe | ||
| CVE-2022-48939 | — | < 1-150500.11.3.2 | 1-150500.11.3.2 | Aug 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: bpf: Add schedule points in batch ops syzbot reported various soft lockups caused by bpf batch operations. INFO: task kworker/1:1:27 blocked for more than 140 seconds. INFO: task hung in rcu_barrier Nothing | ||
| CVE-2022-48938 | — | < 1-150500.11.3.2 | 1-150500.11.3.2 | Aug 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: CDC-NCM: avoid overflow in sanity checking A broken device may give an extreme offset like 0xFFF0 and a reasonable length for a fragment. In the sanity check as formulated now, this will create an integer overf | ||
| CVE-2022-48937 | — | < 1-150500.11.3.2 | 1-150500.11.3.2 | Aug 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: io_uring: add a schedule point in io_add_buffers() Looping ~65535 times doing kmalloc() calls can trigger soft lockups, especially with DEBUG features (like KASAN). [ 253.536212] watchdog: BUG: soft lockup - | ||
| CVE-2022-48934 | — | < 1-150500.11.3.2 | 1-150500.11.3.2 | Aug 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: nfp: flower: Fix a potential leak in nfp_tunnel_add_shared_mac() ida_simple_get() returns an id between min (0) and max (NFP_MAX_MAC_INDEX) inclusive. So NFP_MAX_MAC_INDEX (0xff) is a valid id. In order for th | ||
| CVE-2022-48932 | — | < 1-150500.11.3.2 | 1-150500.11.3.2 | Aug 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: net/mlx5: DR, Fix slab-out-of-bounds in mlx5_cmd_dr_create_fte When adding a rule with 32 destinations, we hit the following out-of-band access issue: BUG: KASAN: slab-out-of-bounds in mlx5_cmd_dr_create_fte | ||
| CVE-2022-48931 | — | < 1-150500.11.3.2 | 1-150500.11.3.2 | Aug 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: configfs: fix a race in configfs_{,un}register_subsystem() When configfs_register_subsystem() or configfs_unregister_subsystem() is executing link_group() or unlink_group(), it is possible that two processes ad | ||
| CVE-2022-48930 | — | < 1-150500.11.3.2 | 1-150500.11.3.2 | Aug 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: RDMA/ib_srp: Fix a deadlock Remove the flush_workqueue(system_long_wq) call since flushing system_long_wq is deadlock-prone and since that call is redundant with a preceding cancel_work_sync() | ||
| CVE-2022-48929 | — | < 1-150500.11.3.2 | 1-150500.11.3.2 | Aug 22, 2024 | In the Linux kernel, the following vulnerability has been resolved: bpf: Fix crash due to out of bounds access into reg2btf_ids. When commit e6ac2450d6de ("bpf: Support bpf program calling kernel function") added kfunc support, it defined reg2btf_ids as a cheap way to translate |
- CVE-2024-43907Aug 26, 2024affected < 1-150500.11.3.2fixed 1-150500.11.3.2
In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/pm: Fix the null pointer dereference in apply_state_adjust_rules Check the pointer value to fix potential null pointer dereference
- CVE-2024-43905Aug 26, 2024affected < 1-150500.11.3.2fixed 1-150500.11.3.2
In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: Fix the null pointer dereference for vega10_hwmgr Check return value and conduct null pointer handling to avoid null pointer dereference.
- CVE-2024-43904Aug 26, 2024affected < 1-150500.11.3.2fixed 1-150500.11.3.2
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add null checks for 'stream' and 'plane' before dereferencing This commit adds null checks for the 'stream' and 'plane' variables in the dcn30_apply_idle_power_optimizations function. These var
- CVE-2024-43902Aug 26, 2024affected < 1-150500.11.3.2fixed 1-150500.11.3.2
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Add null checker before passing variables Checks null pointer before passing variables to functions. This fixes 3 NULL_RETURNS issues reported by Coverity.
- CVE-2024-43900Aug 26, 2024affected < 1-150500.11.3.2fixed 1-150500.11.3.2
In the Linux kernel, the following vulnerability has been resolved: media: xc2028: avoid use-after-free in load_firmware_cb() syzkaller reported use-after-free in load_firmware_cb() [1]. The reason is because the module allocated a struct tuner in tuner_probe(), and then the mo
- CVE-2024-43899Aug 26, 2024affected < 1-150500.11.3.2fixed 1-150500.11.3.2
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix null pointer deref in dcn20_resource.c Fixes a hang thats triggered when MPV is run on a DCN401 dGPU: mpv --hwdec=vaapi --vo=gpu --hwdec-codecs=all and then enabling fullscreen playback (
- CVE-2024-43894Aug 26, 2024affected < 1-150500.11.3.2fixed 1-150500.11.3.2
In the Linux kernel, the following vulnerability has been resolved: drm/client: fix null pointer dereference in drm_client_modeset_probe In drm_client_modeset_probe(), the return value of drm_mode_duplicate() is assigned to modeset->mode, which will lead to a possible NULL poin
- CVE-2024-43892Aug 26, 2024affected < 1-150500.11.3.2fixed 1-150500.11.3.2
In the Linux kernel, the following vulnerability has been resolved: memcg: protect concurrent access to mem_cgroup_idr Commit 73f576c04b94 ("mm: memcontrol: fix cgroup creation failure after many small jobs") decoupled the memcg IDs from the CSS ID space to fix the cgroup creat
- CVE-2024-43884Aug 26, 2024affected < 1-150500.11.3.2fixed 1-150500.11.3.2
In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Add error handling to pair_device() hci_conn_params_add() never checks for a NULL value and could lead to a NULL pointer dereference causing a crash. Fixed by adding error handling in the func
- CVE-2024-43883Aug 23, 2024affected < 1-150500.11.3.2fixed 1-150500.11.3.2
In the Linux kernel, the following vulnerability has been resolved: usb: vhci-hcd: Do not drop references before new references are gained At a few places the driver carries stale pointers to references that can still be used. Make sure that does not happen. This strictly speak
- CVE-2022-48941Aug 22, 2024affected < 1-150500.11.3.2fixed 1-150500.11.3.2
In the Linux kernel, the following vulnerability has been resolved: ice: fix concurrent reset and removal of VFs Commit c503e63200c6 ("ice: Stop processing VF messages during teardown") introduced a driver state flag, ICE_VF_DEINIT_IN_PROGRESS, which is intended to prevent some
- CVE-2022-48940Aug 22, 2024affected < 1-150500.11.3.2fixed 1-150500.11.3.2
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix crash due to incorrect copy_map_value When both bpf_spin_lock and bpf_timer are present in a BPF map value, copy_map_value needs to skirt both objects when copying a value into and out of the map. Howe
- CVE-2022-48939Aug 22, 2024affected < 1-150500.11.3.2fixed 1-150500.11.3.2
In the Linux kernel, the following vulnerability has been resolved: bpf: Add schedule points in batch ops syzbot reported various soft lockups caused by bpf batch operations. INFO: task kworker/1:1:27 blocked for more than 140 seconds. INFO: task hung in rcu_barrier Nothing
- CVE-2022-48938Aug 22, 2024affected < 1-150500.11.3.2fixed 1-150500.11.3.2
In the Linux kernel, the following vulnerability has been resolved: CDC-NCM: avoid overflow in sanity checking A broken device may give an extreme offset like 0xFFF0 and a reasonable length for a fragment. In the sanity check as formulated now, this will create an integer overf
- CVE-2022-48937Aug 22, 2024affected < 1-150500.11.3.2fixed 1-150500.11.3.2
In the Linux kernel, the following vulnerability has been resolved: io_uring: add a schedule point in io_add_buffers() Looping ~65535 times doing kmalloc() calls can trigger soft lockups, especially with DEBUG features (like KASAN). [ 253.536212] watchdog: BUG: soft lockup -
- CVE-2022-48934Aug 22, 2024affected < 1-150500.11.3.2fixed 1-150500.11.3.2
In the Linux kernel, the following vulnerability has been resolved: nfp: flower: Fix a potential leak in nfp_tunnel_add_shared_mac() ida_simple_get() returns an id between min (0) and max (NFP_MAX_MAC_INDEX) inclusive. So NFP_MAX_MAC_INDEX (0xff) is a valid id. In order for th
- CVE-2022-48932Aug 22, 2024affected < 1-150500.11.3.2fixed 1-150500.11.3.2
In the Linux kernel, the following vulnerability has been resolved: net/mlx5: DR, Fix slab-out-of-bounds in mlx5_cmd_dr_create_fte When adding a rule with 32 destinations, we hit the following out-of-band access issue: BUG: KASAN: slab-out-of-bounds in mlx5_cmd_dr_create_fte
- CVE-2022-48931Aug 22, 2024affected < 1-150500.11.3.2fixed 1-150500.11.3.2
In the Linux kernel, the following vulnerability has been resolved: configfs: fix a race in configfs_{,un}register_subsystem() When configfs_register_subsystem() or configfs_unregister_subsystem() is executing link_group() or unlink_group(), it is possible that two processes ad
- CVE-2022-48930Aug 22, 2024affected < 1-150500.11.3.2fixed 1-150500.11.3.2
In the Linux kernel, the following vulnerability has been resolved: RDMA/ib_srp: Fix a deadlock Remove the flush_workqueue(system_long_wq) call since flushing system_long_wq is deadlock-prone and since that call is redundant with a preceding cancel_work_sync()
- CVE-2022-48929Aug 22, 2024affected < 1-150500.11.3.2fixed 1-150500.11.3.2
In the Linux kernel, the following vulnerability has been resolved: bpf: Fix crash due to out of bounds access into reg2btf_ids. When commit e6ac2450d6de ("bpf: Support bpf program calling kernel function") added kfunc support, it defined reg2btf_ids as a cheap way to translate
Page 4 of 18