rpm package

suse/kernel-livepatch-SLE15-SP5_Update_21&distro=SUSE Linux Enterprise Live Patching 15 SP5

pkg:rpm/suse/kernel-livepatch-SLE15-SP5_Update_21&distro=SUSE%20Linux%20Enterprise%20Live%20Patching%2015%20SP5

Vulnerabilities (472)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2024-45016	Med	5.5	< 1-150500.11.5.1	1-150500.11.5.1	Sep 11, 2024	In the Linux kernel, the following vulnerability has been resolved: netem: fix return value if duplicate enqueue fails There is a bug in netem_enqueue() introduced by commit 5845f706388a ("net: netem: fix skb length BUG_ON in __skb_to_sgvec") that can lead to a use-after-free.
CVE-2024-45025		—	< 1-150500.11.5.1	1-150500.11.5.1	Sep 11, 2024	In the Linux kernel, the following vulnerability has been resolved: fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE copy_fd_bitmaps(new, old, count) is expected to copy the first count/BITS_PER_LONG bits from old->full_fds_bits[] and fill the rest with zeroes.
CVE-2023-52915		—	< 1-150500.11.5.1	1-150500.11.5.1	Sep 6, 2024	In the Linux kernel, the following vulnerability has been resolved: media: dvb-usb-v2: af9035: Fix null-ptr-deref in af9035_i2c_master_xfer In af9035_i2c_master_xfer, msg is controlled by user. When msg[i].buf is null and msg[i].len is zero, former checks on msg[i].buf would be
CVE-2024-44995		—	< 1-150500.11.5.1	1-150500.11.5.1	Sep 4, 2024	In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix a deadlock problem when config TC during resetting When config TC during the reset process, may cause a deadlock, the flow is as below: pf reset start
CVE-2024-44964		—	< 1-150500.11.5.1	1-150500.11.5.1	Sep 4, 2024	In the Linux kernel, the following vulnerability has been resolved: idpf: fix memory leaks and crashes while performing a soft reset The second tagged commit introduced a UAF, as it removed restoring q_vector->vport pointers after reinitializating the structures. This is due to
CVE-2024-44958		—	< 1-150500.11.5.1	1-150500.11.5.1	Sep 4, 2024	In the Linux kernel, the following vulnerability has been resolved: sched/smt: Fix unbalance sched_smt_present dec/inc I got the following warn report while doing stress test: jump label: negative count! WARNING: CPU: 3 PID: 38 at kernel/jump_label.c:263 static_key_slow_try_de
CVE-2024-44947		—	< 1-150500.11.5.1	1-150500.11.5.1	Sep 2, 2024	In the Linux kernel, the following vulnerability has been resolved: fuse: Initialize beyond-EOF page contents before setting uptodate fuse_notify_store(), unlike fuse_do_readpage(), does not enable page zeroing (because it can be used to change partial page contents). So fuse_
CVE-2024-44932		—	< 1-150500.11.5.1	1-150500.11.5.1	Aug 26, 2024	In the Linux kernel, the following vulnerability has been resolved: idpf: fix UAFs when destroying the queues The second tagged commit started sometimes (very rarely, but possible) throwing WARNs from net/core/page_pool.c:page_pool_disable_direct_recycling(). Turned out idpf fr
CVE-2024-44931		—	< 1-150500.11.5.1	1-150500.11.5.1	Aug 26, 2024	In the Linux kernel, the following vulnerability has been resolved: gpio: prevent potential speculation leaks in gpio_device_get_desc() Userspace may trigger a speculative read of an address outside the gpio descriptor array. Users can do that by calling gpio_ioctl() with an of
CVE-2024-43897		—	< 1-150500.11.5.1	1-150500.11.5.1	Aug 26, 2024	In the Linux kernel, the following vulnerability has been resolved: net: drop bad gso csum_start and offset in virtio_net_hdr Tighten csum_start and csum_offset checks in virtio_net_hdr_to_skb for GSO packets. The function already checks that a checksum requested with VIRTIO_N
CVE-2022-48879		—	< 1-150500.11.5.1	1-150500.11.5.1	Aug 21, 2024	In the Linux kernel, the following vulnerability has been resolved: efi: fix NULL-deref in init error path In cases where runtime services are not supported or have been disabled, the runtime services workqueue will never have been allocated. Do not try to destroy the workqueu
CVE-2024-43817		—	< 1-150500.11.5.1	1-150500.11.5.1	Aug 17, 2024	In the Linux kernel, the following vulnerability has been resolved: net: missing check virtio Two missing check in virtio_net_hdr_to_skb() allowed syzbot to crash kernels again 1. After the skb_segment function the buffer may become non-linear (nr_frags != 0), but since the SK
CVE-2024-42253		—	< 1-150500.11.5.1	1-150500.11.5.1	Aug 8, 2024	In the Linux kernel, the following vulnerability has been resolved: gpio: pca953x: fix pca953x_irq_bus_sync_unlock race Ensure that `i2c_lock' is held when setting interrupt latch and mask in pca953x_irq_bus_sync_unlock() in order to avoid races. The other (non-probe) call sit
CVE-2024-42145		—	< 1-150500.11.5.1	1-150500.11.5.1	Jul 30, 2024	In the Linux kernel, the following vulnerability has been resolved: IB/core: Implement a limit on UMAD receive List The existing behavior of ib_umad, which maintains received MAD packets in an unbounded list, poses a risk of uncontrolled growth. As user-space applications extra
CVE-2024-42131		—	< 1-150500.11.5.1	1-150500.11.5.1	Jul 30, 2024	In the Linux kernel, the following vulnerability has been resolved: mm: avoid overflows in dirty throttling logic The dirty throttling logic is interspersed with assumptions that dirty limits in PAGE_SIZE units fit into 32-bit (so that various multiplications fit into 64-bits).
CVE-2024-41049		—	< 1-150500.11.5.1	1-150500.11.5.1	Jul 29, 2024	In the Linux kernel, the following vulnerability has been resolved: filelock: fix potential use-after-free in posix_lock_inode Light Hsieh reported a KASAN UAF warning in trace_posix_lock_inode(). The request pointer had been changed earlier to point to a lock entry that was ad
CVE-2024-41023		—	< 1-150500.11.5.1	1-150500.11.5.1	Jul 29, 2024	In the Linux kernel, the following vulnerability has been resolved: sched/deadline: Fix task_struct reference leak During the execution of the following stress test with linux-rt: stress-ng --cyclic 30 --timeout 30 --minimize --quiet kmemleak frequently reported a memory leak
CVE-2024-41016	Med	5.5	< 1-150500.11.5.1	1-150500.11.5.1	Jul 29, 2024	In the Linux kernel, the following vulnerability has been resolved: ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry() xattr in ocfs2 maybe 'non-indexed', which saved with additional space requested. It's better to check if the memory is out of bound before me
CVE-2024-40997		—	< 1-150500.11.5.1	1-150500.11.5.1	Jul 12, 2024	In the Linux kernel, the following vulnerability has been resolved: cpufreq: amd-pstate: fix memory leak on CPU EPP exit The cpudata memory from kzalloc() in amd_pstate_epp_cpu_init() is not freed in the analogous exit function, so fix that. [ rjw: Subject and changelog edits
CVE-2024-40965		—	< 1-150500.11.5.1	1-150500.11.5.1	Jul 12, 2024	In the Linux kernel, the following vulnerability has been resolved: i2c: lpi2c: Avoid calling clk_get_rate during transfer Instead of repeatedly calling clk_get_rate for each transfer, lock the clock rate and cache the value. A deadlock has been observed while adding tlv320aic3

CVE-2024-45016MedSep 11, 2024
affected < 1-150500.11.5.1fixed 1-150500.11.5.1
In the Linux kernel, the following vulnerability has been resolved: netem: fix return value if duplicate enqueue fails There is a bug in netem_enqueue() introduced by commit 5845f706388a ("net: netem: fix skb length BUG_ON in __skb_to_sgvec") that can lead to a use-after-free.
CVE-2024-45025Sep 11, 2024
affected < 1-150500.11.5.1fixed 1-150500.11.5.1
In the Linux kernel, the following vulnerability has been resolved: fix bitmap corruption on close_range() with CLOSE_RANGE_UNSHARE copy_fd_bitmaps(new, old, count) is expected to copy the first count/BITS_PER_LONG bits from old->full_fds_bits[] and fill the rest with zeroes.
CVE-2023-52915Sep 6, 2024
affected < 1-150500.11.5.1fixed 1-150500.11.5.1
In the Linux kernel, the following vulnerability has been resolved: media: dvb-usb-v2: af9035: Fix null-ptr-deref in af9035_i2c_master_xfer In af9035_i2c_master_xfer, msg is controlled by user. When msg[i].buf is null and msg[i].len is zero, former checks on msg[i].buf would be
CVE-2024-44995Sep 4, 2024
affected < 1-150500.11.5.1fixed 1-150500.11.5.1
In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix a deadlock problem when config TC during resetting When config TC during the reset process, may cause a deadlock, the flow is as below: pf reset start
CVE-2024-44964Sep 4, 2024
affected < 1-150500.11.5.1fixed 1-150500.11.5.1
In the Linux kernel, the following vulnerability has been resolved: idpf: fix memory leaks and crashes while performing a soft reset The second tagged commit introduced a UAF, as it removed restoring q_vector->vport pointers after reinitializating the structures. This is due to
CVE-2024-44958Sep 4, 2024
affected < 1-150500.11.5.1fixed 1-150500.11.5.1
In the Linux kernel, the following vulnerability has been resolved: sched/smt: Fix unbalance sched_smt_present dec/inc I got the following warn report while doing stress test: jump label: negative count! WARNING: CPU: 3 PID: 38 at kernel/jump_label.c:263 static_key_slow_try_de
CVE-2024-44947Sep 2, 2024
affected < 1-150500.11.5.1fixed 1-150500.11.5.1
In the Linux kernel, the following vulnerability has been resolved: fuse: Initialize beyond-EOF page contents before setting uptodate fuse_notify_store(), unlike fuse_do_readpage(), does not enable page zeroing (because it can be used to change partial page contents). So fuse_
CVE-2024-44932Aug 26, 2024
affected < 1-150500.11.5.1fixed 1-150500.11.5.1
In the Linux kernel, the following vulnerability has been resolved: idpf: fix UAFs when destroying the queues The second tagged commit started sometimes (very rarely, but possible) throwing WARNs from net/core/page_pool.c:page_pool_disable_direct_recycling(). Turned out idpf fr
CVE-2024-44931Aug 26, 2024
affected < 1-150500.11.5.1fixed 1-150500.11.5.1
In the Linux kernel, the following vulnerability has been resolved: gpio: prevent potential speculation leaks in gpio_device_get_desc() Userspace may trigger a speculative read of an address outside the gpio descriptor array. Users can do that by calling gpio_ioctl() with an of
CVE-2024-43897Aug 26, 2024
affected < 1-150500.11.5.1fixed 1-150500.11.5.1
In the Linux kernel, the following vulnerability has been resolved: net: drop bad gso csum_start and offset in virtio_net_hdr Tighten csum_start and csum_offset checks in virtio_net_hdr_to_skb for GSO packets. The function already checks that a checksum requested with VIRTIO_N
CVE-2022-48879Aug 21, 2024
affected < 1-150500.11.5.1fixed 1-150500.11.5.1
In the Linux kernel, the following vulnerability has been resolved: efi: fix NULL-deref in init error path In cases where runtime services are not supported or have been disabled, the runtime services workqueue will never have been allocated. Do not try to destroy the workqueu
CVE-2024-43817Aug 17, 2024
affected < 1-150500.11.5.1fixed 1-150500.11.5.1
In the Linux kernel, the following vulnerability has been resolved: net: missing check virtio Two missing check in virtio_net_hdr_to_skb() allowed syzbot to crash kernels again 1. After the skb_segment function the buffer may become non-linear (nr_frags != 0), but since the SK
CVE-2024-42253Aug 8, 2024
affected < 1-150500.11.5.1fixed 1-150500.11.5.1
In the Linux kernel, the following vulnerability has been resolved: gpio: pca953x: fix pca953x_irq_bus_sync_unlock race Ensure that `i2c_lock' is held when setting interrupt latch and mask in pca953x_irq_bus_sync_unlock() in order to avoid races. The other (non-probe) call sit
CVE-2024-42145Jul 30, 2024
affected < 1-150500.11.5.1fixed 1-150500.11.5.1
In the Linux kernel, the following vulnerability has been resolved: IB/core: Implement a limit on UMAD receive List The existing behavior of ib_umad, which maintains received MAD packets in an unbounded list, poses a risk of uncontrolled growth. As user-space applications extra
CVE-2024-42131Jul 30, 2024
affected < 1-150500.11.5.1fixed 1-150500.11.5.1
In the Linux kernel, the following vulnerability has been resolved: mm: avoid overflows in dirty throttling logic The dirty throttling logic is interspersed with assumptions that dirty limits in PAGE_SIZE units fit into 32-bit (so that various multiplications fit into 64-bits).
CVE-2024-41049Jul 29, 2024
affected < 1-150500.11.5.1fixed 1-150500.11.5.1
In the Linux kernel, the following vulnerability has been resolved: filelock: fix potential use-after-free in posix_lock_inode Light Hsieh reported a KASAN UAF warning in trace_posix_lock_inode(). The request pointer had been changed earlier to point to a lock entry that was ad
CVE-2024-41023Jul 29, 2024
affected < 1-150500.11.5.1fixed 1-150500.11.5.1
In the Linux kernel, the following vulnerability has been resolved: sched/deadline: Fix task_struct reference leak During the execution of the following stress test with linux-rt: stress-ng --cyclic 30 --timeout 30 --minimize --quiet kmemleak frequently reported a memory leak
CVE-2024-41016MedJul 29, 2024
affected < 1-150500.11.5.1fixed 1-150500.11.5.1
In the Linux kernel, the following vulnerability has been resolved: ocfs2: strict bound check before memcmp in ocfs2_xattr_find_entry() xattr in ocfs2 maybe 'non-indexed', which saved with additional space requested. It's better to check if the memory is out of bound before me
CVE-2024-40997Jul 12, 2024
affected < 1-150500.11.5.1fixed 1-150500.11.5.1
In the Linux kernel, the following vulnerability has been resolved: cpufreq: amd-pstate: fix memory leak on CPU EPP exit The cpudata memory from kzalloc() in amd_pstate_epp_cpu_init() is not freed in the analogous exit function, so fix that. [ rjw: Subject and changelog edits
CVE-2024-40965Jul 12, 2024
affected < 1-150500.11.5.1fixed 1-150500.11.5.1
In the Linux kernel, the following vulnerability has been resolved: i2c: lpi2c: Avoid calling clk_get_rate during transfer Instead of repeatedly calling clk_get_rate for each transfer, lock the clock rate and cache the value. A deadlock has been observed while adding tlv320aic3

Page 22 of 24